This year was a landmark year for Fiji and many nations around the world. In particular for us the change in the Fijian government after 16 years.
Also as reported in wired. com and hacker news groups 2022 was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.
With the pandemic evolving into new phases with variants and political polarisation on the rise around the world, 2022 was an uneasy and often perplexing year in digital security.
And while hackers frequently leaned on old favourites like phishing and ransomware attacks, they still found vicious new variations to subvert cyber defences.
Here’s a look back on the year’s worst breaches reported in wired. com and other online sources – leaks, ransomware attacks, state-sponsored hacking campaigns, and digital takeovers.
If the first years of the 2020s are any indication, the digital security field in 2023 will be more unpredictable than ever.
Russia hacking Ukraine
For years, Russia has assaulted Ukraine with brutal cyber-attacks causing blackouts, stealing and destroying data, meddling in elections, and releasing destructive malware to ravage the country’s networks since invading Ukraine in February, though, times have changed for some of Russia’s most prominent and most dangerous military hackers. Shrewd APT or long-term campaigns and grimly ingenious hacks have largely given way to more regimented intrusions into Ukrainian institutions, reconnaissance, and widespread destruction on the network—and then repeated access over and over again, whether through a new breach or by maintaining the old access. The Russian playbook on the physical battlefield and in cyberspace seems to be the same: one of ferocious bombardment that projects might and causes as much pain as possible to the Ukrainian government and its citizens. Ukraine has not been digitally passive during the war, though. The country formed a volunteer “IT Army” after the invasion, and it, along with other actors around the world, have mounted DDoS attacks, disruptive hacks, and data breaches against Russian organisations and services. This is the new face of warfare as cyberspace has become another battlefield. Mid-year, a group of researchers dubbed 0ktapus (also sometimes known as “Scatter Swine”) went on a massive phishing bender, compromising nearly 10,000 accounts within more than 130 organisations. The majority of the victim institutions were USbased, but there were dozens in other countries as well, according to researchers. The attackers primarily texted targets with malicious links that led to fake authentication pages for the identity management platform Okta, which can be used as a single sign-on tool for numerous digital accounts. The hackers’ goal was to steal Okta credentials and two-factor authentication codes so they could get access to a number of accounts and services at once. One company hit during the rampage was the communications firm Twilio. It suffered a breach at the beginning of August that affected 163 of its customer organisations. Twilio is a big company, so that only amounted to 0.06 per cent of its clients, but sensitive services like the secure messaging app Signal, two-factor authentication app Authy, and authentication firm Okta were all in that slice and became secondary victims of the breach. Since one of the services Twilio offers is a platform for automatically sending out SMS text messages, one of the knock-on effects of the incident was that attackers were able to compromise twofactor authentication codes and breach the user accounts of some Twilio customers.
Ransomware still hitting the most vulnerable targets
In recent years, countries around the world and the cybersecurity industry have increasingly focused on countering ransomware attacks. While there has been some progress on deterrence, ransomware gangs were still on a rampage in 2022 and continued to target vulnerable and vital social institutions, including health care providers and schools. Meanwhile, in November, the US Cybersecurity and Infrastructure Security Agency, the FBI, and the Department of Health and Human Services released a joint warning about the Russia-linked ransomware group and malware maker known as HIVE. The agencies said the group’s ransomware has been used to target over 1300 organisations around the world, resulting in roughly $100 million in ransom payments from victims. “From June 2021 through at least November 2022, threat actors have used Hive ransomware to target a wide range of businesses and critical infrastructure sectors,” the agencies wrote, “including government facilities, communications, critical manufacturing, information technology, and especially healthcare and public health.” The digital extortion gang Lapsus$ was on an intense hacking spree at the beginning of 2022, stealing source code and other sensitive information from companies like Nvidia, Samsung, Ubisoft, and Microsoft and then leaking samples as part of apparent extortion attempts. Lapsus$ has a sinister talent for phishing, and in March, it compromised a contractor with access to the ubiquitous authentication service Okta. The attackers appeared to be based primarily in the UK, and at the end of March, British police arrested seven people in association with the group and charged two at the beginning of April.
LastPass
The beleaguered password manager giant LastPass, which has repeatedly dealt with data breaches and security incidents over the years, said at the end of December that a breach of its cloud storage in August led to a further incident in which hackers targeted a LastPass employee to compromise credentials and cloud storage keys. The attackers then used this access to steal some users’ encrypted password vaults—the files that contain customers’ passwords—and other sensitive data. Additionally, the company says that “some source code and technical information were stolen from our development environment” during the August incident.
Vanuatu
Closer to home at the beginning of last month, Vanuatu was hit by a cyberattack that took down virtually all of the government’s digital networks. Agencies had to move to conducting their work on paper because emergency systems, medical records, vehicle registrations, driver’s license databases, and tax systems were all down. The country has a population of just over 315,000 people. At the beginning of December, a month after the initial attack, government officials said that systems had only been 70 per cent restored. The situation has the symptoms of a ransomware attack, but the government hasn’t provided details about the hack or who may have been behind it. This is similar to an attack on Fiji’s Govnet systems in April last year. This seems to be a growing trend and ransomware poses a significant threat to government digital infrastructure around the world. Some of these are critical infrastructure and can impact national security. Earlier this year, the notorious Russia-linked Conti ransomware gang hit the Costa Rican government, paralysing the country and particularly its import/export systems for months, leading to major financial losses amidst the chaos of day-to-day operations. On a side note Twitter has been in chaos mode for months following Elon Musk’s acquisition of the company earlier this year. Amidst the tumult, reports surfaced in July and then again in November of a trove of 5.4 million Twitter users’ data that has been circulating on criminal forums since at least July, if not earlier. The data was stolen by exploiting a vulnerability in a Twitter application programming interface, or API, which was fixed in January. A lot of the data in the trove is public, like names, Twitter IDs, tweet locations, and verified status. However, this doesn’t mean such a breach is inconsequential, since a collection of data in one place is still valuable to attackers and identity thieves. Additionally, though, the stolen data contained non-public information like email addresses and phone numbers. Meanwhile, some researchers also found evidence of an even more massive collection of 17 million records stolen by exploiting the same API flaw. That trove has not leaked publicly, though, and has not been fully vetted. With Musk bringing huge changes to Twitter, emerging competitors like Mastodon received mass influxes of new signups, flooding servers and causing disruptions as other social networks scrambled to scale and meet the demand. This will probably lead to security loopholes as engineers work to meet sales targets and management requirements. Wishing you all a very happy and prosperous New Year! God bless you all and your families. Stay safe these holidays in both digital and physical worlds.
• ILAITIA B. TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and are not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@ cyberbati.com
