With the pandemic evolving into a new phase of uncertainty and increasing political polarization around the world, 2022 will be a difficult and often confusing year in the field of digital security. And while hackers often rely on old benefits like phishing and ransomware attacks, they still find dangerous new variations to break defenses.
Here’s WIRED’s look back at the year’s worst breaches, leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers. If the early years of the 2020s are any indication, the field of digital security in 2023 will be weirder and more unpredictable than ever. Be alert, and stay safe out there.
For years, Russia has been attacking Ukraine with brutal digital attacks cause a power outagedata theft and destruction, election interference, and destructive malware release to wreak havoc on the networks of the country. However, since the invasion of Ukraine in February, times have changed for some of Russia’s most prominent and dangerous military hackers. Sharp long-running campaigns and gritty ingenious hacks have largely given way to a tighter and more regimental clip about rapid intrusions into Ukrainian institutions, widespread cyber espionage and destruction—and then repeated access, whether through a new breach or by maintaining old access. Russia’s play on the physical battlefield and in cyberspace seems to be the same: one of the most intense bombardments that can inflict and inflict as much pain on the Ukrainian government and citizens as possible.
However, Ukraine was not digitally passive during the war. Nation established a volunteer team “IT Army” after the invasion, and it, along with other actors around the world, Attachment DDoS attacks, disruptive hacks and data breach against Russian organizations and services.
Over the summer, a group of researchers known as 0ktapus (sometimes referred to as “Scatter Swine”) ran a massive scam that compromised nearly 10,000 accounts in more than 130 organizations. According to the researchers, the majority of victim organizations are based in the United States, but there are also dozens of organizations in other countries. Attackers primarily message targets with malicious links that lead to fake authentication pages for the Okta identity management platform, which can be used as a single sign-on tool for multiple digital accounts. digital. The hacker’s goal is to steal Okta login credentials and two-factor authentication codes so they can access several accounts and services at the same time.
One company that was attacked in a fit of rage was the media company Twilio. It was breached in early August that affected 163 of its client organizations. Twilio is a big company, so only 0.06% of their customers, but sensitive services like secure messaging apps Signal, two-factor authentication app Authy, and authentication company Okta were both included in that section and became secondary victims of the breach. Since one of the services Twilio offers is a platform to automatically send SMS text messages, one of the knock-on effects of the incident was that attackers were able to compromise two-factor authentication codes. and breached the user accounts of several Twilio customers.
As if that wasn’t enough, Twilio added a October report that it was also breached by 0ktapus in June and that hackers stole customer contact information. The case highlights the real power and threat of phishing as attackers strategically choose their targets to magnify the effects. Twilio Written in August, “we are deeply saddened and disappointed by this incident.”
In recent years, countries around the world and the cybersecurity industry have increasingly focused on combating ransomware attacks. Despite some progress in containment, extortion gangs are still rife in 2022 and continue to target important and vulnerable social institutions, including institutions. provide health care and schools. For example, the Russian-speaking group Vice Society has long specialized in targeting both categories, and this year it is focusing on the education sector. The group had a particularly memorable matchup with the Los Angeles Unified School District in early September, in which the school ultimately stood firm and refused to pay the attackers, even as the technical network Their number is down. LAUSD is a high-profile target, and the Vice Society may have bitten off more than it could chew, as the system includes more than 1,000 schools serving about 600,000 students.
Meanwhile, in November, the US Cybersecurity and Infrastructure Security Agency, the FBI, and the Department of Health and Human Services give a general warning about the Russian-linked ransomware group and malware maker known as HIVE. The agencies say the group’s ransomware has been used to target more than 1,300 organizations around the world, resulting in approximately $100 million in ransoms from victims. “From June 2021 to at least November 2022, threat actors used Hive ransomware to target multiple businesses and critical infrastructure sectors,” the agencies said. writes, “includes Government Facilities, Communications, Critical Manufacturing, Information Technology and especially Healthcare and Public Health.”
The Lapsus$ . digital blackmail gang carried out a massive attack in early 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft, then leaking samples as part of the effort. obvious blackmail. Lapsus$ is potentially a very dangerous scam, and in March it compromised a contractor who had access to Popular authentication service Okta. The attackers appeared to be mainly in the UK and at the end of March, the British police arrested 7 people related to the group and charged 2 people in early April. However, in September, the group broke out. replay, mercilessly violation of the ride-sharing platform Uber and it seems the Grand Theft Auto Rockstar developer also. On September 23, British police said they had arrested an unnamed 17-year-old from Oxfordshire appears to be one of the individuals arrested before in March regarding Lapsus$.
Under siege password management giant LastPass, has many times handling with data breaches and security incidents over the years, said at the end of December that one of its cloud storage breaches in August led to another incident in which hackers targeted a LastPass employee to compromise cloud storage credentials and keys. The attackers then used this access to steal some users’ encrypted password vaults—files containing customer passwords—and other sensitive data. Additionally, the company said that “some source code and technical information was stolen from our development environment” during the August incident.
LastPass CEO Karim Toubba said in a blog post that in subsequent attacks, hackers compromised copies of backups containing customers’ password vaults. It is not clear when the backup was made. The data is stored in a “proprietary binary format” and contains both unencrypted data, such as website URLs, and encrypted data, such as usernames and passwords. Even if LastPass’s vault encryption is strong, hackers will try to break into the password vault by trying to guess the “master password” that users set to protect data With a strong master password, this may not be possible, but the master password could be at risk of being defeated.And since the vaults were stolen, LastPass users were unable to stop the attacks. this brute-force attack by changing their master password. Instead, users should confirm that they have implemented two-factor authentication on as many of their accounts as possible, so now Even if their password is compromised, an attacker cannot break in.And LastPass customers should consider changing passwords on the most sensitive and valuable accounts. their.