Top Cyber Attacks In 2022

Learn about PurpleSec’s fully managed vulnerability management services.

Author: Dalibor Gašić / Last Updated: 01/12/2022

Reviewed By: Michael Swanagan, CISSP, CISA, CISM

View Our: Editorial Process

As data breaches become more pervasive in our interconnected world so must our understanding of modern day cyber attacks.

Our team of certified and experienced security researchers analyzed the top cyber attacks of 2022, explain the impact, and provide mitigation steps to keep you and your organization protected.

Our Top 10 Cyber Attacks For 2022

In this report, take a look back at the most significant cyber attacks in 2022, including their impact and the tactics used by the attackers.

As cyber threats continue to evolve, it is important to stay informed and proactive in safeguarding against potential attacks. This report aims to provide valuable information for organizations and individuals to stay ahead of the constantly changing threat landscape.

Related Article: How To Prevent Cyber Attacks

Our top cyber attacks for 2022 are:

1. Rackspace Ransomware Attack
2. Cisco Suffers Cyber Attack
3. Uber’s Internal Systems Compromised
4. Sensitive NATO Data Leaked
5. US Airport Websites Hacked
6. TikTok Denies Cyber Attack
7. Twitter Zero-Day Exposed Data
8. 2.4 TB Microsoft Data Leak
9. Samsung Exposes PII
10. Starlink Dish Hacked

1. Rackspace Ransomware Attack

On December 2nd, Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.

There are still no indicators that any user sensitive data were stolen.

Security researchers state that the ransomware attack was due to an unpatched version in the Exchange cluster which allowed the attackers to exploit the ProxyNotShell vulnerability.

2. Cisco Suffers Cyber Attack By UNC2447, Lapsus$, & Yanluowang

Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.

During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.

3. Uber’s Internal Systems Compromised By An 18 Year Old

On September 15th, Uber’s internal systems were compromised. The attacker managed to hack the company’s HackerOne account, gained access to a Slack account and obtained full admin on their AWS Web Services and GCP accounts.

The entry attack targeted Uber’s employees utilizing a social engineering campaign. Uber is still investigating the incident and some of their internal systems were temporarily disabled due to the hack.

4. Sensitive NATO Data Leaked After Cyber Attack

Diario de Noticias, a local Portuguese news organization, on September 8th reported that the Portuguese Government Department of Defense has been a subject of a cybersecurity data breach involving leakage of sensitive NATO documents that are published and sold on the dark web.

After an investigation was performed, it was established that unsecure channels were used for transmission of data. The attack in which the data were exfiltrated was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.

5. Russian Hacktivists, Killnet, Take Down US Airport Websites

In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites. Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.

Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.

6. TikTok Denies Cyber Attack: Did It Really Happen?

TikTok denied reports that it had been compromised by the hacking group after they claimed to have gained access to an insecure cloud server. A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.

Microsoft Corporation revealed on August 31 that it has discovered a high severity vulnerability in TikTok’s Android application that could have been used by attackers to quickly compromise user accounts. It is advised for users of the TikTok video platform to update their passwords and enable two-factor authentication.

7. Twitter Zero-Day Exposed Data Of 5.4 Million Accounts

Social media platform Twitter suffered a zero-day vulnerability which allowed the attackers access to personal information of 5.4 million accounts. The vulnerability was being exploited in December 2021, but reported to Twitter through HackerOne’s bug bounty platform in January 2022.

The vulnerability allows any party without any authentication to obtain a Twitter ID of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.

Attack Updates: Data Of More Than 200 Million Twitter Users Is Leaked

8. 2.4 TB Data Leak Caused By Microsoft’s Misconfiguration

On September 24, 2022 SOCRadar detected a misconfigured public bucket where Microsoft stored 2.4 TB of data. Impacted were 65,000 entities from 111 countries.

The exposed data is dated from 2017 to August 2022. Microsoft stated that SOCRadar exaggerated the scope of the data leaked.

9. Samsung Exposes Personal Information In Recent Data Breach

Samsung experienced a data breach back in late July and discovered the intrusion in early August. Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.

A proposed class action accuses Samsung of not warning customers of the breach in a reasonable amount of time. Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. Although Samsung claims that neither social security numbers nor credit or debit card information was accessed.

Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.

10. Space X’s Starlink Dish Hacked

At this year’s BlackHat USA, held Aug. 6-11 in Las Vegas, a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.

The researcher in question disassembled his terminal, or as SpaceX calls it, “Dishy McFlatface,” and managed to perform a “Voltage Fault Injection Attack,” also known as “glitching,” to load modified firmware, after which he gained full access to the antenna. After Lennert W. reported this problem and received money from Starlink for it, Starlink could not fix this problem with a software update but would have had to release new hardware.

2022 Cyber Attack Newsletters

Don’t have time to click through and read each article? No worries! We curate all of our publications into a FREE monthly newsletter – no email required.