The Biggest Cyberattacks of 2022
2022 in Review
2022 was another busy year for the world’s cybersecurity professionals. Over the last 12 months, the industry witnessed threat actors combine some of the old with some of the new. There was an uptick in newer tactics, such as the use of cyber warfare in the Russian invasion of Ukraine and sophisticated attacks targeting cryptocurrency. Additionally, hackers also showcased the “tried and true” methods of exploiting victims, as shown in the relentless data breaches targeting corporate giants such as Apple, Meta, and Twitter. Businesses and governments continued to face security risks such as supply chain and cloud vulnerabilities, ransomware, phishing, and insider threats.
What specific trends did we see in 2022? Here are some notable statistics to show this year’s patterns in cybersecurity:
In the first half of 2022, approximately 236.1 million ransomware attacks were reported globally. (AAG IT)
82% of breaches in 2022 involved human factors, such as errors, data misuse, and social engineering. (Verizon)
43% of all breaches originate from insider threats, either via malicious intent or negligence. (Proofpoint)
82% of CIOs believe their software supply chains are vulnerable. (Venafi)
Let’s take a deeper look at some of this year’s most noteworthy cyberattacks, their consequences, and who was responsible.
Major Attacks & Breaches This Year
Russian Cyber Warfare in Ukraine
Date of attack: February – present
Overview: In coordination with Russia’s invasion of eastern Ukraine earlier this year, hackers launched a series of cyberattacks against Ukrainian business and government agencies. Russian threat actors executed denial of service (DoS) and malware attacks, took down major Ukrainian websites, and spread disinformation and propaganda. The dual nature of the Russian attacks demonstrates an important shift in modern warfare, one that is characterized by simultaneous kinetic and cyberattacks.
Responsible parties: Russian government
LAPSUS$ Group Extortion
Date of attack: December 2021 – March 2022
Overview: This year began with headlines focusing on LAPSUS$ Group, an international hacking group. LAPSUS$ stole source code and other data from several high-profile targets, including Nvidia, T-Mobile, Microsoft, and Okta. The group was known for phishing and other living off the land (LOTL) techniques to compromise systems. However, the LAPSUS$ chapter closed almost as quickly as the group’s rise to prominence. In March 2022, the British police arrested 7 suspected members of LAPSUS$ and the group has remained largely inactive.
Responsible parties: LAPSUS$ Group
Costa Rican Government Breach
Date of attack: April 2022
Overview: Shortly after Costa Rican President Rodrigo Chaves took office, the federal government was targeted in a massive ransomware attack. The breach, which paralyzed the government’s digital infrastructure, prompted Chaves to declare a state of national cybersecurity emergency. Conti, a notorious Russian ransomware gang that orchestrated the attack, ordered the Costa Rican government to pay a ransom of $20 million. When Costa Rica refused to comply, the hackers posted 670 GB (approximately 97% of the stolen data) to a leak site.
Responsible parties: Conti ransomware gang
Ronin Bridge Attack
Date of attack: March 2022
Overview: On March 23, 2022, sophisticated hackers stole approximately $615 million worth of Ethereum and USDC cryptocurrency from the Ronin blockchain. Ronin is a global blockchain platform specializing in crypto mining. One month later, US Treasury officials and blockchain analytics companies confirmed that the heist was executed by Lazarus Group, a North Korean advanced persistent threat (APT) group. This attack demonstrates the growing prevalence of cybercriminals targeting vulnerabilities in cryptocurrency platforms.
Responsible parties: Lazarus Group
Uber Coverup & Subsequent Breach
Date of attack: July – September 2022
Overview: In July 2022, Uber admitted to suppressing the disclosure of a 2016 breach. The company paid the hackers $100,000 to avoid disclosing the breach, which affected 57 million users. As a result, former Uber CSO Joe Sullivan was convicted on federal charges due to his actions. This case represents the first instance of an executive brought to trial over an external breach. Uber was targeted again in September 2022, when hackers exploited an internal Slack account and sent messages confirming the intrusion.
Responsible parties (2016 attack): Vasile Mereacre (Canadian citizen) & Brandon Glover (US citizen)
Responsible parties (2022 attack): Unknown
Predictions for 2023
This past year demonstrated how cyberattacks can arise from misconfigurations, vulnerabilities, and human error just as much as they arise from foreign adversaries and sophisticated, stealthy criminals. The events of 2022 show the increasing importance of user education and awareness, network segmentation, and enforcing the principle of least privilege.
Looking forward to 2023, the world can expect many of the same trends as observed this past year. Here are some of the primary risks we anticipate over the next 12 months:
Ransomware will continue to be a threat to businesses and governments worldwide.
There will likely be an uptick in intrusions targeting cryptocurrency, cloud, and mobile environments.
The increased prevalence of mis/disinformation campaigns and cyberattacks targeting high-profile individuals is expected, given that 70 countries will be holding elections in 2023.
Despite notable efforts to increase regulation and prosecution of cybercrimes, the rate of attacks and intrusions will continue to severely outpace law enforcement investigations.
The projected economic decline in 2023 will likely facilitate more financially motivated cybercrimes and scams.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 22-02304-6.©2022 The MITRE Corporation. ALL RIGHTS RESERVED.