What does cybersecurity have in common with Halloween?

Every year, Halloween brings us fresh horrors and surprises. That’s an average day for a cybersecurity professional. Cyberattacks are dangerous in their own right, and external factors such as natural disasters can have an impact on digital security as well.

Hacks, data breaches, digital frauds, and ransomware assaults of unprecedented scale have persisted throughout the first 10 months of this complex year, which has also seen a surge in global inflation and skyrocketing energy prices. Cybersecurity flaws and digital attacks have shown to be deeply entwined in many facets of life, particularly in light of the global economic instability, geopolitical turbulence, and severe human rights battles that have been dragging on for years.

Let’s look at some of the most interesting (and spookiest) security incidents of 2022.

The Ukraine kinetic and cyberwar

Ukraine’s power infrastructures, online networks, and banks have all come under attack from Russia for a long time. Since the beginning of actual fighting, this has spread to include military and administrative infrastructures. Ukraine has launched its own cyberattacks since the conflict began. They organized themselves into an “IT Army” of volunteers and utilized a website identifying Russian targets to break into several Russian networks and disrupt services.

Maybe the most interesting of the breaches was the cyberattack against the satellite company Viasat which took place an hour before Russia’s invasion on 24 February. The United States, United Kingdom, and European Union attributed the attack to Russia — although they did not implicate a specific agency in the country — while EU and NATO member Estonia attributed it to the GRU, the Russian military’s main intelligence directorate.

In addition to disrupting the communications of the Ukrainian government and military, the attack on Viasat also disabled 5,800 German wind turbines by bricking their routers for remote maintenance systems. Tens of thousands of Viasat terminals were destroyed beyond repair, the company said.

Attacks against governments

In April, the Russia-linked cybercrime gang Conti launched one of the most devastating ransomware assaults to date, bringing Costa Rica to a grinding standstill. Because of the terrorist attack on the Ministry of Finance, imports and exports in Costa Rica have been halted, costing the economy daily losses in the tens of millions of dollars. One security expert called Conti’s effort “unprecedented,” and the attack prompted the president of Costa Rica to declare a “national emergency.” This was the first time a country has done so in response to a ransomware attack.

The Total Information Management System, which was intended to monitor people coming into and leaving Albania, was briefly shut down in September 2022 after Iranian hackers attacked Albanian computer infrastructure. The Albanian government’s decision to cut ties with Iran, the accompanying American sanctions, and the condemnation of an Iranian hack against Albania in July all preceded this latest incident. The Albanian government’s networks were attacked by Iranian actors in July, resulting in the loss of data and the suspension of government services.

The same month, criminals attacked Montenegro’s government networks, rendering Montenegro’s main state websites and government information platforms inaccessible. Other (?) criminals targeted the state-level parliamentary website of Bosnia and Herzegovina, rendering the sites and servers inaccessible for multiple weeks.

Lapsus$ rises to fame

In the first few months of 2022, the digital extortion group Lapsus$ launched a massive hacking spree, causing data breaches all over the globe. The gang first surfaced in December, when it started stealing source code and other valuable material from increasingly high-profile and sensitive firms like Nvidia, Samsung, and Ubisoft, and then disclosing it in apparent extortion tactics. The organization hit its peak in March when it revealed it had compromised a contractor with access to the internal systems of the authentication provider Okta and exposed pieces of Microsoft’s Bing and Cortana source code.

It appears that the attackers, who were primarily headquartered in the United Kingdom and South America, used phishing attacks to gain access to their targets’ networks. British police detained seven people at the end of March and formally charged two at the start of April as having links to the group. Although the group was believed to be in a dormant state, Cisco announced that their breach “was conducted by an adversary that has been previously identified as an initial access broker (IAB) with ties to both UNC2447 and Lapsus$.”

Breaches can occur even with cryptocurrencies!

Tools and services for storing, exchanging, and otherwise handling cryptocurrency have developed at a dizzying pace as the cryptocurrency ecosystem has matured. However, there have been some mistakes made along the way due to the quick expansion. Cybercriminals have been all too happy to take advantage of these oversights, routinely making off with hundreds of millions of dollars worth of cryptocurrencies.

North Korea’s Lazarus Group, for instance, notoriously stole $540 million worth of Ethereum and USDC stablecoin through the widely used Ronin blockchain “bridge” at the end of March. Meanwhile, in February, hackers stole around $321 million worth of Wormhole’s Ethereum variation by exploiting a vulnerability in the Wormhole bridge. In April, hackers stole around $182 million worth of cryptocurrency by attacking the stablecoin protocol Beanstalk.

Healthcare data are attractive!

In March, Shields Health Care Group, a medical services company based in Massachusetts, experienced a breach that exposed the personal information of about two million patients. With Shields’ reliance on relationships with medical facilities, the ripple effects of this might be felt far and wide. Up to 53 different hospitals and the patients they serve may be impacted.

In August of this year, a ransomware attack crippled Advanced, a UK-based MSP for the NHS. The National Health Service (NHS) experienced widespread disruption as a result. Specifically, Advanced enlisted Microsoft and Mandiant to assist with triage and investigations. Another American MSP, NetStandard, had to suspend its ‘MyAppsAnywhere’ cloud services after being hacked.

Uber is halted in a traffic jam!

In September, a youngster managed to gain total access to Uber’s internal systems. It appears he utilized a technique known as an MFA Fatigue attack, in which, once an employee’s credentials have been stolen, the attacker floods the person with authentication requests, typically via the employee’s mobile device.

The worker initially rejected them since they were not authenticating, but the attacker later contacted him over WhatsApp, claiming to be from Uber IT, and saying that he needed to accept the authentication request or else it would keep coming. The worker had finally had it with the constant requests and gave in. This allowed the adversary to compromise the MFA by inserting a second device of his own. What happened afterward is history.

Cyber-attacks using drones?

I have left the spookiest of attacks (although it was just an attempt) for last.

For some years now, speculation has circulated about the possibility of using drones to carry out cyber intrusions. Greg Linares, a researcher in cyber security, has personally discovered three similar efforts in the past two years. In the most recent case, an unnamed financial institution experienced suspicious behavior on its internal confluence network. They found that a malicious gadget was connected to their Wi-Fi system. Using signal detectors, they tracked down two drones to the building’s rooftop.

One, a modified DJI Phantom was carrying a Wi-Fi pineapple and the other, a more powerful drone with more lifting capability, a DJI Matrice 600, carried a Raspberry Pi, a mini laptop(!), a 4G modem, a Wi-Fi device, and batteries. It seems likely that some sort of initial Wi-Fi spoofing attack could have garnered internal credentials allowing access to the internal network.

Perhaps thankfully, the anomalous behavior on the internal network was detected early, limiting the incident’s total impact. The assailants crashed one of the drones when they discovered they had been rumbled. The approximate price tag for all the gear is $15,000.

All these real-life stories prove that cybercriminals can move in notorious ways if they want to succeed in their nefarious goals. Unlike the simple question “trick or treat”, cybersecurity is a much more complex issue that requires thoughtful and informed decision-making. Everyone must be alert, especially in the coming festive season, which is the criminals’ favorite time of the year.

Do you want to discuss this topic with one of our experts? Please visit our Contact Us page to request more information or connect with a Subject Matter Expert (SME).