Each year, there are highs and lows, ups and downs, and this also applies to the world of cybersecurity. While great enhancements and developments were made in the industry in 2022, there were of course also cyber attacks that impacted us as well. Below, we will take a look at just some of the most noteworthy cybersecurity events that occurred over the last 12 months.
Q1 - January-March
Crypto.com Data Breach - In January of 2022, an attack took place which took advantage of the most basic building block of cybersecurity - passwords. Cybercriminals perpetrated an attack against cryptocurrency company crypto.com early this year in which they stole cryptocurrency from 500 users totalling an estimated $33 million between two major currencies Bitcoin and Ethereum.
Samsung Data Leak - Confidential information was accessed by extortion group Lapsus$ in 2022 and then leaked to the public. This information stolen from Samsung is expected to be roughly 190 GB of data including algorithms for all biometric unlock operations and source code for Samsung’s activation servers, among other information.
Microsoft Thwarts Hacking Group - The same group that went after Samsung, Lapsus$, also went after tech giant, Microsoft; however, for Microsoft, the attack was able to be thwarted by the company’s security team rather quickly, and in this case, allowed the business to realize a vulnerability that they have since worked to build up and defend against.
Q2 - April-June
Verizon Wireless Social Engineering - In May, hackers were able to steal a Verizon employee database after duping an employee into granting the malicious actor remote access. This form of attack, known as social engineering, occurs when a person who legitimately is associated with the company, such as the Verizon employee, is coerced by the attacker in order for the cyber attack to be perpetrated - in this case, the hacker acted as a support representative and was then granted remote access, giving them the ability to view names, email addresses, and corporate identification numbers for hundred of employees.
OpenSea Data Breach - OpenSea is an NFT marketplace and this company suffered a data breach on June 29th after an employee of the company’s email delivery vendor “misused their employee access to download and share addresses provided by OpenSea users with an unauthorized external party.”
Q3 - July-September
Marriott Data Breach - As we have seen from other breaches that occurred this year, Marriott’s breach was the result of a social engineering or trickery scam. The hacking group duped an employee into handing over access to their computer, resulting in the hacking group obtaining access to what is reportedly over 20 GB of data stolen from the BWI Airport Marriott’s server and affecting somewhere between 300-400 customers.
Plex Data Breach - In August, media server company, Plex, suffered a major data breach which resulted in the login credentials of millions of users being exposed to attackers. The company urged users to update their passwords following the findings, but in an attempt to reduce fear and stress in the hearts and minds of customers, reminded them that no financial data was tied to the affected servers.
Q4 - October-December
Verizon PII Theft - Verizon Wireless appears on our list again after an attack in October, between the 6th and 10th of the month, resulted in the theft of personally identifiable information (PII). The stolen information was then used for an attack known as SIM swapping, which is a form of identity theft in which your phone number is taken by someone who is not you and they are able to send messages and make calls that appear to be coming from you. Yet again for the company, this attack was believed to have been related to some social engineering.
Bed Bath & Beyond Phishing Scam - A data breach which was initiated via a phishing scam impacted Bed Bath & Beyond in 2022. In this case, an employee was the one who was duped by the phishers, but thankfully, the company stated that they felt there was “no reason to believe” any sensitive information or PII was accessed in this attack. This example as well as those seen by Verizon in which social engineering was used shows the major importance of continuous employee training to avoid malicious actors online!