From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the first half of the year.
WHETHER THE FIRST six months of 2022 felt endless or fleeting, or both, massive hacks, data breaches, digital scams, and ransomware attacks continued apace through the first half of this challenging year. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights disputes around the world, cyber security vulnerabilities and digital attacks have proven to be completely entangled in all aspects of life.
However, with another six months left in the year, there is still more to come. These are the biggest digital security debacles yet.
For years, Russia has aggressively and recklessly launched digital attacks against Ukraine, causing blackouts, attempting to skew elections, stealing data, and unleashing destructive malware to rampage across the country and the world. However, after invading Ukraine in February, the digital dynamic between the two countries has changed as Russia struggles to support a massive and costly kinetic war and Ukraine mounts resistance on every front it can think of. This has meant that while Russia has continued to hit Ukrainian institutions and infrastructure with cyberattacks, Ukraine has also been fighting back with surprising success. Ukraine formed an “IT Army” of volunteers at the beginning of the war, which has focused on mounting DDoS attacks and disruptive hacks against Russian institutions and services to cause as much chaos as possible. Hacktivists around the world have also turned their attention, and digital firepower, to the conflict. And as Ukraine launches other types of attacks against Russia, including attacks using custom malware, Russia has experienced data breaches and service outages on an unprecedented scale.
Lapsus$ gang extortion spree
The Lapsus$ digital extortion gang moved to an extreme level of hacking in the early months of 2022. The group emerged in December and began stealing source code and other valuable data from increasingly prominent and sensitive companies, including Nvidia, Samsung and Ubisoft, before leaking into apparent extortion attempts. The spree reached its zenith in March when the group announced that it had breached and leaked portions of the Microsoft Bing and Cortana source code and compromised a contractor with access to the internal systems of the ubiquitous Okta authentication service. The attackers, who appeared to be based in the UK and South America, relied heavily on phishing attacks to gain access to the targets’ systems. In late March, British police arrested seven people believed to have links to the group and charged two in early April. Lapsus$ appeared to continue operating briefly after the arrests, but then went dormant.
Conti paralyzes Costa Rica
In one of the most disruptive ransomware attacks to date, the Russian-linked cybercrime gang Conti took Costa Rica into custody in April, with disruptions to last for months. The group’s attack on the country’s Ministry of Finance paralyzed Costa Rica’s import/export business, causing losses of tens of millions of dollars a day. The attack was so serious that the president of Costa Rica declared a “national emergency” — the first country to do so due to a ransomware attack — and a security expert described Conti’s campaign as “unprecedented.” A second attack in late May, this one on the Costa Rican Social Security Fund, was attributed to Conti-linked HIVE ransomware and caused widespread disruptions to the country’s healthcare system. While Conti’s attack on Costa Rica is historic, some believe it was a distraction as the gang attempts to rebrand to evade sanctions against Russia for its war with Ukraine.
Decentralized finance platform hacks
As the cryptocurrency ecosystem has evolved, the tools and utilities to store, convert, and manage cryptocurrencies have developed at breakneck speed. However, such rapid expansion has been accompanied by oversights and mistakes. And cybercriminals have been eager to cash in on these mistakes, often stealing vast amounts of cryptocurrency worth tens or hundreds of millions of dollars. In late March, for example, North Korea’s Lazarus Group memorably stole what was then worth $540 million worth of Ethereum and USDC stablecoin from the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers exploited a flaw in the Wormhole Bridge to seize what was then worth around $321 million.