Year in Review: Threat Landscape 2022
As we start our 2023, it is important to review the threat landscape for 2022 which will help us identify the patterns and help us prepare for 2023.
As we know, cybercrime is an ever-evolving problem, with an estimated cost of US$10trn by 2025. In 2021, there were more than 4,100 publicly disclosed data breaches, which equates to approximately 22 billion records being exposed. The figures for 2022 are expected to at least match this, if not exceed it by as much as five percent.
Knowing what the future holds can help with being prepared for emerging threats better. Every year, Cybersecurity experts prepare forecasts for different industries, helping them to build a strong defense against any cybersecurity threats they might face in the foreseeable future.
With this being said and being that we are close to the end of the year, here are the top 10 threats that had the biggest impact in the industry all around:
10. Social engineering “most dangerous” threat, say 75 percent of security professionals
Social engineering is and continues to be one of the most dangerous threats, why? Because of the human factor. Three out of every four security professionals considered social engineering or phishing attacks to be the “most dangerous” threat to cyber security at their companies. The human factor of clicking links that we do not know or be aware of what could be safe or not when receiving emails is a constant improvement in every company.
Research, which was conducted by the CS Hub Mid-Year Market Report 2022, also found that other top threats included supply chain/third-party risks (cited by 36 percent of respondents) and a lack of cyber security expertise (cited by 30 percent of respondents).
9. Meta fires employees for allegedly hacking into user’s accounts
We all know and are aware that Social Networking is present in everyone’s life since teens to our senior citizens. On November 17, 2022, the Wall Street Journal broke the news that 12 Meta employees had been either disciplined or fired for breaking Facebook’s terms of service and hijacking user accounts.
The employees, some of whom were contractors employed as security guards at the tech company’s offices, had been using a heavily regulated internal access tool referred to as ‘OOps’ to reset access to Facebook accounts. One employee was dismissed following accusations that they used OOps to allow hackers to fraudulently gain access to multiple Facebook accounts in exchange for thousands of dollars' worth of Bitcoin.
8. Dropbox suffers data breach following phishing attack
On October 14, 2022, a malicious actor gained access to 130 of the company’s source code repositories after its employees were targeted by a phishing attack (remember our number 10 in this list?)
The attack saw a malicious actor pose as code integration and delivery platform CircleCI to harvest login credentials and authentication codes from employees. It also gained access to Dropbox’s account on code repository site GitHub, as CircleCI login information can be used to access Github.
Throughout the attack, the hacker gained access to some of the code Dropbox stores on the platform, including API keys used by its developers.
7. Google blocks “largest ever” web DDoS attack
Google reported that it had blocked the “largest” distributed denial of service (DDoS) attack on record, which had a peak of 46 million requests per second on June 1.
The attack targeted a Google Cloud Armor user with HTTPS for a duration of 69 minutes and had 5,256 source IPs from 132 countries contributing to it. Google reported that the attack was the biggest Layer 7 DDoS attack reported to date and was 76 percent larger than the previous record.
In a blog post about the attack, Emil Kiner, senior product manager for Cloud Armor, and Satya Konduru, technical lead, both at Google, noted that the attack was akin to “receiving all the daily requests to Wikipedia...in just 10 seconds”.
6. Kaspersky Antivirus added to US security risk list
The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) amended its list of foreign IT vendors that “pose an unacceptable risk to national security or the security and safety of United States persons” on March 25.
The amendment added Kapersky Antivirus, a digital security company previously named by Gartner as the third-largest provider of consumer-level IT products and the fifth-largest vendor of enterprise IT products. Two Chinese-owned companies, China Mobile International and China Telecom Corp, were also added.
FCC commissioner, Brendan Carr, said the companies were added to the roster to “help secure [US] networks against threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.”
5. Twitter confirms data from 5.4 million accounts has been stolen
On July 27, Cyber Security Hub reported that a hacker going by the alias “devil” claimed to have the details for 5.4 million Twitter accounts for sale.
The hacker said they had harvested the information using a vulnerability previously flagged to Twitter on January 1, 2022. Here we can see the importance of working on the vulnerabilities reported as well.
Twitter confirmed the breach on August 5 and suggested that in the future users should enable two-factor authentication to protect their accounts from unauthorized logins.
4. Suspected Grand Theft Auto 6 hacker arrested by UK police
Rockstar Games, the developer of popular Grand Theft Auto (GTA) game series, suffered a data breach on September 19, 2022, after an unauthorized party gained access to the company’s Slack channel.
From there, the hacker downloaded and leaked previously unseen assets and clips from the as-yet-unreleased GTA 6 game to a fan forum. While it was initially thought to be a hoax, swift involvement from both Rockstar Games and the authorities confirmed the clips were real.
A 17-year-old from Oxfordshire known only as AK was later arrested by the City of London police, allegedly not only in connection to the hack, but to hacks against Uber and Microsoft from earlier in 2022.
3. Google announces its acquisition of Mandiant
Google announced its plans to acquire cyber security firm Mandiant at a cost of more than $5bn on March 8, 2022, in a move designed to bolster its internal cyber security resources.
The $5.4bn acquisition was Google’s second-most expensive deal in its history, second only to its purchase of Motorola Mobility for $12.5bn in 2012.
The plans to merge Google and Mandiant’s cloud offerings, as well as the size of the deal, led to speculation on what its impact might be for the cyber security sector at large. Cyber security experts noted that it may signal a shift in the cloud landscape, with those offering cloud services increasing investment in security and consulting services.
Experts are weary of the purchase since the attack to Google a few months after, that you can see in this same list.
2. Samsung hit with class action lawsuit following data breach
The South Korean giant was in turmoil as well this year. In late July 2022, an unauthorized party gained access to the internal servers for tech giant Samsung’s US customers. Samsung warned customers of the data breach on August 4, after an internal investigation confirmed that the malicious party had gained access to personal information for customers.
Just over a month later, a class action lawsuit was filed by a Samsung customer affected by the breach. Shelby Harmer filed the lawsuit with the US District Court for Nevada on September 6 “on behalf of Samsung’s customers whose personally identifiable information was stolen by cyber criminals”.
The lawsuit alleged that Samsung had not only failed its customers by not reporting the breach in a timely manner, but also by incorrectly safeguarding their personal information in the first place.
1. More than 1.2 million credit card numbers leaked on hacking forum
Carding marketplaces are dark web sites where users trade stolen credit card details for financial fraud, usually involving large sums of money. On October 12, 2022, carding marketplace BidenCash released the details of 1,221,551 credit cards for free.
A file posted on the site contained the information for more than 1.2 million credit cards expiring between 2023 and 2026, in addition to other details needed to make online transactions.
BidenCash had previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the carding marketplace had been forced to launch new URLs three months later in September after suffering a series of DDoS attacks, some cyber security experts suggested this new release of details could be another attempt at advertising.
These threats makes us wonder:
What cybersecurity challenges will industries face next year?
Threat modeling approaches will be changed in 2023. Internet ‘balkanization’, ongoing military conflicts, changes, and tensions in existing political groups of countries are influencing cyberspace and cybercrime. We will see an increasing number of cybercriminals taking political sides and breaking the law with political statements. Also, script-kiddies (low skilled hackers) will be joining groups of cybercriminals led by more skilled perpetrators, or state sponsored hackers more often.
The major challenge for cybersecurity itself will be a lack of transparency and information sharing between companies. It will be extremely difficult to follow the ‘business as usual’ concept and remain neutral. Global political conglomerates will unfortunately influence cyberspace and cybersecurity.
Senior Cybersecurity Engineer