Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023

Uploaded on 2022-12-29 in FREE TO VIEW

Brought To You By Rene Mulyandari 

Twitter, Medibank, Optus, and Ronin are among the worst cyber crime cases reported in 2022. How can tools such as attack surface management prevent hacking from taking place?

“Those who don’t learn from history are condemned to repeat it.” The field of cybersecurity is not exempt from this saying. Going into 2023, what should you know about the worst cyber attacks that occurred in 2022 and what can we learn from them to avoid repeating history?

Here, we cover attacks and data breaches that affected the users of Twitter, Medibank, Optus, and Ronin.

#1 Twitter

In August 2022, Twitter shared that hackers had exploited a flaw that appeared after a code update in June 2021. The bug was detected and fixed in January 2022 and the company believed no one exploited it at the time. However, in July 2022, Twitter learned that criminals had discovered the bug and misused it to obtain sensitive user information and compromise user accounts.

As a result, 5.4 million user accounts have been compromised in the breach. The data made available for purchase on hacking forums includes user phone numbers and email addresses. The users whose information had been compromised have been notified by the company. Could the exploitation of this zero-day vulnerability have been avoided?

One of the security solutions that companies use to detect, test for vulnerabilities and analyze is attack surface management. 

To pinpoint issues in real-time, attack surface management uses artificial intelligence and automatically tests the entire attack surface against all known and zero-day vulnerabilities.  The data of the testing and analysis is displayed on a single dashboard in a risk-focused report that aids security analysts to prioritize their tasks — focus on the major risks first.

The tool is linked to the resource MITRE ATT&CK Framework which lists new hacking techniques.

#2 Medibank

In November 2022, major Australian health insurer Medibank suffered a cyber attack that gave intruders access to the data of 9.7 million users. The data breach happened after the well-known ransomware group REvil gained access to the company’s systems using the stolen credentials of a user with high privileges.

The attack on Medibank, like many others, was financially motivated. The threat actors demanded a ransom be paid in exchange for not leaking the sensitive medical data they obtained from the insurer.

The company refused to pay the ransom since this action would encourage and finance further criminal activity. Also, there was no guarantee that the sensitive information would be returned or not leaked regardless. As a result, the criminals behind the breach went public with sensitive information such as passport numbers, customer names, birth dates, medical claims, and more.

In November, the threat actors leaked what is believed to be the last 5G of the data that was obtained in the breach. They shared it in a hacking forum. Customers whose information has been revealed on the dark web are susceptible to further criminal activity such as identity theft.

Retaining control over the large amount of data that the company stores in the system is a challenge. So how can you prevent major incidents like this?

Data breach protection includes:

#3 Optus

In October 2022, another high-profile hacking case hit an Australian company. This time, the victim was the telecom giant, Optus. The data breach compromised the information of 11 million users in one of the worst cyber attacks ever recorded in Australia. The users (current and former ones dating back to 2017) whose sensitive data has been obtained in the breach were notified. The company claims that it stopped the attack as soon as it had been identified in the system.

What caused this data breach?

The company initially claimed that sophisticated hacking was to blame for the breach. Later, it was reported that the threat actor got unauthorized access to the company’s network by exploiting a publicly available API endpoint.

Unprotected APIs leave the company exposed and can grant access to the database without the criminal having to log into the system.

Affected customers are at heightened risk of phishing attacks as well as identity fraud. Namely, the information that has been leaked includes birth dates, Medicare ID numbers, passports, emails, home addresses, and driver’s licenses.

This case is a reminder that even companies that have multiple layers of protection and strong security can suffer a breach if the security is not thorough and leaves basic vulnerabilities to be exploited within the system.

#4 Ronin Network Attack 

In March 2022, the blockchain network known as Ronin suffered a cyberattack that resulted in $600 million in stolen digital assets. It was considered to be the second biggest crypto hack ever. Threat actors behind the attack have been identified as the Lazarus group. They obtained access using the private keys that enabled them to approve several transactions.

How was the attack possible?

Ronin is linked to the game Axie Infinity. The hackers discovered outdated accounts with high levels of permission. 

These compromised accounts enabled cyber criminals to make transactions — and transfer 173,600 Ether and 2.5 million USD Coin (or $600 million altogether).

The attack was discovered after the customers couldn’t withdraw their funds from the Ronin bridge. The company has been investigating the incident and increasing the validation threshold from five to eight. 

To Conclude

What these four major hacking incidents of 2022 have in common is that the users who trusted the company with their data are the ones affected by the incident the most. 

Therefore, properly managing and protecting customer information is essential just as regular management of security solutions and protocols. 

These high-caliber cyber attack cases show us that having security teams and layered tools that major companies rely on doesn’t make businesses immune to cyber attacks - not even basic ones. Tools such as attack surface management are crucial here because they help security professionals in managing an increasing attack surface and pinpoint high-risk threats early.

You Might Also Read: 

Simplicity In Complexity: The Key to Successful Threat Exposure Management:

 

« Ukraine’s Military Intelligence Hit By Cyber Attacks
France Fines Microsoft For Privacy Breaches »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Experis

Experis

Experis provide IT resourcing, project solutions and managed services. We enable organizations to cultivate individuals and teams prepared for the digital age.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

IONIX

IONIX

IONIX is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your real attack surface and its digital supply chain.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.