Key Cyber Moments Of 2022: What Happened And What Have We Learned?
By SureCloud’s experts Nick Rafferty, Hugh Raynor and Chris Cohen and Chris Burton from SureCloud
Published on 20th January 2023
Whether it’s governments, big corporations, or individuals, any organization with an internet connection is a possible target for hackers. As a result, cybercrime has unfortunately become big business and numerous high-profile attacks hit the headlines over the last year.
Organizations of every size are reaching for more effective cybersecurity risk management software, services, and solutions to protect their assets and data.
As we enter a new year, the frequency and sophistication of these attacks show no sign of slowing down. Throughout 2022, we shared regular updates on the current cybersecurity landscape via our monthly cyber threat briefings – you can still catch up on any episodes you missed.
In the meantime, we asked our team of experts to pick out some of the biggest incidents that took place over the past 12 months, as well as their key learnings for 2023.
Here’s what they said.
Hugh Raynor: Russian Ukraine conflict – the digital battleground
State-sponsored cyberattacks are becoming increasingly common and the battleground for geopolitical conflicts is no longer restricted to physical borders. This was demonstrated in February 2022 when Russia invaded Ukraine. Leading up to the invasion there was an 1,885% increase in cyberattacks on government targets and 89% of worldwide attacks targeted Russian or Ukrainian organizations.
As a result of the conflict, governments and organizations across the globe have been quick to pledge support for Ukraine’s cyber defenses. US Cyber Command has provided remote analytic support and conducted network defense activities, the UK is investing over £6 million to boost Ukraine’s current cyber defenses, and the EU has mobilized its Cyber Rapid Response Team to help defend Ukraine and its critical infrastructure from the threat of malicious attacks.
In addition to this international support, there is also a group of almost 400,000 volunteers, known as Ukraine’s IT army, who are actively launching cyberattacks against Russian targets.
For your security strategy to be successful it’s vital to take a global view of the current threat landscape.
Chris Burton: Log4j – Iranian cyberspies hack US government network
Further evidence of state-sponsored attacks came in November 2022 when it emerged Iranian cyberspies had exploited an unpatched flaw in Log4j to gain access to the US government network.
As a result, they were able to illegally mine for cryptocurrency, steal credentials and change user passwords. Their activity went undetected for several months, having initially gained access via Log4Shell in February 2022.
The Cybersecurity & Infrastructure Security Agency (CISA) had issued an emergency directive in November 2021 that required federal agencies to patch the flaw by December 23rd that year. This would have prevented the incident, but the patch was not installed.
You can spend thousands, if not hundreds of thousands of dollars on the latest security software, but if the individuals responsible for using it don’t spot the flagged issues, your network could be susceptible to multiple breaches.
The human element is always the weakest link when it comes to implementing cybersecurity defenses .
Nick Rafferty: Rockstar Games – hacker threatens brand reputation
In September 2022 a hacker leaked 90 unseen clips of the yet-to-be-released video game, Grand Theft Auto 6. The individual responsible targeted Rockstar Games Slack servers and used social engineering to obtain the footage. They also claimed to have stolen the games source code; however, this was later denied by Rockstar Games.
The impact of such a breach is highly significant. Grand Theft Auto 6 is predicted to be the biggest selling video game of all time, so the reputational damage could be huge, not to mention the impact on the share price of Rockstar Games’ parent company, Take Two.
A lack of communication and transparency following a breach can have a significant impact on your organization’s reputation and value.
Hugh Raynor: Uber – Multiple attacks in a matter of months
Ride-hailing giant Uber fell victim to a hacker who gained access by phishing an Uber employee via text message. The attacker claimed to be a member of Uber’s corporate IT team and secured the individual’s personal login details.
In yet another example of social engineering, the hacker caused a near total compromise of Uber’s network and was able to access the vast majority of the company’s internal resources including its VPN, Intranet and Slack servers.
This wasn’t the first time Uber has fallen victim to a data breach, nor was it the last. In December 2022, they suffered another attack after information was stolen via a third party and published on the dark web. These events follow on from 2017 when they were also fined $148 million for attempting to cover up a breach that impacted 57 million user accounts.
The versatility of social engineering means it’s almost impossible to completely eliminate it as a threat.
Chris Cohen: ADCS – a vulnerability few saw coming
A vulnerability that had flown under the radar for around 50% of the organizations that we consulted in 2022 came from misconfigurations in Active Directory Certificate Services (ADCS). Tools to exploit these vulnerabilities have existed for a couple of years, but in the last twelve months, the tooling has improved, and additional escalation paths have also been found.
This significantly increases the risk of a threat actor being able to take over a domain. In fact, in most cases where this was found, our consultants were able to become domain admins from a standard user within a very short amount of time. It can easily be fixed with a reconfiguration, so engage with your cybersecurity consultant to ensure they have this covered.
One misconfiguration in ADCS can lead to a multitude of vulnerabilities which puts your organization at risk of an attack.
Key learnings for 2023
The above examples are just a snapshot of the cybersecurity landscape in 2022. The reality is, however, that attacks are becoming more frequent, and the individuals who launch them are becoming more sophisticated.
Having a robust cybersecurity strategy in place — combining cybersecurity risk management software with expert services and consulting — should be top of your to-do list in 2023.
What are some of the learnings we can take from the past 12 months, and what can you do to better protect your organization?
- Patching: It may seem simple, but ensuring you have the latest software patches in place is paramount. Patches are there to stem the impact and aftereffects of an attack. If you fail to implement them, the repercussions for your organization and partners can be catastrophic.
- Vulnerability Assessments and PEN Testing: Regular testing and assessments can help protect your organization from a potentially devastating cyber attack. Incorporating monthly vulnerability scanning or continuous PEN testing into your cybersecurity strategy should be a priority for 2023.
- Educate and upskill staff: The processes you have in place to protect your organization are only as good as the people who implement them. When developing your security strategy, incorporate the ‘human element’ by committing to investment in enhancing the knowledge and skills of employees.
- Seek external advice: Utilize the skills and expertise of an external provider. Not every organization has the resources available to conduct regular testing, patching, or training, so ease the burden by reaching out to experts who can verify your current security posture and make recommendations for the future.
SureCloud’s cybersecurity risk management software and services
To learn more about the latest cyber threats to your organization, and what steps you can take to protect critical infrastructure, check out our Capability-Centric GRC & Cyber Security Podcast, register for our Cyber Threat Briefing webinar.
Alternatively, take a look at how we’ve invested our GRC expertise into our comprehensive Cyber Risk Management Capability.