The worst cyber attacks of 2022 (Updated 2023)

Both 2020 and 2021 were terrible years for cybersecurity, and this trend continued apace in 2022. Cyberattacks rose by 38% worldwide as hackers became more adept at exploiting remote work and e-learning software. Healthcare data breaches in the US also increased by 86%, targeting sensitive information like medical records, social security numbers, and health insurance details.

Now more than ever, cybercrime is weaving itself deeper into the fabric of life — and it shows no signs of slowing down. It’s on track to cause worldwide devastation amounting to $10.5 trillion annually by 2025. That’s exponentially larger than the global illegal drug trade or the yearly damage inflicted by natural disasters. And if it were a country, cybercrime would be the third-largest economy, right behind the US and China.

The many challenges of 2022 — economic volatility, geopolitical unrest, and the lingering effects of the pandemic — underscored the importance of addressing cybersecurity gaps before they cause destruction. Staying on top of these threats can help you protect your business against them. Here’s a recap of last year’s biggest digital security debacles.

Lapsus$ extortion rampage

The ransomware group Lapsus$ organized a series of hacking attacks in the early months of the year. It initially targeted high-profile companies such as Nvidia, Samsung, and Ubisoft, stealing valuable data and leaking it in apparent extortion attempts.

The spree reached new heights in March when the group breached and leaked portions of Microsoft Bing and Cortana source code. It also compromised a contractor that had access to Okta’s internal systems — a particularly concerning intrusion because of Okta’s vital role as an authentication hub.

Okta provides a single point of secure access for companies that use enterprise software such as Salesforce, Google Workspace, or Microsoft Office 365. By infiltrating Okta's system, hackers could potentially access a company’s entire software stack at once, gaining control over how, when, and where users log on.

Lapsus$ appeared to be based in the United Kingdom and South America. It used phishing attacks to gain access to its targets' systems.

In contrast to other attackers that prefer to stay discreet to maximize ransom payments, Lapsus$ publicized their hacks, presumably to gain media attention and boost their reputation in the underground world of cybercrime. Members of this hacking group have reportedly gone as far as to join Zoom calls of companies they have targeted, where they verbally harassed and mocked employees and consultants attempting to remediate the breaches.

In March, British police arrested seven people associated with the group and charged two in April. Federal police in Brazil also arrested one of its suspected prominent members in October.

While Lapsus$ appeared to continue operating briefly after the arrests, it eventually became dormant.

Attacks on Crypto.com and DeFi platforms

The fast-paced growth of the cryptocurrency industry has spurred the development of various crypto asset storage, conversion, and management tools. But this rapid expansion also exposed vulnerabilities that cybercriminals are all too eager to exploit.

In January, the international cryptocurrency exchange Crypto.com confirmed that hackers stole almost $30 million worth of cryptocurrency from 483 of its users' digital wallets. They managed to steal 4,836.26 ETH (around $13 million), 443.93 BTC (around $16 million), and about $66,200 worth of other digital currencies.

The party responsible for the attack remains unknown. Crypto.com has since introduced additional security measures and enlisted third-party auditors to evaluate its security, but did not disclose specifics about the upgrades.

Unsurprisingly, Crypto.com was not the only victim. In February, hackers took advantage of a vulnerability in the Wormhole bridge and seized approximately $320 million worth of Ethereum variants. By the end of March, North Korea’s Lazarus Group successfully stole $540 million worth of Ethereum and USDC stablecoin from the Ronin blockchain bridge. And in April, attackers used a "flash loan" to steal around $182 million from the stablecoin protocol Beanstalk.

It’s clear that 2022 was the worst year for cryptocurrency hacks, at least so far. Cybercriminals stole upwards of $3.8 billion in cryptocurrency over the year, an increase from $3.3 billion in 2021. October was particularly vicious, with 32 separate attacks resulting in the theft of $775.7 million.

DeFi protocols made up around 82% (or $3.1 billion) of all hacker-stolen cryptocurrency in 2022, most of which came from cross-chain bridge applications. These bridges allow interoperability in the blockchain space by facilitating communication between protocols, but their long list of unaddressed security risks — along with the fact that they hold billions of dollars in crypto assets at any given time — make them easy targets for cybercriminals.

Conti’s attack on Costa Rica’s economy

Also in 2022, the Russian hacker group Conti launched what became one of the most disruptive ransomware attacks in history. It targeted Costa Rica's Ministry of Finance in April and caused severe disruptions that lasted for several months.

The breach paralyzed the country's import/export businesses and resulted in tens of millions of dollars in daily losses. Its severity prompted Costa Rica's president to declare a national emergency, making it the first country to take such a measure due to a ransomware attack.

And it didn’t end there. Another Russian ransomware group called HIVE launched a second attack in late May, this time on the country’s Social Security Fund, causing widespread disruptions to Costa Rica’s healthcare system.

Some industry experts believe that the same cybercriminals were responsible for both attacks, and that HIVE has been assisting Conti in rebranding and avoiding international sanctions that target extortion payments made to cybercriminals operating in Russia.

The breach illustrates the fact that password managers are a stop-gap measure, rather than the real solution to the problem of passwords.

When we think of passwords, the problems are at least two-fold:

• Humans are fallible and we can’t remember strong passwords, so we reuse them
• Attackers are becoming better and better at brute-force attacks on passwords

LastPass Breach

Password managers have become an essential tool for end users to manage the proliferation of passwords required for access to all of the online services they use. This makes password managers a very desirable target. Unfortunately LastPass, one of the leading providers of password managers, became a victim of cyber attackers.

Due to the type of data stolen in their second incident, it is possible we’ll see a larger than disclosed and understood impact via BEC or phishing attempts.

The LastPass breach probably won’t be the last breach of a password manager – because they are such attractive targets. Rather this breach is a warning for the industry that we need to do identity better, using technologies like:

• Identity federation – this means using identity providers (like Azure Active Directory, Okta, Google etc.) who provide an identity service that others can use. Those identities can then be more strongly protected
• MFA and passwordless authentication. – This helps to strengthen the protection of identities provided by identity providers. Without identity federation, MFA is becoming a solution which does not scale. As users add more and more accounts to their authenticator apps, they risk becoming confused and losing track of all their MFA configurations.

However, it must be noted that by using identity providers, we are also putting all of our eggs in one basket, which then makes the identity providers themselves very attractive targets. Because they will hold the keys to our digital lives, the risk of denial of service attacks on identity providers becomes a real threat.

How to protect your business

No business — or government — is safe from cyberattacks. Organizations of all sizes can fall victim to digital intrusions, whether it be caused by weak supply chain security, phishing scams, insider threats, or network vulnerabilities. Large organizations and governments have the resources to recover after the fact. For a smaller company, the impact of a cyber breach may be fatal as they don’t have the funds or resources needed to recover after a breach. For that reason, it is all the more important to put defenses in place before it is too late.

Recovering from such breaches can be expensive, often requiring significant network repairs and hiring third-party cyber forensics teams, on top of dealing with massive fines and legal repercussions. Rather than cleaning up and rebuilding after an intrusion, it’s more prudent to keep attackers out in the first place.

If you are interested in cyberattack prevention, request a private beta invitation to Samurai XDR, a vendor-agnostic and API-driven cloud-based threat detection and response service.

Developed by NTT and supported by its Global Threat Intelligence Center, Samurai XDR employs advanced analytics, machine learning, and automation to identify and respond to both known and unknown threats. It can collect, organize, and incorporate threat intelligence from various sources — including open sources — to safeguard your company's cybersecurity.

Get in touch to find out more today!