Big hacks that defined cybersecurity in 2022
With each passing year, the list of companies suffering from data breaches continues to grow. In 2022, high-profile hacks seemed to come out of the woodwork on a regular basis.
Hacks were not limited to just one sector. The range of companies affected included retail, government, manufacturing, healthcare, finance and many more.
These incidents were often made possible by poor security practices that hackers could take advantage of.
That was the case when Uber and Ronin were hacked last year. Both firms failed to keep a close eye on the people who had access to their systems and data.
“For many businesses, 2022 saw cyber attacks along with hardware failure and human error as the most common causes of data loss,” said Jake Peters, secops manager at cloud service provider M247. Verdict.
It is not only the number of breaches that grew in 2022, the global average cost of their caused losses also increased.
The global average cost of a data breach increased by 2.6% from $4.24 million in 2021 to $4.35 million in 2022. This is the highest it has ever been, according to IBM Security’s The cost of a data breach report.
Of course, the financial cost has a significant impact on even the largest companies; but loss of reputation, legal liability and consumer trust are what are really affected by a data breach.
With that in mind, let’s look at some of the biggest hacks from last year to hopefully learn something from them.
Uber, the car and food delivery giant, suffered two high-profile data breaches last year.
The first occurred in mid-September when a hacker announced in the company’s Slack community: “I’m a hacker and Uber has suffered a data breach.”
The alleged hacker claimed they had access to several of Uber’s databases, including the messaging data.
This forced the company to shut down all internal messaging and engineering systems, including Slack and Google Cloud Platform.
Just three months later, Uber was compromised again where a hacker calling itself “UberLeaks” gained access to the data of over 70,000 Uber employees.
That’s what a spokesperson for Uber says Bleeping Computer that the files “are related to an incident at a third-party vendor and are not related to our security incident in September.”
UberLeaks posted four packages of data on Breach Forums, which it claimed contained source code information for MDM platforms associated with the company. The hacker alleged that the leaked data contained MDM platforms for both Uber and Uber Eats, as well as a number of third-party provider services, including IT management company Teqtvity and corporate card platform TripActions, Cyber Security Hub reported.
However, Uber and TripActions denied hackers access to their internal systems. Speaking to BleepingComputer, TripActions claimed that “no TripActions data was exposed … nor were TripActions’ customers impacted as part of this security incident, as “TripActions does not maintain an MDM”.
In the series of posts on BreachedForums, UberLeaks alleged that the infamous Lapsus$ hacking gang was responsible for the breach, which carried out a hack into Uber’s internal systems back in September.
Lapsus$ is known to gain access to companies by targeting employees through social engineering attacks – they are categorized by Microsoft as DEV-0537.
Lapsus$ “constantly announces its attacks on social media or announces its intention to purchase credentials from employees of target organizations,” according to Microsoft.
Uber has denied claims that Lapsus$ was behind the second infiltration of the year.
Garry Veale, regional director for UK and Ireland at Vectra, said Verdict: “The increasing risk of third-party threats can be linked to modern large organizations that are constantly expanding IT environments, which typically contain a huge hybrid network consisting of cloud, infrastructure and devices that go far beyond the traditional perimeter.
“With each new vendor added to the ecosystem, the attack surface that an organization faces grows.”
The Ronin Network, a sidechain linked to the blockchain game Axie Infinity, was breached by hackers who managed to make off with 173,600 Ethereum and $25.5 million. The proceeds of the laptop thieves amounted to a whopping $615 million in stolen funds.
Axie Infinity is one of the most popular crypto games in the world, with nearly three million monthly active players and a huge market cap of well over $4 billion.
The game is built on the Ronin network, an Ethereum-connected sidechain that was developed by Sky Mavis studio, which also developed the game.
The massive hack took place on the Ronin bridge, which acts as a bridge for users to deposit assets from elsewhere into Ronin as well as withdraw their money.
In one of the biggest hacks of the year, the attacker was able to take advantage of how the Ronin Network validates transactions to get millions of money.
“Sky Mavis’ Ronin chain currently consists of nine validator nodes, Ronin Network explained the breach in a blog post. “To recognize a deposit event or a withdrawal event, five of the nine validator signatures are needed. The attacker was able to gain control of Sky Mavis’ four Ronin validators and a third-party validator powered by Axie DAO.”
