SecureTrust Cybersecurity
Contents
August 2023 HIPAA Data Breaches

top Cyber Attacks in 2022

As data breaches become more pervasive in our interconnected world so must our understanding of modern day cyber attacks.

Our team of certified and experienced security researchers analyzed the top cyber attacks of 2022, explain the impact, and provide mitigation steps to keep you and your organization protected.

Our Top 10 Cyber Attacks For 2022

In this report, take a look back at the most significant cyber attacks in 2022, including their impact and the tactics used by the attackers.

As cyber threats continue to evolve, it is important to stay informed and proactive in safeguarding against potential attacks. This report aims to provide valuable information for organizations and individuals to stay ahead of the constantly changing threat landscape.

Related Article: How to Prevent Cyber Attacks

Our top cyber attacks for 2022 are:

  1. Rackspace Ransomware Attack
  2. Cisco Suffers Cyber Attack
  3. Uber’s Internal Systems Compromised
  4. Sensitive NATO Data Leaked
  5. US Airport Websites Hacked
  6. TikTok Denies Cyber Attack
  7. Twitter Zero-Day Exposed Data
  8. 2.4 TB Microsoft Data Leak
  9. Samsung Exposes PII
  10. Starlink Dish Hacked

On December 2nd, Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.

There are still no indicators that any user sensitive data were stolen.

Security researchers state that the ransomware attack was due to an unpatched version in the Exchange cluster which allowed the attackers to exploit the ProxyNotShell vulnerability.

Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.

During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s browser were being synchronized.

On September 15th, Uber’s internal systems were compromised. The attacker managed to hack the company’s HackerOne account, gained access to a Slack account and obtained full admin on their AWS Web Services and GCP accounts.

The entry attack targeted Uber’s employees utilizing a social engineering campaign. Uber is still investigating the incident and some of their internal systems were temporarily disabled due to the hack.

Diario de Noticias, a local Portuguese news organization, on September 8th reported that the Portuguese Government Department of Defense has been a subject of a cybersecurity data breach involving leakage of sensitive NATO documents that are published and sold on the dark web.

After an investigation was performed, it was established that unsecure channels were used for transmission of data. The attack in which the data were exfiltrated was constructed in such a manner that it was undetectable and it was launched through a bot network that was primarily designed to obtain sensitive data.

In October of this year, a pro-Russian hacker group claimed responsibility for hacking several US airport websites. Although this was widely reported in our cyber circles, it was just another DDoS attack on US airport websites by the notorious “Killnet” hacking group.

Killnet – a pro-Russia hacker group known for conducting DoS (denial of service) and DDoS (distributed denial of service) attacks on government institutions and private companies in several countries during the Russian invasion of Ukraine in 2022.

TikTok denied reports that it had been compromised by the hacking group after they claimed to have gained access to an insecure cloud server. A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.

Microsoft Corporation revealed on August 31 that it has discovered a high severity vulnerability in TikTok’s Android application that could have been used by attackers to quickly compromise user accounts. It is advised for users of the TikTok video platform to update their passwords and enable two-factor authentication.

Social media platform Twitter suffered a zero-day vulnerability which allowed the attackers access to personal information of 5.4 million accounts. The vulnerability was being exploited in December 2021, but reported to Twitter through HackerOne’s bug bounty platform in January 2022.

The vulnerability allows any party without any authentication to obtain a Twitter ID of any user by submitting a phone number/email even though the user has prohibited this action in the privacy settings.

Attack Updates: Data Of More Than 200 Million Twitter Users Is Leaked

On September 24, 2022 SOCRadar detected a misconfigured public bucket where Microsoft stored 2.4 TB of data. Impacted were 65,000 entities from 111 countries.

The exposed data is dated from 2017 to August 2022. Microsoft stated that SOCRadar exaggerated the scope of the data leaked.

Samsung experienced a data breach back in late July and discovered the intrusion in early August. Samsung neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.

A proposed class action accuses Samsung of not warning customers of the breach in a reasonable amount of time. Names, contact and demographic details, dates of birth, and information related to product registration were all allegedly compromised, according to Samsung’s statement. Although Samsung claims that neither social security numbers nor credit or debit card information was accessed.

Samsung stated that it began an inquiry, which is currently ongoing, after hiring a reputable outside cybersecurity firm. Law enforcement has also been notified by Samsung.

At this year’s BlackHat USA, held Aug. 6-11 in Las Vegas, a Belgian security researcher stunned the crowd by hacking Starlink Dish with a $25 device, gaining major notoriety worldwide.

The researcher in question disassembled his terminal, or as SpaceX calls it, “Dishy McFlatface,” and managed to perform a “Voltage Fault Injection Attack,” also known as “glitching,” to load modified firmware, after which he gained full access to the antenna. After Lennert W. reported this problem and received money from Starlink for it, Starlink could not fix this problem with a software update but would have had to release new hardware.

Jason Firch
Jason Firch
Jason is a proven marketing leader, veteran IT operations manager, and cyber security expert with 10 years of experience. He is one of the co-founders and CMO of SecureTrust.

Share This Article

Subscribe to SecureTrust newsletter

Get the week’s best
cybersecurity content.
Sign Up >

All 2022 Cyber Attacks

Top 10 Most Exploited Vulnerabilities In 2022

The year 2022 saw its fair share of significant vulnerabilities that made headlines and affected a wide range of systems and devices. These vulnerabilities impacted a wide range of systems and devices, including web servers, collaboration platforms, office software, and network devices.

