Top Cyber Attacks of 2022

Cybercrime in the U.S. and abroad reached all-new record heights in 2022; and with it, all-new record-high costs. No one, not even the most powerful governments or institutions is immune to the costs or risk of damage by cyber criminals. In 2021, $9.44 million was the average cost of a single data breach in the U.S. This number is expected to climb and cybercrime is projected to cost the world $10.5 trillion annually by 2025. The first step in mitigating the risk of cyber attacks for any person or organization is to build cybersecurity awareness. Learn what the most current common attack methods are and equip yourself and your organization with training to protect themselves and valuable company data. Let’s ramp up that cybersecurity awareness and take a look at ten of the most significant cyber attacks that were detected in 2022.

1. Government of Costa Rica Hacked

Cyberattack method: Ransomware

Bad Actor: Russian-affiliated ransomware group Conti

In one of the most disruptive ransomware attacks ever to take place, the Finance Ministry of Costa Rica’s computer system was hacked in April 2022 by the Russian ransomware group known as Conti. When the Costa Rican government refused to pay the requested $10 million ransom, the hacker group retaliated by shutting down 30 Costa Rican government agencies. All told, the entire country’s tax system froze, imports/exports stalled, and workers’ pay was delayed. By May, Conti had leaked 97% of the data they hacked and a national emergency had been declared. Costa Rica is now the first country to declare a national emergency due to a ransomware attack. 

The attack continued for several months. Conti struck again in May and June, this time with their HIVE ransomware. In seeking $5 million in Bitcoin, Conti went after the Costa Rican Social Security Fund, disrupting their system of health care and ability to report results from COVID-19 tests. Overall, this ransomware attack was historic, and will not be the last you’ve heard of HIVE today. 

2. Nvidia Data Breach (and others)

Cyberattack method: Ransomware

Bad Actor: LAPSUS$ Group 

Nvidia is the biggest semiconductor chip manufacturer and one of the world’s largest Graphics Processing Unit (GPU) manufacturers based in Santa Clara, CA. The ransomware group LAPSUS$, believed to be based in the UK and South Africa, began leaking Nvidia passwords, employee credentials, and other sensitive data online in February of 2022. Threatening further leaks, the hacker group demanded Nvidia “remove the crypto mining limiters it had on its graphics cards and also to make their drivers open source” (Jumpstart).  LAPSUS$ continued to leak source code and other sensitive data belonging to other big companies, including Microsoft Bing, Cortana, T-Mobile, Okta, Samsung, and Ubisoft. The group’s hacking and extortion spree came to a halt in March of 2022 after seven teenagers who were alleged to be involved in the aforementioned crimes were arrested in the UK. To carry out their attacks, the group allegedly took advantage of IT or customer support vulnerabilities, and phishing schemes, and may have purchased login credentials from the dark web. 

3. California’s Firearms Dashboard Portal Breach

Cyberattack method: Unintentional data breach

Bad actor: unknown

Names, ages, residences, and license types were leaked to the public of anyone who registered for a concealed-carry permit in California between the years 2011 and 2021. This breach was caused by a misconfiguration and malfunctioning in the California Department of Justice 2022 Firearms Dashboard Portal. The breach is allegedly unrelated to the landmark US Supreme Court Ruling on concealed-carry permit legislation that occurred just days before the breach. 

4. $100 Million Extorted Between June 2021 and November 2022

Attack Method: Ransomware

Bad Actors: The Hive Group

We told you Hive would be back. The FBI just announced that “the notorious Hive ransomware gang has successfully extorted roughly $100 million from over a thousand companies since June 2021.” A total of 1,300 companies around the world have been victimized, and at times reinfected, by the Hive group via their ransomware or ransomware variant. Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) published a joint advisory in November 2022 to share the Hive Ransomware-as-a-Service indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) discovered by the FBI thus far in their investigations. The range of past and potential organizations at risk includes Healthcare and Public Health focused government facilities, IT, and communications sectors. 

5. U.S. Critical Infrastructure Sectors Compromised

Attack Method: Ransomware, Phishing

Bad Actors: Cuba Ransomware Actors

Since the Spring of 2022, the Cuba Ransomware Group has leveraged known vulnerabilities, phishing campaigns, compromised credentials, and legitimate remote desktop protocol (RDP) tools to compromise five critical infrastructure sectors in the U.S.: Financial Services, Government Facilities, Healthcare and Public Health, Critical Manufacturing, and Information Technology. Cuba ransomware actors have “demanded over 145 million U.S. Dollars (USD) and received over 60 million USD in ransom payments” (CISA). According to CISA’s report, “after gaining initial access, the actors distributed Cuba ransomware on compromised systems through Hancitor—a loader known for dropping or executing stealers, such as Remote Access Trojans (RATs) and other types of ransomware, onto victims’ networks.” It is unknown whether the group is affiliated with the Republic of Cuba. 

6. The Shields Healthcare Group Breach

Attack method: Unknown

Bad Actors: Unknown

Healthcare data breaches are incredibly costly. According to IBM’s annual “Cost of a Data Breach” report, the average cost of a healthcare data breach is up to $10.1 million per incident, up 9.4 percent from 2021. The majority of these breaches stem from threat actors targeting third-party vendors, which signals the importance of strong third-party risk management programs. To date, the largest single data breach that has ever been submitted to the Office of Civil Rights breach portal in 2022 was by the Sheilds Health Care Group in Massachusetts. Suspicious network activity was detected on March 28, 2022, and upon further investigation, Sheild’s discovered that an unknown bad actor had accessed their systems from March 7th to March 21st and that data had been stolen.

Two million individuals from two dozen facility partners had sensitive data, including names, Social Security numbers, provider information, diagnoses, billing information, medical record numbers, patient IDs, dates of birth, addresses, and treatment information stolen in the breach. Tufts Medical Center and UMass Memorial MRI were two of the impacted facilities. 

7. Optus Mobile Breach

Attack Method: Ransomware

Bad Actors: Unknown

An unknown threat actor gained access to government identification

Numbers of 2.1 million Australian customers of Optus Mobile this year. Following the leak of 10,000 customer records including names, birthdates, home, and email addresses, phone numbers, personal identification numbers, and 14,900 genuine Medicare ID numbers, the hacker demanded $1 Million in ransom in exchange for not disclosing or selling stolen data. Improperly configured security protections on an API endpoint are thought to be the cause of the data breach. 

8. $3 Billion Stolen Cryptocurrency in 2022

Attack Method: Exploitation of DeFi Protocols

Bad Actors: Uncounted and Unknown

In October of 2022 alone, $718 million worth of cryptocurrency had been stolen. Cybercriminals are looting Cryptocurrencies at record high levels thanks to Decentralised Finance (DeFi) Protocols. According to DazeInfo, “DeFi protocols use software-based algorithms to allow cryptocurrency investors to trade, borrow, and lend on digital ledgers without the use of a central intermediary. Hackers have honed their skills at exploiting flaws in the security, coding, and structure of DeFi marketplaces.”

What can we learn from these cybercrime incidents?

Every person and organization needs cybersecurity protection and response plans. Hackers are constantly a threat, changing and adapting their methods continuously. They act together, in coordinated efforts from every corner of the globe. No one is immune from an attack. If you are ready to learn the skills to protect your organization from malicious attacks, Cyber Phoenix has affordable subscriptions to courseware that can do that and more. Upskill your and your teams’ IT and cybersecurity knowledge or take the first steps toward becoming a cybersecurity professional. Whatever your path in the industry, Cyber Phoenix offers robust, affordable, high-quality courseware for you.