Top 3 Cyber Attacks and Data Breaches of 2022

Top 3 Cyber Attacks and Data Breaches of 2022

From government bodies to tech giants, no one is immune to cybersecurity threats!

It is hard to imagine our lives without the internet nowadays. Whether we need directions, want to listen to music or just want to socialize with friends, the internet makes all of it happen. Just like us, businesses today also heavily rely on the internet. 

This reliance on the internet is a double-edged sword. On the one hand, the internet makes your life simple; on the other, it leaves you vulnerable to cybersecurity threats. According to the Sonic Mid-Year Cyber Threat Report of 2022, there have been 2.8 billion malware attacks so far this year, up by 11% when compared to 2021. To give you a sense of what these attacks look like, we have compiled a list of the top three cyberattacks and data breaches that the world has experienced in 2022. 

Costa Rica Government

In April this year, the finance ministry of the Costa Rican government was overtaken by hackers. These hackers took control of the ministry’s computer systems and demanded US$10 million to return access back to the government. When the government refused, the hackers took down around 30 government agencies. The attack, conducted by the Russian ransomware group Conti, left tax systems in the country frozen, adversely affected exports and delayed payments to workers. By May, Conti had leaked 97% of all the data that it had obtained from its hack. The situation got so out of hand that the government ended up declaring a national emergency.

Unfortunately for the Costa Rican government, this wasn’t the last cyber-attack they saw this year. In June, the Hive ransomware group set its sights on the country, demanding US$5 million in Bitcoin to return access to the country’s social security system. As a result of the attack, the government was no longer able to accurately report COVID-19 results.

The LAPSUS$ Group breaches

In February this year, one of the world’s largest Graphics Processing Unit (GPU) manufacturers, Nvidia, was hacked by the cybercriminal group LAPSUS$. As a result of this hack, crucial information, such as passwords, schematics and drivers, were leaked. The group threatened to leak further information unless Nvidia agreed to remove the crypto mining limiters it had on its graphics cards and also to make their drivers open source. 

This was the first of many data breaches the LAPSUS$ group embarked on this year. The hackers also released the source code for Microsoft’s projects, including Bing, Bing Maps and Cortana, in March. It also attacked other companies, like Ubisoft, Okta and T-Mobile, to name a few. Experts say that the group used IT or customer support vulnerabilities to break through its target company’s defenses and, in some cases, also bought login credentials from the dark web. So far, the only update on these breaches is the arrest of seven teenagers (who were allegedly involved in the aforementioned hacking incidents) in the U.K. The LAPSUS$ group claims that none of its team members have been compromised. 

Akasa Air’s data breach

India’s newest commercial airline, Akasa Air, ended up exposing the personal data of 34,533 customers because of a technical glitch on August 7 this year, the same day it began operations. The issue was first noticed by cybersecurity researcher Ashutosh Barot. He reached out to Akasa Air via Twitter but didn’t receive any official email address to report the issue on. It was only after Barot informed TechCrunch about the leak that the company sprung to action.

Barot found that the airline’s account registration process gave unauthorized people access to customer details, such as their names, gender, email addresses and phone numbers. Luckily, the travel information and payment records of the customers weren’t exposed in the data leak. This wasn’t an external hack, and as soon as the airline found out about the glitch, it shut down the sign-up service. 

What can we learn from these incidents?

If there is anything we need to take away from these recent cyber-attacks, it is that having a strong cybersecurity defense is the need of the hour. The Costa Rican government attack gives us an invaluable lesson on being prepared. While it may seem surprising that hackers could get into a country’s database, it tells us that we need to conduct regular security checks on our networks to make sure that everything is in order. Similarly, the LAPSUS$ Group’s multiple cyber-attacks tell us that while some attackers might not be very sophisticated, they can still break into a company’s system if the employees are not trained on what sort of malicious attacks they should look out for. Finally, the last entry on this list, Akasa Air, tells us to act promptly in any situation. Even the slightest delay in cases of a data breach can adversely affect your company’s public image so make sure you take these threats seriously.

Just last year, U.S. President Joe Biden discussed how cyber-attacks can turn into wars and how the capabilities of hackers are getting better and better over time. If businesses and governments do not give due diligence on cybersecurity, chances are that President Biden’s words would come true sooner rather than later. 

Also read:

Header image courtesy of Freepik


Share on facebook
Share on twitter
Share on linkedin
Share on email