Top 10 Hacks and Cyber ​​Security Threats of 2022

Top 10 Hacks and Cyber ​​Security Threats of 2022

Cybercrime is an ever-evolving problem, with an estimated cost of US$10 billion by 2025. In 2021, there were more than 4,100 publicly disclosed data breaches, which equates to approximately 22 billion records exposed. The figures for 2022 are expected to at least match this, if not exceed it by as much as five percent.

Cyber ​​Security Hub is dedicated to delivering the latest news from the cyber security sector. With that in mind, here are the news stories detailing the threat vectors, cyberattacks and data breaches that have had the biggest impact on readers over the past 12 months.

10. Social engineering “most dangerous” threat, say 75 percent of security personnel

In May Cyber ​​Security Hub research revealed that three out of four cybersecurity experts considered social engineering or phishing attacks to be the “most dangerous” threat to cybersecurity at their companies.

The research, which was carried out for CS Hub Mid-Year Market Report 2022also found that other top threats included supply chain/third-party risk (cited by 36 percent of respondents) and lack of cybersecurity expertise (cited by 30 percent of respondents).

Discover more about the concern surrounding social engineering attacks in our August 2022 analysis.

9. Meta fires employees for allegedly hacking user accounts

The 17th of November 2022 was The Wall Street Journal broke the news that 12 Meta employees had either been disciplined or fired for violating Facebook’s terms of use and hijacking user accounts.

The employees, some of whom were contractors employed as security guards at the tech company’s offices, had used a highly regulated internal access tool referred to as ‘OOps’ to reset access to Facebook accounts. One employee was fired following allegations that they used OOps to fraudulently allow hackers to access multiple Facebook accounts in exchange for thousands of dollars worth of Bitcoin.

See also  Wolves 1-0 Leeds United: Boubacar Traore's strike sees the hosts through to the Carabao Cup fourth round

Read about the consequences for those who abuse access to the account recovery tools in our latest news report.

8. Dropbox suffers data breach after phishing attack

On October 14, 2022, a malicious actor gained access to 130 of the company’s source code repositories after the employees were targeted by a phishing attack.

The attack saw a malicious actor posing as code integration and delivery platform CircleCI in order to collect login information and authentication codes from employees. It also gained access to Dropbox’s account on the code repository site GitHub, as CircleCI credentials can be used to access Github.

Throughout the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by developers.

Find out more about how phishing attacks happen in our guide to social engineering.

7. Google Blocks ‘Biggest Ever’ DDoS Cyber ​​Attack

Google reported that it had blocked the “largest” DDoS (Distributed Denial of Service) attack ever, which peaked at 46 million requests per second (rps) on June 1.

The attack targeted a Google Cloud Armor user using HTTPS for a duration of 69 minutes and had 5,256 source IPs from 132 countries contributing to it. Google reported that the attack was the largest Layer 7 DDoS attack reported to date and was 76 percent larger than the previous record.

In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical manager, both at Google, noted that the attack was akin to “receiving all daily requests to Wikipedia … in just 10 seconds”.

Learn more about DDoS attacks in this piece from earlier this year.

6. Kaspersky Antivirus added to US Security Risk List

The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) amended their list of foreign IT providers that “pose an unacceptable risk to national security or the safety and security of US persons” on March 25.

The change added Kapersky Antivirus, a digital security company previously ranked by Gartner as the third largest vendor of consumer IT products and the fifth largest vendor of enterprise IT products. Two Chinese-owned companies, China Mobile International and China Telecom Corp, were also added.

See also  Professor Nick Canepa grades the Chargers for the first half

FCC Commissioner Brendan Carr said the companies were added to the list to “help ensure [US] network against threats from Chinese and Russian state-sponsored entities seeking to engage in espionage and otherwise harm US interests.”

Find out more about Kaspersky’s response to the change and the impact of the blacklist.

5. Twitter confirms that data from 5.4 million accounts has been stolen

On July 27 Cyber ​​Security Hub reported that a hacker who goes by the alias “devil” claimed to have the details of 5.4 million Twitter accounts for sale.

The hacker said they had harvested the information using a vulnerability previously flagged to Twitter on January 1, 2022.

Twitter confirmed the breach on August 5, and suggested that in the future users should enable two-factor authentication to protect their accounts from unauthorized logins.

Read more about how the hacker managed to exploit the vulnerability and the accounts affected by the data breach.

4. Suspected Grand Theft Auto 6 hacker arrested by British police

Rockstar Games, the developer of the popular Grand Theft Auto (GTA) game series, suffered a data breach on September 19, 2022, after an unauthorized party gained access to the company’s Slack channel.

From there, the hacker downloaded and leaked previously unseen assets and clips from the yet-to-be-released GTA 6 game to a fan forum. Although initially believed to be a hoax, quick involvement from both Rockstar Games and the authorities confirmed that the clips were real.

A 17-year-old from Oxfordshire known only as AK was later arrested by City of London police, allegedly not only in connection with the hack, but for hacking against Uber and Microsoft from earlier in 2022.

Learn more about the alleged hacker and his multiple attacks in this September news post.

3. Google announces its acquisition of Mandiant

Google announced its plans to acquire cybersecurity firm Mandiant for more than $5 billion on March 8, 2022, in a move designed to bolster its internal cybersecurity resources.

The $5.4 billion purchase was Google’s second most expensive deal in history, second only to the $12.5 billion purchase of Motorola Mobility in 2012.

The plans to merge Google and Mandiant’s cloud offerings, as well as the size of the deal, led to speculation about what its impact might be for the cybersecurity sector at large. Cybersecurity experts noted that it could signal a shift in the cloud landscape, with cloud providers increasing investment in security and consulting services.

See also  Meet Cybercriminals in 2022 • TechCrunch

Learn more about the merger and its impact on the cybersecurity sector in this March post.

2. Samsung hit with class action after data breach

At the end of July 2022, an unauthorized party gained access to the internal servers of the technology giant Samsung’s American customers. Samsung warned customers about the data breach on August 4, after an internal investigation confirmed that the malicious party had accessed customers’ personal information.

Just over a month later, a class action lawsuit was filed by a Samsung customer who was affected by the breach. Shelby Harmer filed the lawsuit in the US District Court for Nevada on September 6 “on behalf of Samsung customers whose personally identifiable information was stolen by cybercriminals”.

The lawsuit claimed that Samsung had not only failed its customers by not reporting the breach in time, but also by failing to secure their personal information in the first place.

Learn more about the lawsuit and allegations in this September update.

1. More than 1.2 million credit card numbers leaked on hacking forum

Card marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually for large sums of money. On October 12, 2022, card marketplace BidenCash released the details of 1,221,551 credit cards for free.

A file posted on the website contained the information for more than 1.2 million credit cards expiring between 2023 and 2026, as well as other details needed to make transactions online.

BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. Since the karting market had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested that this new release of details could be another attempt at advertising.

Discover how BidenCash gained access to 1.2 million credit card details in our October coverage.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *