No business is safe from the growing threat of cyber attacks on a global scale

Computer security

Currently, no business is safe from the growing threat of cyber attacks on a global scale. In fact, it is expected that 2023 will set new records for both the frequency and severity of cyber attacks. Along with the exponential increase in events, new attack tactics, targets and interests are emerging. Healthcare organizations that have already been repeatedly affected in recent years predict that the number of cyber attacks will reach its peak in 2023. In addition to the increase in attacks, some trends are developing regarding the state of cybersecurity breaches. First, as criminal groups emerge and adopt more selective and targeted techniques, the ransomware ecosystem continues to expand and change. Furthermore, thanks to phishing, corporate communications platforms in the cloud such as Slack, Teams, OneDrive and Google Drive are increasingly being targeted by hackers. Employees' use of these platforms and personal devices and appliances has increased their vulnerability to attacks. These factors, combined with widespread employee adoption of remote work, have increased the attack surface.

Now let's see what were the most sensational cyber attacks in 2022.

Cyber ​​attack on Optus Australia

Optus is an Australian telecommunications company providing mobile and landline telephone services. It is the second largest telecommunications company in Australia and is owned by Singtel. Unfortunately, Optus has been subject to several hacking attempts in recent years. And surprisingly, despite having already suffered 3 cyberattacks in the years 2017, 2019 and 2020, it was shocked by a massive ransomware attack that stole the personal data of around 3 million people.

The attack was claimed by Lapsus$, a gang that had gained some notoriety for having previously attacked giants such as Microsoft, Samsung, Nvidia, Mercado Libre, Vodafone and Ubisoft. The damage caused by the Lapsus$ gang is estimated at hundreds of millions of dollars.

The gang had its own system of soliciting company employees by means of phishing. Once contact was established, employees were either threatened or bribed into revealing access keys.

A few months after the attack on Optus, the English police arrested 7 young people aged between 16 and 21 in Oxford. In particular, it appears that the 14-year-old was the leader of the gang. The young man had amassed a fortune of XNUMX million dollars. The parents said they had no idea that their son, a computer enthusiast, was actually carrying out a criminal activity.

The gang's modus operandi was shockingly made public on a Telegram channel with 45.000 followers, where the gang claimed responsibility for the cyber attacks and even asked followers to indicate which company they would prefer to be the victim of the next attack. Microsoft itself learned, through the Telegram channel, that it had been attacked, when the gang was still downloading the source code of Bing, Microsoft's browser.

Costa Rica cyber attack

In 2022 a massive attack against 27 institutions and public bodies paralyzed Costa Rica for months. Among others, the Ministry of Finance, Health, the social security institution, the tax authorities and trade were attacked. Criminals encrypted around 670GB of data, preventing Costa Rica from accessing the information. In the end, the Costa Rican government refused to pay the 20 million dollars requested by the criminals to return the availability of data, but it took them several months before they could resume normal operations.

The perpetrators of the attack would be members of the Conti gang, which is based in Russia. This gang is well known for its ruthlessness and for having carried out more than 800 attacks worldwide. Industry experts say that the Conti band operates as "Ransomware as a Service", that is, it makes its structure available to third parties to launch cyber attacks. It is said that the gang does not abide by the so-called "Honor Code" enforced by other attackers when lives are at stake, as happens when attacking hospitals or emergency medical services. Instead, the Conti gang is known for attacking Ireland's Healthcare in 2021 during the Covid pandemic, causing the entire computer network to shut down and the deaths of many patients.

The investigators complain that they do not obtain any collaboration from the Russian government, so the Conti gang seems to be able to continue its criminal activity undisturbed. The United States government has offered a bounty of 10 million dollars to anyone who can provide information.

Anonymous attacks Russia

Anonymous is an international collective of hackers who in recent years have taken political positions against governments and organizations, and in favor of "humanitarian battles".

In the war between Russia and Ukraine, Anonymous immediately took a stand in favor of Ukraine, and launched cyber attacks against the Kremlin, the Duma, the Ministry of Defense, the Central Bank of Russia, the Tetraedr arms manufacturer, the Russian TV station RT. In addition, Anonymous also attacked Nestlè and published 10 GB of stolen sensitive data, given that the same would have refused to close the business in Russia.

On the other hand, the Sandworm group operates in Russia, made up of Russian Intelligence hackers, who are responsible for sabotaging Ukrainian computer networks. Just Sandworm is accused of having created the Cyclops Blink malware, which has the ability to propagate through the network and disable the firewalls that defend computer systems.

The activity of these 2 groups of hackers makes us see the war between Russia and Ukraine from a different perspective: the war is no longer just a clash of armies in the field, rather we are trying to reduce head-on clashes to a minimum.

Instead, the strategy of cyber attacks has become of primary importance as it aims to weaken the enemy's forces by depriving him of the organization and functionality of his own country.

Cyber ​​attack on Axie Infinity

The blockchain of the popular Axie Infinita game suffered a cyber attack at the end of March 2022, in which 173600 Ether and 25,5 million USD Coins were stolen, for a total value of 620 million dollars. According to the company's official report, the hackers managed to access the private keys of the validator nodes.

According to the FBI, the authors of the sensational attack are two groups: Lazarus and APT38, both closely linked to the North Korean government. In North Korea, the government controls the Internet. No group could carry out cyber attacks without the knowledge of the Government. On the contrary, the government encourages young people who want to become hackers and in many cases sends them to China to do advanced level internships. The hacking activity is actually a real source of funding for the North Korean government.

One of the most famous coups of the Lazarus group was the attack on the Central Bank of Bangladesh from which it managed to steal $951 million. The attackers had gained access to the Bank of Bangladesh account at the Federal Reserve. They had sent some emails to employees of the Bank of Bangladesh, one of them had opened the email and downloaded the malicious software and from there it all started.

When they tried to transfer the 951 million to friendly banks, they only managed to steal 81 million. Most of the funds were going to a Manila Bank located on Jupiter Street, but due to a misunderstanding, the Federal Reserve interpreted that the funds were going to Jupiter Bank, an Iranian bank, so the transfers were blocked. “Only” $81 million was actually transferred.

The Hackers of the Lazarus and APT38 groups don't bother much to hide their misdeeds. They enjoy absolute protection from the state in North Korea and live a privileged life compared to the rest of the population. Nonetheless, the United States persecutes these two groups and in 2020 the Justice Department opened a case against 3 North Koreans accused of being the perpetrators of cyber attacks who stole $1,3 billion in cryptocurrencies.

WhatsApp data leak

Towards the end of November 2022 it became known that the data of 500 million WhatsApp users was being sold on the Dark Web. The data concerns active WhatsApp users in different countries, with name and surname and telephone number, for a total of 500 million. The data is offered for sale by country.

The Italian package includes 36 million users. The sale announcement appeared on a well-known hacking forum. Prices are unusually low. For the United States package consisting of 32 million telephone numbers, (a lower number than Italian users) a price of only 7000 dollars is requested.

The company Meta, owner of WhatsApp, denies having been hacked and claims that the data could not have been extracted from its servers. There is a fear that the data could be used illicitly to carry out phishing activities or identity theft.

error: Content is protected !!