The worst cyber attacks of 2022 (so far)

By NTT Security Holdings

September 9, 2022 | Cyber Threats

Home / Blog / Cyber Threats / The worst cyber attacks of 2022 (so far)

Cybersecurity has been put through its paces so far in 2022.

From ransomware to data breaches, businesses and individuals have suffered some of the worst cyber attacks in history — and we’re only in Q3! The first six months of the year brought several high-profile cyber attacks that have left companies and consumers reeling.

Below we round up some of the worst attacks and trends in the industries being targeted by hackers in 2022.

The continued cyber conflict between Russia and Ukraine

Russia has been engaged in digital warfare against Ukraine since 2014. The campaign has involved a variety of cyber attacks, including ransomware, data breaches, DDoS, and defacements of government websites.

The impact on Ukraine has been financial and logistical, causing economic damage and disrupting vital services like healthcare and transportation. The attacks intensified at the beginning of 2022 and many Ukrainians were prevented from accessing basic services thanks to these incidents. It’s also worth mentioning that the attacks have spilled outside of Ukraine with collateral damage affecting other countries, for example: The Viasat attack.

The US Cyber Command has reported 20 new strains of malware found to be targeting Ukrainian systems in 2022.

State of emergency in Costa Rica

In May 2022, hackers managed to obtain access to, and restrict access to, Costa Rica’s Ministry of Finance files — documents that are needed for pensions, taxes, exports, and paying government employees. This was the largest data breach in Costa Rican history and it caused significant damage to the country's economy.

As Costa Rica’s government refused to pay the ransom demanded by the hacker group, Conti went ahead and published the stolen information on its site as punishment — and likely a warning to those who avoid paying ransoms. The hackers have stated that "Costa Rica is a demo version," and that more serious assaults will follow.

The Costa Rican government responded to the breach by declaring a state of emergency. However, other countries will likely be targeted by hackers in the future, as cybercrime continues to increase.

2022 has seen several data theft incidents at healthcare organizations

The healthcare industry has been a prime target for ransomware attacks in recent years. In fact, our 2022 Global Threat Intelligence Report found that 7% of all ransomware incidents were aimed at the healthcare sector. This is likely because healthcare organizations hold a large amount of sensitive data, which can be used to blackmail them into paying ransom payments.

The Baton Rouge General Medical Center in Louisiana was hit by a ransomware attack in late June of this year. The attack occurred when hackers infected the hospital's computer systems with ransomware, causing email, phone, and recordkeeping systems to be taken offline and staff had to rely on paper records. Thankfully, statements from the hospital ensure that no patient care functions were affected.

Shields Health Care Group also suffered a major breach in March 2022. The breach occurred when hackers managed to gain access to the company's computer systems and steal sensitive data. The Massachusetts-based medical services provider became aware of the attack on 28th March 2022 and sought out cybersecurity professionals to determine the scope of the incident.

Investigations showed that the hackers had access to extremely sensitive information between 7th March and 21st March 2022. Typically, this type of information is sold privately before being resold to threat actors who engage in bulk exploitation.

Shields Health Care Group's business type relies upon partnerships with hospitals and medical centers, which means that as a result of the cyber attack on their business, the impact was extensive. For example, two million people from the Office for Civil Rights portal of the U.S. Department of Health were affected.

Over $1.4 billion stolen from Decentralized Finance so far this year

DeFi is still a relatively new and untested field — making it a very attractive target for cyber criminals and attacks.

In May 2022, hackers managed to steal $90 million from two major DeFi platforms, Rari Capital and Saddle Finance. This was the largest theft of funds from DeFi platforms to date and it caused significant damage to the industry.

The hackers were able to steal the funds by exploiting vulnerabilities in the platforms' code. They were also able to gain access to the platforms' user accounts, which they used to steal the funds.

The theft of funds from DeFi platforms caused a lot of panic among investors and it raised concerns about the security of these platforms. And the bad news is, these attacks will likely continue in the future as hackers take advantage of DeFi’s untested and vulnerable systems.

Since the beginning of 2022, hackers have managed to steal a whopping $1.4+ billion worth of digital assets from various cryptocurrency exchanges and platforms.

Crypto exchanges hit for $800+ million

A cryptocurrency exchange called Nomad Bridge was hacked in February 2022, and $190 million worth of digital assets were stolen.

The hackers managed to gain access to the platform's user accounts and private keys, which they used to steal the funds. The day after the breach, hackers returned $9 million to Nomad, accounting for approximately 4.75% of the total loss.

Then a $615 million attack took place in May 2022. On this occasion, hackers from Lazarus Group were able to gain access to the Ronin Network’s cryptocurrency exchange data — specifically user accounts and private keys — which they used to steal funds.

These attacks highlight the importance of security in the cryptocurrency industry. Exchanges and platforms must take measures to protect their user accounts and private keys from being compromised by hackers.

Lapsus$ Group

From Lazarus to Lapsus$, the Lapsus$ Group hacked Microsoft in March 2022, gaining access to computer systems and stealing sensitive data. This was a major breach and caused a lot of damage to the company.

The hackers managed to get hold of sensitive company information such as customer source codes, private keys, databases, and job applicant CVs. They didn't stop there though — they then went on to publish the passwords they had accessed so that others could take advantage of them.

How exactly did this do this? It was all achieved through phishing emails, highlighting the extreme importance of appropriate staff training and cybersecurity. After all, if Microsoft can fall for phishing, so could anyone else!

Read up on Samurai’s expert tips for cybersecurity practices.

How can companies protect themselves against cyber attacks like these?

Cyber attacks are becoming more common and more damaging, meaning that gold standard cybersecurity is becoming all the more important too. Other practices like data encryption and cybersecurity training should also be high on the agenda.

Nobody can assume that they won’t be hacked. Rather, we all need to be prepared for how to deal with an attack when it happens (because with time it eventually will). This means not only protecting against attacks with defenses, but also having capabilities to detect attackers if they do breach the defenses (like XDR does) and also having a plan to deal with incidents if they are detected, potentially via incident response.

The Samurai blog is a comprehensive resource for cybersecurity in 2022.

Take a read of:

And contact us today to learn more about Samurai XDR and MDR can help protect your business.