The Biggest Cyberattacks and Hacks of 2022!

Adithya Thatipalli
6 min readDec 28, 2022

--

We have come to an end of 2022 and its time to lookback and see some of the biggest cyberattacks and breaches of 2022.

By 2025, cybercrime is predicted to cost US$10trn, and in 2021 alone over 4,100 data breaches were reported. This adds up to an astounding 22 billion records exposed.

Some of the Interesting facts which should focus on the amount of data we are dealing with

The global average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 — the highest it’s been in the history of IBM Security’s “The Cost of a Data Breach Report.”

More than 4,100 publicly disclosed data breaches occurred in 2022 equating to approximately 22 billion records being exposed.

These were chosen based not necessarily on data size, but also on financial or privacy impact as well.

Lapsus$ Group

In 2022 alone, this hacking group attacked Microsoft, Cisco, Samsung, Nvidia, Okta, Rockstar Games, and Uber, each time using similar techniques to gain access to systems.

Uber’s breach highlighted that two-factor authentication (2FA) isn’t a guarantee of security, as the attackers gained access through a compromised device owned by a contractor whose credentials had been stolen. The contractor experienced ‘2FA code notification fatigue’ due to multiple attempts to log into their account and accepted one of the requests.

Microsoft, Bing, Bing Maps, and Cortana were infiltrated with source code from Samsung and Nvidia being leaked too. To combat such threats, organizations should provide employees with phishing-resistant methods like hardware keys or passkeys for improved security.

Vice Society Ransomware Attack

The Los Angeles Unified School District, the second largest school district in the USA, encountered a ransomware attack this year at the hands of the Russian-speaking Vice Society hacking group.

The hackers demanded a ransom, but LAUSD officials declined to pay it, instead insisting that any funds should be allocated towards students and education programs.

When their extortion was ignored, they exposed over 300K files amounting to 500 GB’s worth of data including personally identifiable information such as passports, social security numbers and psychological assessments for students.

As LAUSD encompasses more than 1000 schools with 600K students in its district boundaries, this massive cyberattack has impacted a tremendous number of minors.

Optus Attack

In September, Australia’s second-largest mobile operator, Optus, disclosed the security breach, saying an attacker “might” have had access to customer data. That included names, dates of birth, phone numbers, physical and email addresses, driver’s licenses, and passport Numbers. In total, this affected 11 million customers of the telecommunications giant.

The attacker mentioned that an unsecured API endpoint had been employed to steal the data, and as a result a sample of it was posted on a hacking forum with a $1 million USD ransom attached. Optus didn’t reply to the demand. Nevertheless, 10,000 customers had their info leaked on the forum without charge; which led to them receiving phishing and ransom messages. The Australian Federal Police initiated an operation to find out who was responsible; at which point someone on the forum said they wouldn’t be selling any of the data due to law enforcement interest in them. Despite this, 2.1 million customers were still affected by the leak — having at least one form of identification number exposed — while another 7.7 million faced emails, phone numbers and dates of birth being revealed.

Red Cross Ransomware Attack

The International Committee of the Red Cross (ICRC) declared a data breach, likely caused by state-sponsored hackers, that endangered more than 515,000 people. The intrusion initially happened in late 2021 but was only revealed in 2022 when further details were uncovered. It was estimated that the attackers had access to the servers for around 70 days before being spotted. This breach was attributed to an unpatched, high-risk vulnerability found in a single sign-on tool called Zoho which the organization employed.

Attackers were able to gain a foothold on their servers, where web shells and exploitation activities happened, allowing them to steal admin creds and exfiltrate data.

People affected were in the Restoring Family Links program, which reconnects missing people and children to their families after being separated due to war or violence. Data like names, locations, and more were impacted.

WormHole Defi

The Defi platform Wormhole was attacked way back in February and an attacker stole about $325 million worth of cryptocurrency. It happened due to an update that occurred on the project’s GitHub repository in which a known vulnerability update had not yet been applied to production code but was uploaded to the GitHub account.

On the 2nd, Wormhole experienced an attack that enabled the attacker to mint Ethereum valued at $325 million on the Solana blockchain. The same day, Wormhole posted about it and took their network offline for a short period for “maintenance”. To recover funds, they offered a bounty of $10 million to return them, which caused a 10% drop in the value of Solana cryptocurrency. Wormhole also added more Ethereum to replace collateral funds 1:1. This was only second largest Defi hack up to 2022; however, it had an impact on vulnerable people, so I have included it as one of my biggest hacks.

Dropbox suffers data breach following phishing attack

On October 14, 2022, a malicious actor gained access to 130 of the company’s source code repositories after its employees were targeted by a phishing attack.

The attack saw a malicious actor pose as code integration and delivery platform CircleCI in order to harvest login credentials and authentication codes from employees. It also gained access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.

Throughout the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by its developers.

Google blocks “largest ever” web DDoS attack

On June 1, Google thwarted the biggest distributed denial of service (DDoS) attack ever registered, with a peak intensity of 46 million requests per second (rps). According to Google, this Layer 7 attack lasted 69 minutes and was 76% bigger than any other before it. Additionally, 5,256 source IPs from 132 countries collaborated in the attack targeting a customer using HTTPS on Google Cloud Armor.

In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia…in just 10 seconds”.

More than 1.2 million credit card numbers leaked on hacking forum

On October 12, 2022, BidenCash — a carding marketplace — released the details of 1.2 million credit cards expiring from 2023 to 2026 for free. This was in addition to other information necessary for online transactions.

In June of the same year, BidenCash had already leaked thousands of similar records as a form of advertisement. Considering that it was forced to launch new URLs after suffering multiple DDoS attacks three months later in September, some cyber security experts speculated this could be another promotional effort by the marketplace.

Twitter Data Breach

On November 23, 2022, Los Angeles-based cyber security expert Chad Loder tweeted a warning about a data breach at social media site Twitter that had allegedly affected “millions” across the US and EU.

Loder claimed the data breach occurred “no earlier than 2021” and “has been reported before”. Twitter had previously confirmed a data breach that affected millions of user accounts in July 2022.

Twitter suffered a data breach that affected 5.4 million accounts, including phone numbers and email addresses. According to several reports, a Twitter API vulnerability was disclosed in a bug bounty program that allowed people to submit phone numbers and email addresses into the API to retrieve the associated Twitter ID.

These are some of the biggest events happened in this year. While we have many more incidents occurred and which are not covered in this article.

Thanks for reading :)

--

--

Adithya Thatipalli

Security Engineer by Day, Cloud and Blockchain Learner during Night