Let’s not mince words: 2022 has been a rough and tumble year across the world when it comes to cybersecurity. It kicked off with Russia’s cyber-attacks on the Ukraine and escalated into a full-on kinetic war between the two countries. Many watched in horror as continuous new debacles and emerging threats unfolded throughout the year, Many of us in the cybersecurity profession were called to new challenges, doing battle deep in the trenches to proactively prevent the next big event. Let’s take a look back at the biggest cyberattacks, threats, and data breaches to rock the world in 2022.
A Whole Country Goes Offline
In a stunning example of civic cyberattacks, the rogue cybercrime group, Conti, attacked the core of everyday life in the peaceful and beautiful country of Costa Rica. They demanded millions in ransomware, attacked health systems, and disrupted national businesses, forcing government officials to declare a national emergency. In time, as the attacks continued for months on end, the government declared the incidents acts of war and terrorism. These attacks were too numerous to outline in detail here, but in many cases, operations were forced offline, and the associated business costs were estimated to have cost the country $30 million dollars each day that they continued. After prolonged attacks, the country had to call on help from the United States, Microsoft, and other countries to help deal with the crisis.
These events highlighted the need for cybersecurity to become a national priority and the need for countries to quickly invest in cyber defense and recovery capabilities at the national level.
Healthcare: A Continued Top Target
A year’s worth of breaches and data thefts left a long list of companies trying to recover in the aftermath. We’ll highlight one industry that was particularly hard hit in 2022: healthcare.
Healthcare providers came under heavy attack throughout the year. Criminals have targeted healthcare organizations for a long time due to the variety of valuable data these organizations usually handle and store. The stakes have escalated in recent years, as these hacks can be lucrative multiple ways for cyber criminals. They can extract lucrative ransoms as well as resell the ill-gotten data to commit financial fraud, making personal information a data goldmine for a breacher.
Subsequently, hackers have become dedicated to infiltrating vulnerabilities in a healthcare network’s security. The list of 2022 security incidents involving healthcare was extensive:
· The Baptist Health System of Texas announced a major breach over the summer, informing the public of a significant loss of sensitive patient data.
· Kaiser Permanente, the largest nonprofit health plan provider in the US, endured a breach and loss of information for almost 70,000 patients.
· Later in the year, another incident emerged where the EHR (Electronic Health Records) system was inappropriately accessed by an employee, further highlighting the risk of internal threats.
· Shields Health Care Group of Massachusetts endured a breach that affected as many as two million patients.
These are services that cannot endure a shutdown in the aftermath of a breach and must continue operations. Disaster-level operations kick in under these circumstances, from tertiary networks to data recovery, to paper-based operations, and more, each organization must find a way to operate until the threat can be assessed and purged in the wake of a breach. A renewed focus on disaster recovery was one of the themes we highlighted throughout the year, and this trend will grow in emphasis for 2023.
Google Became A Security Player With Mandiant
The cloud wars. We all know AWS is king in the market, with Microsoft’s Azure just behind it, and Google’s Cloud Platform (GCP) placing somewhere as a distant third behind that. For some time, Azure has held the unique position of being the cloud solution that is a security platform first. AWS and Google couldn’t really say that until the news of the $5.4 Billion acquisition of Mandiant by Google.
This transaction positions the search and advertising giant in a completely different cloud offering posture. With an evolved and integrated security foundation, GCP can compete on more than price and features and is poised to leverage their differentiating machine learning features to clients throughout the industry.
Cyber Insurance Rates Skyrocketed
If there’s one thing we know, the cost of everything seems to be on the way up and that includes insurance premiums. All the talk about cyber threats and breaches have driven up the cost of becoming cyber insured, especially in the wake of ransomware events. A year ago, it looked like this insurance niche was facing insurmountable troubles and needed to reassess the way it operated. Criminals routinely attacked their way through layers of security, probing for weaknesses and information in their adaptive and advanced tactics, causing insurers to severely deplete their cash reserves.
The Cyber Insurance industry has evolved in a positive direction this year as it tightened up underwriting standards that addressed implementing more appropriate controls, system checks, and monitoring capabilities than ever before. Insurers now routinely question whether organizations have implemented a comprehensive security solution, that includes testing and training their employees on phishing and social engineering, recognizing security incidents, password behaviors, endpoint protection, and more.
Cyber Developments with Russia and the Ukraine
Modern warfare often begins with cyber warfare through various channels including the manipulation of information, attacks on infrastructure services, election influence, and reconnaissance. The kinetic conflict in the Ukraine was predicated upon years of digital misinformation and cyberattacks by their Russian adversaries. These attacks escalated into destructive cyberattacks against core service targets and soon thereafter, troops on the ground arrived for a military invasion.
There are two sides to this story however, as Ukrainian forces have worked to fight back, keeping services online and mounting attacks of their own against Russia by using disruptive attacks against their invaders. The whole conflict is playing out on a digital level like a game of cyber chess. The maelstrom has also enticed gold-hearted hacktivists to join in on the action, leveraging massive DDoS attacks, malware attacks, and more against Russian infrastructure.
Catching the Bad Guys
More than ever, we saw efforts to catch and convict cyber criminals increase throughout the year:
· On March 23, a 22-year-old Russian national named Igor Dekhtyarchuk was indicted in a Texas Federal courtroom for his part in operating a cybercriminal marketplace where compromised data was openly sold to thousands of other cybercriminals. He remains at large and still wanted by the FBI.
· In another case, a group of cybercriminals were indicted under a RICO conspiracy in a Miami Federal courtroom for running an elaborate fraud operation involving tax returns, fake business entities, stolen identities, and more to file and collect tax refunds.
· In September, the popular game publisher Rockstar Games was breached and lost some of its non-public data to forums on the internet.
· A 17-year-old British hacker was later arrested and linked to hacks against Microsoft and Uber.
As discussed throughout the year, it’s time to put the pressure on the bad guys. Reducing cybercrime activity demands stiff repercussions for those doing the crime in the first place.
A MEGA Web DDoS attack
The perpetrators remain at large, and it remains to be seen what their ultimate intent was, but Google endured a massive, distributed denial of service (DDoS) attack in June, which some describe as the largest ever reported. The application-level attack exceeded more than one hour in duration and peaked at a reported 46 million requests per second. It also implemented more than 5,000 origin IP addresses across more than 130 countries.
Benjamin Franklin famously claimed that nothing is certain except death and taxes. But the cyber age compels us to add a third unfortunate inevitability to that list: bigger, faster, and evolving cyber threats. And those that don’t evolve their security posture to be as comprehensive as possible may experience financial, commercial, and regulatory ruin.
This article was originally published in Forbes, please follow me on LinkedIn.