Previous
Author: Dalibor Gašić / Last Updated: 01/12/2022
Reviewed By: Michael Swanagan, CISSP, CISA, CISM
View Our: Editorial Process
As data breaches become more pervasive in our interconnected world so must our understanding of modern day cyber attacks.
Our team of certified and experienced security researchers analyzed the top cyber attacks of 2022, explain the impact, and provide mitigation steps to keep you and your organization protected.
In this report, take a look back at the most significant cyber attacks in 2022, including their impact and the tactics used by the attackers.
As cyber threats continue to evolve, it is important to stay informed and proactive in safeguarding against potential attacks. This report aims to provide valuable information for organizations and individuals to stay ahead of the constantly changing threat landscape.
Related Article: How To Prevent Cyber Attacks
Our top cyber attacks for 2022 are:
On December 2nd, Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.
There are still no indicators that any user sensitive data were stolen.
Security researchers state that the ransomware attack was due to an unpatched version in the Exchange cluster which allowed the attackers to exploit the ProxyNotShell vulnerability.
Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.
During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.
On September 15th, Uber’s internal systems were compromised. The attacker managed to hack the company’s HackerOne account, gained access to a Slack account and obtained full admin on their AWS Web Services and GCP accounts.
The entry attack targeted Uber’s employees utilizing a social engineering campaign. Uber is still investigating the incident and some of their internal systems were temporarily disabled due to the hack.
Diario de Noticias, a local Portuguese news organization, on September 8th reported that the Portuguese Government Department of Defense has been a subject of a cybersecurity data breach involving leakage of sensitive NATO documents that are published and sold on the dark web.
After an investigation was performed, it was established that unsecure channels were used for transmission of data. The attack in which the data were exfiltrated was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.
In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites. Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.
Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.
TikTok denied reports that it had been compromised by the hacking group after they claimed to have gained access to an insecure cloud server. A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.
Microsoft Corporation revealed on August 31 that it has discovered a high severity vulnerability in TikTok’s Android application that could have been used by attackers to quickly compromise user accounts. It is advised for users of the TikTok video platform to update their passwords and enable two-factor authentication.
Social media platform Twitter suffered a zero-day vulnerability which allowed the attackers access to personal information of 5.4 million accounts. The vulnerability was being exploited in December 2021, but reported to Twitter through HackerOne’s bug bounty platform in January 2022.
The vulnerability allows any party without any authentication to obtain a Twitter ID of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.
Attack Updates: Data Of More Than 200 Million Twitter Users Is Leaked
On September 24, 2022 SOCRadar detected a misconfigured public bucket where Microsoft stored 2.4 TB of data. Impacted were 65,000 entities from 111 countries.
The exposed data is dated from 2017 to August 2022. Microsoft stated that SOCRadar exaggerated the scope of the data leaked.
Samsung experienced a data breach back in late July and discovered the intrusion in early August. Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.
A proposed class action accuses Samsung of not warning customers of the breach in a reasonable amount of time. Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. Although Samsung claims that neither social security numbers nor credit or debit card information was accessed.
Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.
At this year’s BlackHat USA, held Aug. 6-11 in Las Vegas, a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.
The researcher in question disassembled his terminal, or as SpaceX calls it, “Dishy McFlatface,” and managed to perform a “Voltage Fault Injection Attack,” also known as “glitching,” to load modified firmware, after which he gained full access to the antenna. After Lennert W. reported this problem and received money from Starlink for it, Starlink could not fix this problem with a software update but would have had to release new hardware.
Don’t have time to click through and read each article? No worries! We curate all of our publications into a FREE monthly newsletter – no email required.
Recent Attacks
Popular Articles
The year 2022 saw its fair share of significant vulnerabilities that made headlines and affected a wide range of systems and devices. These vulnerabilities impacted a wide range of systems and devices, including web servers, collaboration platforms, office software, and network devices.
According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.
In the second week of November, around 15,000 sites were compromised in a major search engine optimization (SEO) campaign. The threat actors established the attack to redirect the visitors of the websites to fake Q&A discussion forums.
In October 2022, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.
Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.
A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.
On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.
On September 15th, an 18 year old managed to hack Uber. The hacker reportedly gained control over the company’s internal systems leveraging social engineering techniques that led to compromising an employee’s Slack account.
Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.
Cloudflare revealed on Tuesday, August 9th that they were also targeted by the threat actors who breached Twilio and gained unauthorized access to some of its systems on August 4th.
North Korean state-sponsored cyber actors are attacking U.S. Healthcare and Public Health (HPH) Sector organizations since at least May 2021.
On April 13, 2022, Microsoft announced, in a join effort, that they had successfully disrupted the botnet distributing the ZLoader trojan.
The Kaseya ransomware attack has impacted over 50 MSPs and between 800 and 1500 companies. With a ransom note of $70 million this is quickly becoming the largest ransomware attack in history.
Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.
Dropbox confirmed thousands of names and email addresses belonging to Dropbox employees as well as API keys and other credentials were exposed in November.
Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.
Optus confirmed that a cyber attack had exposed the government identification numbers of 2.1 million of its customers.
BNB bridge exploiter is responsible for the October 4, 2022 attack, with hackers stealing two million BNB (Binance Coin) tokens, worth $570 million.
Samsung experienced a data breach back in late July and discovered the intrusion in early August and neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.
On July 21, 2022, Akamai detected and mitigated the largest DDoS attack up to this point, which has been launched against a publicly unknown Akamai European customer.
Social media platform Twitter suffered a zero-day vulnerability which allowed the attackers access to personal information of 5.4 million accounts.
Cleartrip has suffered a massive data breach where confidential data was exposed in several places on the dark web with files timestamped as recent as June 2022.
The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. I’ll repeat that: 26 million HTTPS requests per second using only 5,000 bots.
Costa Rica declared a national emergency due to an ongoing Conti ransomware campaign against several government entities in April 2022.
The threat group ZeroX is demanding $50M to prevent the public release of PII data on 14,254 employees and company intellectual property.
The Pulse Secure VPN zero-day has been exploited resulting in the breach of several undisclosed defense firms and government organizations.
The Accellion file transfer application (FTA) data breach has impacted over 100 companies, organizations, universities, and government agencies.