Here at Via Resource, we monitor the reported cyber security statistics and trends that are impacting the digital landscape. Unfortunately, despite global efforts, every subsequent year the numbers get worse and show that we are far from being able to mitigate and contain the numerous cyber-threats targeting both the industry and government.
The latest cyber security breaches survey 2022 by Gov.uk has revealed that 39% of UK businesses identified a cyberattack in the last 12 months with the most common threat vector was phishing attempts (83%). With average estimated cost of all cyber-attacks of £4,200 with only medium and large businesses the figure rises to £19,400.
Below we dive in with some of the recent cyber-attacks and threats that CISOs need to key a close watch on for the remaining part of 2022 and beyond.
Cryptocurrency is big business, so it’s no wonder that Crypto.com was subjected to a serious breach at the start of 2022. The attack took place on 17th January 2022 and targeted nearly 500 people’s cryptocurrency wallets.
Despite the blockchain being a relatively secure transaction method, the thieves used a simple method to get the job done: they bypassed the site’s two-factor authentication and stole $18 million of Bitcoin and $15 million of Ethereum.
Initially, Crypto.com described the hack as a mere “incident” and denied any theft but clarified the situation a few days later and reimbursed the affected users.
Computing giant Microsoft is no stranger to cyberattacks, and on 20th March 2022, the firm was targeted by a hacking collective called Lapsus$. The group posted a screenshot on Telegram to indicate that they’d managed to hack Microsoft, and in the process, they’d compromised Cortana, Bing, and several other products.
The hackers made off with some material from Microsoft, too, but by March 22nd Microsoft announced that they’d shut down the hacking attempt promptly and that only one account was compromised.
Microsoft said that no customer data had been stolen, and Microsoft undoubtedly benefitted from its effective security team – the Lapsus$ group has previously targeted Nvidia, Samsung and plenty of other companies, and the politically-motivated group was already on Microsoft’s radar.
Red Cross (the charity) was attacked in January 2022. An attack on a third-party contractor saw more than half a million records compromised – including documents that the Red Cross classed as “highly vulnerable”.
Ultimately, thousands of people had their sensitive data stolen, and most of the victims are currently listed as missing or vulnerable. The Red Cross took servers offline to stop the attack and investigate this seemingly political breach, but no culprit has been identified.
Key findings highlighted in Proofpoint’s 2022 Human Factor report include:
Cyber criminals continue to capitalise on global conflicts. Earlier this year, threat actors and APT groups aligned with national interests including Russia’s invasion of Ukraine. Plus criminals exploited the pandemic to attack vulnerable people; phishing, online scams and the spread of fake news became an ideal strategy for cybercriminals seeking to sell items they claim will prevent or cure COVID-19.