That left the attacker only needing one more key to have full access to any transaction they want to make, so they shifted their attention elsewhere. Cybercriminals apparently found one backdoor through Ronin’s gasless RPC node, which they abused to obtain the signature of the Axie DAO validator.”
It was revealed that the Axie DAO validator, the gateway that holds the remaining five keys, gave the keys to Sky Mavis for transactions to be authorized faster. They reported that Axie DAO took the keys back, but the keys were never actually deleted from the Sky Mavis server.
This allowed the attacker to claim all the keys needed to make fake withdrawals.
In two huge transactions, the attacker forged fake withdrawals and validated them with stolen keys, taking almost all of the company’s funds.
“Major companies, including the likes of Uber and Ronin, faced significant hacks last year. In both cases, the data security (or lack thereof) was flawed,” Peters said Verdict.
“In particular, both firms failed to monitor the individuals and organizations who had access to their systems and what they shared.
“Incidents like these were on the rise in 2022, where hackers found holes in vulnerable systems.
“The key to avoiding such incidents is understanding where a company’s data is stored, how secure it is, and who has permission to access what.”
Australian health insurer Medibank faced a major data breach in October that affected 9.7 million current and former customers.
The hacker gained access to all Medibank, its health insurance division ahm and international customers’ personal data, as well as a significant amount of health claims data.
This personal information included customers’ name, address, date of birth, along with their Medicare card number in some cases.
The notorious Russian REvil gang, linked to several other high-profile data breaches over the years, began publishing the stolen records in November 2022.
Hackers had previously attempted to demand a ransom from Medibank, but began releasing the data after the company refused to pay.
“We believe there is only a limited chance that paying the ransom will secure the return of our customer data and prevent it from being published,” a Medibank spokesperson said at the time.
It is understood that health claims for around 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers were opened.
This included names of service providers and even diagnosis and procedures.
It is also understood that the leaked data included the names of high-profile Medibank customers, such as government lawmakers in Australia, including the Prime Minister, Anthony Albanese, Guardian reported.
“It’s clear that the extortion attacks that hit Medibank and the Los Angeles Unified School District (LAUSD) were considered lucrative, and the attackers’ success indicates that there simply weren’t enough protections in place to stop them,” Dave Waterson, CEO director of the security service. the company SentryBay told Verdict.
The attackers released what appeared to be the rest of the customer data obtained from the health insurer in early December.
Along with several compressed files over 5GB, the blog posted “Happy Cyber Security Day!!! Added folder full. Case closed.”
Crypto.com is one of the most well-known cryptocurrency exchanges in the world, with an instantly recognizable name and high-profile endorsers such as actor Matt Damon.
It has also pulled several stunts to boost its brand, such as buying the name right for the LA Lakers’ home arena and running ads during the Super Bowl.
Perhaps unsurprisingly, 483 of its users were hit in a major hack last year that led to unauthorized withdrawals worth up to $35 million.
The hackers took large amounts of bitcoin and ether from customers using the exchange.
“On January 17, 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts,” Cyrpto.com wrote in a post at the time.
“Crypto.com immediately suspended withdrawals for all tokens to initiate an investigation and worked around the clock to resolve the issue. No customers experienced loss of funds. In most cases we prevented unauthorized withdrawals, and in all other cases customers received full reimbursement.”
The company announced that it saw more accounts accepting its second factor for single-user authentication. This led to the company investigating further, and put all withdrawals across the exchange on hold for 14 hours.
As a security measure, all customers were asked to log in again and go through a new two-factor authentication process. The company also added a new feature that notifies users when a new address is added to their payee account and gives them 24 hours to cancel any payment if they don’t recognize it.
While it investigated, Crypto.com put all withdrawals on hold. It then required all customers to log in again and go through a new two-factor authentication process.
“Identity remains a popular vector for threat actors seeking efficient and rapid entry points into businesses,” said David Higgins, senior director of identity security company CyberArks Field Technology Office. Verdict.
“And many have woken up to the fact that ‘machine identities,’ rather than ‘human,’ are often a productive goal.
“That’s because there are 45 machine identities for every human, which means there are far more of them to defend.”
GlobalData is the parent company of Verdict and its sister publications.