Explore Resource

Iranian APT Uses Log4j Vulnerability To Hack US Federal Network

According to the FBI and CISA, Iranian government-sponsored hackers accessed an undisclosed US federal agency’s network early this year, using the Log4Shell vulnerability to deploy crypto miners and compromised credentials.

Explore Resource

15,000 Sites Compromised In A Massive Google SEO Poisoning Campaign

In the second week of November, around 15,000 sites were compromised in a major search engine optimization (SEO) campaign. The threat actors established the attack to redirect the visitors of the websites to fake Q&A discussion forums.

Explore Resource

Russian Hacktivists, Killnet, Take Down US Airport Websites

In October 2022, a pro-Russian hacker group claimed responsibility for hacking several US airport websites.

Explore Resource

2.4 TB Data Leak Caused By Microsoft’s Misconfiguration

Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.

Explore Resource

TikTok Denies Cyber Attack: Did It Really Happen?

A hacker organization called “AgainstTheWest” posted a discussion on a forum and claims that this server contains 2.05 billion records in a vast 790GB database containing user data, platform statistics, software code, cookies, auth tokens, server info, and many more.

Explore Resource

Sensitive NATO Data Leaked After Cyber Attack

On September 8, Portuguese local news organization, Diario de Noticias reported that the Portuguese Government’s Department of Defense has allegedly been a subject of a cyber security data breach involving exfiltration of confidential NATO documents.

Explore Resource

Uber’s Internal Systems Compromised By An 18 Year Old

On September 15th, an 18 year old managed to hack Uber. The hacker reportedly gained control over the company’s internal systems leveraging social engineering techniques that led to compromising an employee’s Slack account.

Explore Resource

Cisco Suffers Cyber Attack By UNC2447, Lapsus$, & Yanluowang

Cisco confirmed that the UNC2447 cybercrime gang, Lapsus$ threat actor group, and Yanluowang ransomware operators breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online.

Explore Resource

Cloudflare And Twilio Targets Of A Sophisticated Smishing Attack

Cloudflare revealed on Tuesday, August 9th that they were also targeted by the threat actors who breached Twilio and gained unauthorized access to some of its systems on August 4th.

Explore Resource

Maui Ransomware Attack

North Korean state-sponsored cyber actors are attacking U.S. Healthcare and Public Health (HPH) Sector organizations since at least May 2021.

Explore Resource

ZLoader Malware Takedown

On April 13, 2022, Microsoft announced, in a join effort, that they had successfully disrupted the botnet distributing the ZLoader trojan.

Explore Resource

Kaseya Ransomware Attack

The Kaseya ransomware attack has impacted over 50 MSPs and between 800 and 1500 companies. With a ransom note of $70 million this is quickly becoming the largest ransomware attack in history.

Explore Resource

Rackspace Ransomware Attack: What You Need To Know

Rackspace Technology noticed that users were experiencing issues while trying to access their Exchange Environment which turned out to be a ransomware attack.

Explore Resource

Dropbox Suffers Data Breach Following Phishing Attack

Dropbox confirmed thousands of names and email addresses belonging to Dropbox employees as well as API keys and other credentials were exposed in November.

Explore Resource

Australian Telecom Optus Exposes Data Of 2.1 Million Customers

Optus confirmed that a cyber attack had exposed the government identification numbers of 2.1 million of its customers.

Explore Resource

Advocate Aurora Health Exposes Data Of 3M Patients Because Of A Meta Pixel Tracker

Misconfiguration of an endpoint caused a leakage of 2.4 TB of data of Microsoft’s customers. The issue stemmed from a misconfigured Azure Blob Storage and was spotted on September 24, 2022.

Explore Resource

$570M Binance Hack: What Happened & Who Is Responsible?

BNB bridge exploiter is responsible for the October 4, 2022 attack, with hackers stealing two million BNB (Binance Coin) tokens, worth $570 million.

Explore Resource

Samsung Exposes Personal Information In Recent Data Breach

Samsung experienced a data breach back in late July and discovered the intrusion in early August and neglected its duty as a collector of personal information by not reporting the incident to affected customers in a timely manner.

Explore Resource

How The Largest European DDoS Attack Was Blocked

On July 21, 2022, Akamai detected and mitigated the largest DDoS attack up to this point, which has been launched against a publicly unknown Akamai European customer.

Explore Resource

Twitter Zero-Day Exposed Data of 5.4 Million Account

Social media platform Twitter suffered a zero-day vulnerability which allowed the attackers access to personal information of 5.4 million accounts.

Explore Resource

Cleartrip Suffers Massive Data Breach

Cleartrip has suffered a massive data breach where confidential data was exposed in several places on the dark web with files timestamped as recent as June 2022.

Explore Resource

Mantis Botnet: The Largest DDoS Attack Ever

The Mantis botnet was able to generate the 26M HTTPS requests per second attack using only 5,000 bots. I’ll repeat that: 26 million HTTPS requests per second using only 5,000 bots.

Explore Resource

Conti Costa Rica Ransomware Attack

Costa Rica declared a national emergency due to an ongoing Conti ransomware campaign against several government entities in April 2022.

Explore Resource

Saudi Aramco $50M Data Breach

The threat group ZeroX is demanding $50M to prevent the public release of PII data on 14,254 employees and company intellectual property.

Explore Resource

Accellion Data Breach

The Accellion file transfer application (FTA) data breach has impacted over 100 companies, organizations, universities, and government agencies.

Explore Resource

Secure VPN Data Breach

The Pulse Secure VPN zero-day has been exploited resulting in the breach of several undisclosed defense firms and government organizations.

Explore Resource

Join 10,000 Subscribers

AI & Cybersecurity Insights
Delivered To Your Inbox

SecureTrust Cybersecurity Powered By Helios