In 2017, the WannaCry ransomware attack affected more than 230,000 computers in 150 countries, including hospitals, businesses, and government agencies. The attack was particularly devastating because it exploited a known security vulnerability in Microsoft Windows that had been patched months earlier. This shows that even if you're using up-to-date software, you're not necessarily safe from cyberattacks.
The number and severity of cyberattacks will only increase in the future. With the growth of the Internet of Things (IoT), more devices are connected to the internet than ever before. This means that there are more potential attack vectors for hackers to exploit. As we become increasingly reliant on technology, the stakes are getting higher. In fact, according to Cybercrime Magazine, cybercrime is expected to cost $10.5 trillion USD annually by 2025.
Since October is National Cybersecurity Awareness Month, it's the perfect time to reflect on the dangers that lurk online and take steps to protect yourself and your organization.
Here are five noteworthy cybersecurity incidents of 2022:
Shields Health Care Group
Industry: Healthcare
What Occurred:
In June 2022, Shields Health Care Group announced a data breach that affected more than 2 million patients. Shields said an "unknown actor" used valid employee login credentials to access patients' electronic health records. The hacker accessed patient information, including names, addresses, birthdates, social security numbers, and health insurance details. In a statement, Shields said it "immediately" took steps to block the attacker's access and launched an investigation. However, many experts are skeptical of the timeline that Shields has provided. It is unclear how the attacker could go undetected for such a long time, and why it took Shields over two months to disclose the breach.
Crypto.com
Industry: Cryptocurrency
What Occurred:
In January 2022, cryptocurrency platform Crypto.com announced on Twitter that "a small number of users experienced unauthorized activity in their accounts. All funds are safe." Initially only referring to the breach as "an incident," it was later reported that over $30 million worth of cryptocurrency was stolen. In a blog post, Crypto.com said the hackers had access to some user accounts where transactions were being approved without the user inputting the two-factor authentication. According to Cypto.com, approximately 483 users were impacted by the data breach. In response to the incident, Crypto.com immediately revoked all two-factor authentications and required all users to reset their passwords. A "full audit of the entire infrastructure" was also conducted. In March, Crypto.com announced the launch of its new Account Protection Program (APP) which will offer up to $250,000 in protection for users that lose funds due to hacks.
Industry: Social Media
What Occurred:
In January 2022, Twitter received a report through their "Bug Bounty" program about a potential security issue exploiting a zero-day vulnerability. When someone submitted an email address or phone number, the system would automatically check to see if the account existed on Twitter and provide the user with a list of associated account names. Twitter downplayed the report initially, saying that they had found no evidence that attackers had exploited it. However, a few days later, Twitter revealed that hackers were offering to sell the information of the affected 5.4 million users on the dark web for $30,000. In response to the incident, Twitter said it was "directly notifying the account owners they could confirm were affected by this issue." They urged all users to use two-factor authentication on their accounts and be vigilant of suspicious activity.
Costa Rica
Industry: Government
What Occurred:
In April 2022, the Russian ransomware group Conti announced on their dark web forum that they had successfully hacked the Costa Rica Ministry of Finance. Conti successfully hacked 27 different ministries in a series of coordinated attacks, culminating in a ransom demand of $20 million. The government of Costa Rica refused to pay the ransom. Instead, it took its systems offline to contain the damage while enlisting the help of international cybersecurity firms to assist in recovery efforts. However, this left many government services crippled for months and caused a significant backlash from the public. On May 8th, in response to the incidents, Costa Rica's President Rodrigo Chaves issued a state of emergency. Chaves announced, "we are signing this decree, precisely, to declare a state of national emergency in the entire public sector of the Costa Rican State and allow our society to respond to these attacks as criminal acts."
Red Cross
Industry: Humanitarian
What Occurred:
In January 2022, the International Committee of the Red Cross (ICRC) announced that it had been the victim of a targeted supply chain attack in November 2021. The attackers had gained access to the organization's network through an unpatched vulnerability in their system. From there, they could access the personal data of employees, volunteers, and beneficiaries. In total, over 515,000 records were compromised in the attack. The ICRC said that the attackers had "specifically and deliberately targeted" their organization and that the incident was "a clear violation of the humanitarian principles on which we work." In response to the attack, the ICRC took its systems offline and engaged external cybersecurity firms to help them with their recovery efforts.
What Can We Learn from These Cyber Attacks?
There are a few key takeaways from these major cyberattacks:
- Targeted attacks are on the rise: Organizations need to be aware that they may be targeted by hackers, even if they don't hold sensitive data.
- Supply chain attacks are a significant threat: Organizations must ensure that their suppliers and contractors are as secure as possible to avoid being compromised.
- Two-factor authentication is essential: Users should enable two-factor authentication on all their accounts to protect against account takeover attacks.
- Be vigilant of suspicious activity: Organizations and users should look for signs of compromise, such as unexpected changes in account behavior.
Cybersecurity is a complex problem that requires a multi-pronged approach. Businesses need to invest in robust security measures, create policies and procedures for incident response, and educate their employees about cybersecurity risks.
For more information on protecting your organization from cyberattacks, reach out to your TBI Business Development Manager. They can assist you with setting up an appointment with our Cybersecurity Experts to help you find the right security solution for your business.
