Frankly, 2022 could have been dubbed ‘the Year of the Hacker’. In the first six months, there was a 42% increase in cyberattacks compared to 2021, and the global average cost of a data breach had increased to USD 4.35 million, from USD 4.24 million the previous year. Investment fraud was the costliest form of cybercrime overall, with an average of USD 70,811 lost per victim.
In terms of sectors, healthcare was hit the hardest, with data breaches costing over USD 10 million, almost double that of the next biggest target – the finance sector with an average cost of USD 5.97 million per breach. The next three on the list were pharmaceuticals (USD 5.01 million), technology (USD 4.97 million) and energy (USD 4.72 million).
In this review, we give (dis)honorable mentions to some of the most prominent trends and high-profile attacks of 2022
Of course, the Russia-Ukraine war has largely dominated world events this past year. Within days of the invasion, Check Point Research noted a 196% increase in cyberattacks on Ukraine’s government-military sector, as Russia used cyber activity as a weapon of war (the corresponding increase for Russian organizations was just 4%). Ukraine was quick to catch on, forming a volunteer ‘IT Army’. A website was set up listing Russian targets, with hostnames and/or IP addresses of target entities for volunteers to infiltrate, usually via distributed denial of service (DDoS) attacks.
Ransomware - the hacker’s favorite
In terms of types of cyberattack favored by hackers in 2022, ransomware was the number one attack of choice, forcing payouts from victims in return for stolen data. Here again, the healthcare sector topped the charts, with one in 42 organizations getting hit by a ransomware attack, followed by Managed Service Providers/ Internet Service Providers (one in 43), and finance/ banking (one in 49). Indeed, ransomware has become an industry of its own, with call centers set up by hackers to help victims navigate the route to retrieval of their data. The average cost of ransomware breaches is USD 4.54 million - a slight decrease on the 2021 figure of USD 4.62 million, but note that these figures represent costs before paying the ransom itself.
One of the ways in which hackers can have the most impact is by attacking critical infrastructure - the assets that keep society and economies up and running. In 2022, this sector proved a popular target, with high-profile attacks on a U.S. prison, the Iranian steel industry, Denmark's train network, an Italian energy agency, Greece’s largest natural gas distributor…. The list goes on…
Big names under attack
2022 was a busy year for ransomware hacker group, Lapsus$. Its victims included Samsung, Microsoft, and Nvidia - the largest semiconductor chip manufacturer in the world. The preferred attack type was phishing, stealing data, and often leaking it online, followed by extortion. The fact that Lapsus$ publicized their attacks online suggests that the group was not motivated by financial gain, but rather the kudos of infiltrating high-profile targets.
Exploiting new technology is another way that hackers catch their targets unawares. Earlier this year, a US-based financial institution specializing in private investments noticed unusual activity on its internal systems. Finding that the activity came from within its own network, security personnel traced the source to a copycat WiFi signal coming from the top of the building. Indeed, two drones were discovered on the roof, one of them carrying a modified Wi-Fi Pineapple device (usually used by security for penetration testing), powering a counterfeit Wi-Fi network. When employees connected to the WiFi Pineapple, the attackers were able to capture data, including user login information and Wi-Fi details.
Crypto currency was the target of several major attacks in 2022. Singapore-based cryptocurrency exchange company, Crypto.com was attacked in January 2022. Targeting nearly 500 people’s cryptocurrency wallets, hackers were able to bypass two-factor authentication to steal around $16 million worth of Bitcoin and $13 million worth of Ethereum, along with other cryptocurrencies.
Another crypto hack - the greatest ever measured in real monetary terms – was on high-profile crypto game Axie Infinity. The game enables players to earn digital currency and non-fungible tokens (NFTs). Hackers used a faked job offer to compromise a senior engineer’s computer, opening the way for four out of nine crypto keys to be stolen, along with a whopping $625 million!
In terms of detection and containment, there is some good news coming out of 2022. In its IBM Cost of a Data Breach Highlights, IBM reported that it took an average of 277 days to identify and contain a data breach - a slight improvement over the 287 days it was taking in 2021. But that’s just an average… The figure for stolen credentials is 327 days, for phishing 295 days and for a misconfigured cloud it’s 244 days.
We’ll have to wait a few months before 2022 cyber trends have been fully analyzed. But what is already clear is that hackers continue to gain in confidence, viewing no sector, nor individual, as too big of a target. With ransomware and phishing being the easiest way to gain access to data, cyber security training for employees has to be a key part of any organization’s cyber defense strategy.