What are the Biggest Breaches of 2022 (So Far)
Despite the many steps forward we’ve seen in the world of security, the unfortunate reality remains that co-ordinated cyber-attacks and data breaches continue to be big business for gangs of digital thieves.
Likely to be another record-breaking year in terms of the cost of these attacks and breaches, today we take a look at some of the most devastating and impactful attacks, breaches, and threats of 2022 so far.
Costa Rican Government
Perpetrated in the early hours of April 17th, this devastating ransomware attack crippled nearly 30 institutions of the Costa Rican government, including the Republic’s Ministry of Finance, Ministry of Science and Ministry for Science, Innovation, Technology and Telecommunications.
Unfolding over the course of weeks and costing an estimated $30 million (USD) a day in lost productivity, the Russia-centric Conti ransomware gang initially demanded $10 million to return access to the government’s data.
With President Rodrigo Chaves declaring a national emergency in response, stating “we are at war”, the President also issued a public refusal to pay the ransom, resulting in the gang increasing their extortionate demand to $20 million.
Thought to have been enabled by malware installed on a Ministry of Finance computer, the attack severely damaged digital infrastructure, including public healthcare and online tax collection for several months.
Coming to an end following the general discontinuation of the ransomware syndicate, this case is a prime example of just how disruptive cyber-attacks can be at a state-level.
Cash App Data Breach
Confirmed by Block (formerly Square) in April of this year and affecting the sensitive information of over 8 million users of the payment services application, this data breach occurred as a result of a former employee’s unauthorised accessing of company systems.
Including customers’ names, portfolio information, trading activity and brokerage account numbers, this form of insider threat often has significant effects for organisations’ reputations, with the company stating in a US Securities and Exchange Commission (SEC) filing:
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.”
Although details are murky about exactly how the former employee still had access to this sensitive data, around 8.2 million former and current US customers were impacted by the breach.
With around 40+ million users across the US and United Kingdom, this massive breach illustrates the risk that disgruntled employees can present, as well as the need for robust IT infrastructure and employee offboarding processes.
Lapsus$ Spree
Perhaps one of the most notorious international hacking groups of 2022, Lapsus$ (sometimes known as DEV-0537) quickly earned a name for targeting large and notable tech companies with cavalier information security attacks.
With targets including Brazil’s Ministry of Health, Samsung, Ubisoft, Uber, and Rockstar Games, one aspect which makes this group unique is their public recruitment of company insiders to help carry out their destructive strikes.
Having stolen and posted a file containing around 37GB of Microsoft source code, accessing hundreds of gigabytes of proprietary data from Nvidia, the gang is believed to have used a variety of social engineering techniques to access sensitive information.
From phone-based social engineering to SIM-swapping and even bribery, the Lapsus$ gang was thankfully disrupted following an investigation headed by the City of London Police.
With seven UK teenagers between the ages of 16 and 21 being arrested, one suspected leader is thought to have amassed around $14 million from the gang's online escapades.
Although the gang may not have been active for long, this case is an interesting example of how a relatively rudimentary arsenal of tactics can prove effective against even the most guarded of tech organisations.
Binance
Binance, the world’s largest cryptocurrency exchange, has reportedly lost around $570 million worth of digital assets in one cryptos all-time biggest hacks.
Happening only a matter of days before the writing of this article, the situation is still evolving, though what is currently known is the exchange was temporarily forced to suspend transactions as the exploit was being investigated and contained.
Only the latest in a long string of attacks against prominent crypto companies, the incident does signify another blow to an already turbulent industry struggling to regain legitimacy and stability.
With many of these recent cryptocurrency attacks being linked to state-sponsored actors operating out of North-Korea, it is unknown how much of the funds will eventually be recovered, or if any parties will be held responsible.
Shields Health Care Group
The Massachusetts-based medical services provider, specialised in MRI, PETT/CT, and surgery services, announced that on March 28th they were hit with a massive hacking incident in which the medical data of over 2 million people was affected.
Providing services to over 50 medical facilities, the illicitly breached data included the names, social security numbers, addresses, and insurance and financial information of both former and current patients.
Though any breach involving this form of highly sensitive personal data is distinctly impactful, following the disclosure, the company has also been hit with a class action suit which alleges not only those whose information was exposed now face a “substantially increased and certainly impending risk” of identity theft, but also that Shields failed to alert victims within the 60-day window required by law.
While the case is ongoing and no perpetrator has been publicly named, the organisation has stated it will “continue to review and further enhance protections”; though, given the extent of the hack and the serious nature of the information breached, the incident does serve as a cautionary tale to other organisations responsible for the protection of personal data.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Featured
Auditing for GDPR Compliance
Questions to consider when auditing your business or SME for General Data Protection Regulation (GDPR) compliance.
Improving Employee Cyber Security
With human error responsible for many breaches and attacks, we offer some helpful areas for improving employee security compliance.
5 Cyber Tips for your Business
Essential cyber tips for helping your business or SME improve information and cyber security.
The Benefits Of Maintaining Compliance For Your Business
By maintaining compliance for your business you can ensure operational efficiency, reduce financial risk, enhance public trust, engage your employees and realise your mission.
Top 5 Phishing Trends in 2022
Insights, trends, and statistics from the world of phishing in 2022.
10 Steps to Cyber Security
The main concepts of the Nation Cyber Security Centre's '10 Steps to Cyber Security' guidance.
Cyber Awareness Part II: The Psychology of Behaviour Change
Part two in our blog series examining how the psychology of behaviour change will help us deliver effective awareness campaigns.
5 Anti-Phishing Insights Every CISO Should Know
Based the latest scientific research, tips to reduce human error and protect businesses against phishing attacks.
Cyber Awareness Part I: The Psychology of Behaviour Change
Cyber awareness helps reduce human error and insecure behaviours. Examining how the psychology of behaviour change will help us deliver effective awareness campaigns.
Why Organisations Need an Email Security Policy
An email security policy is a document describing how an organisation's email system should, and most importantly, should not be used.