The Worst Cyberattacks of 2022

2020 and 2021 were record-breaking years for cyberattacks. The evolution of cybersecurity practices towards more zero-trust security accelerated by the attacks of 2020 and 2021 appear to be having a positive impact. However, 2022 was not without its own fair share of incidents.

It’s important to note most attacks in 2022 made national or worldwide news coverage because they were against large companies or government agencies. However, most cyberattacks actually affect small to medium-sized businesses and go largely unreported. Because the average cost of a successful attack on a small business is close to $200,000 and damages their reputation, 60 percent of SMBs never recover.

Global conflict saw cyberwarfare being used for the first time on a major battlefield, while mainly phishing and socially engineered attacks caused data breaches in the private sector. Here are some of the most note-worthy cyberattacks of 2022.  

Student Loan Info Breach

A data breach on student loan servicer Nelnet Servicing caused the confidential information of more than 2.5 million users to be leaked in June 2022.

An investigation in August of 2022 concluded that due to a vulnerability in its system, student loan account registration information, including names, home, email addresses, phone numbers, and social security numbers, were accessible to an unknown third party.

Twitter

In July 2022, a hacker posted on a hacking forum that they had the data of 5.4 million Twitter accounts for sale.

The stolen data included email addresses and phone numbers of celebrities, companies, and other personal accounts. The hacker said they would not accept offers “lower than $30,000” for the database.

The data breach resulted from a Twitter vulnerability discovered in January 2022.

Marriott

In mid-2022, hackers claimed to have made off with more than 20 GB of sensitive data, including guests’ credit card data information. The attackers used social engineering to trick an employee at a Marriott property into giving them access to their computer.

Capital One

A former Amazon employee was convicted for her role in a Capital One data breach. While working at Amazon Web Services (AWS), she used her knowledge of vulnerabilities in the system to steal over 100 million people’s personal information.

Because of the breach, Capital One was fined $80 million by the Office of the Comptroller of Currency and paid out $190 million in a class action lawsuit settlement.

Uber and Rockstar

A hacker allegedly hit both rideshare company Uber and video game company Rockstar.

On September 15, Uber’s internal servers were accessed after a contractor’s device was infected with malware, and their login details were sold on the dark web. The hacker accessed several other employee accounts, giving them access to several internal tools. The hacker then posted a message to a company Slack channel and reconfigured Uber’s Open DNS to display graphic images to employees on an internal site.

The same hackers also hit Rockstar Games, developer of the Grand Theft Auto (GTA) game series, and posted 90 minutes of stolen game-play on a Grand Theft Auto game fansite.

South American governments declared a national emergency because of ransomware attacks

A cyber gang sponsored by a foreign government caused significant disruptions to financial operations throughout South America and managed to cripple import/export businesses in many regions. This caused the first-ever declaration of a national emergency because of ransomware.

A second attack later in the year targeted a country’s Social Security Fund. This attack was also attributed to the same gang because of the ransomware used.

Cyberwarfare will have an impact on the private sector

In 2022, cyberwarfare mainly targeted governments worldwide; however, the impact was felt by the private sector as well. Hacker “gangs” were given free rein and resources by foreign governments to wreak havoc on the world stage, which has and will continue to significantly impact cybersecurity.

Hackers developed a staggering number of dangerous malware and ransomware variants to support military operations to cripple infrastructure. These nefarious “tools” are still in circulation and can be used by other bad actors, which makes the landscape more dangerous for private organizations.

These hacker “gangs” are expected to reach beyond the public sector and attack smaller organizations in the coming year. Given almost unlimited resources by a foreign government, these “gangs” have almost complete autonomy to attack any government, company, or organization. Therefore, ensuring your cybersecurity is up-to-date and you are prepared for a potential cyberattack is imperative.

The Whitehouse issued cybersecurity warnings and guidelines to help companies guard against and be prepared for a potential foreign cyberattack. Click here to read the fact sheet issued by the Whitehouse.

Stay vigilant in 2023

Most large organizations and governments hit with a successful cyberattack last year have large IT and cybersecurity departments. These IT teams were able to mitigate the damage caused by the attack and prevent further damage or data losses.

Without proper security, most SMBs will not know they were compromised until it’s too late. Therefore, every organization needs to have up-to-date tools and a team of cybersecurity professionals to protect against and mitigate the impact of a successful cyberattack.

Discover how a team of IT experts from tca SynerTech can be affordable for every business. Smaller organizations can have the peace of mind that comes with an entire IT department for less than the cost of a single minimum wage employee.

With tca SynerTech on your side, you can rest assured that we will stay on top of potential emerging threats and help protect your IT systems before a significant issue. Contact tca SynerTech today to learn more about how to protect your organization from cyber threats in 2023.