WatchGuard Blog

What were the biggest cyberattacks in 2022?

Cyberattacks consistently hit the headlines throughout the year, and they aren’t expected to slow down any time soon. While the intensity and impact change from one attack to the other, there are always a few that rank the highest in terms of size. We looked at the five biggest cyberattacks of 2022 and how they influenced users around the globe. 

The five biggest cyberattacks of 2022

  1. Red Cross data breach: On January 18 of this year, the International Committee of the Red Cross (ICRC) discovered that the personal data of more than 515,000 "vulnerable people" had been stolen from its servers located in Switzerland. Once the attackers were inside the system after exploiting a vulnerability, they lurked undetected for 70 days. The criminals have not demanded a ransom for the data, nor is it known to have been leaked or sold, so there is concern that victims may suffer identity theft in the future.  
  2. Viasat satellite cyberattack: In February, the US-owned satellite Viasat was attacked, causing a communications blackout in Ukraine and other European countries just before the Russian invasion. The attack also affected tens of thousands of fixed broadband customers across Europe. In our predictions for 2022, we raised the possibility of seeing headlines along the lines of "hacks in space" stemming from the attention the US government and private sector were paying to the "space race." In 2021, concerns about securing outer space had already reached the cybersecurity industry and were discussed by researchers and at conferences throughout the year. Then in early 2022, the most prominent attack on space hardware in history was launched.
  3. Attack on Microsoft by the Lapsus$ ransomware group: in March, Microsoft acknowledged that an employee's accounts had been compromised by Lapsus$, granting limited access to source code repositories. The company managed to stop the cybercriminals in time, avoiding risk escalation. Applying the principle of least privilege allowed the organization to halt the attack before it was too late, as the credentials the gang managed to hack only had limited access. This points to another of our predictions: zero-trust adoption. A recent Pulse survey indicates that most IT managers (59%) are already deploying a zero-trust security strategy. Out of those who still need to adopt this strategy, 79% plan to adopt this approach sometime in the next 4 to 12 months.
  4. Ransomware attacks on the Costa Rican government: On April 17, the Conti ransomware group attacked around 30 Costa Rican government institutions demanding $10 million be paid, or it would leak Costa Rican citizens’ tax return information. The threat actors reportedly gained access by hacking a VPN and installing an encrypted form of Cobalt Strike within the Costa Rican subnet. Later, on May 31, the Hive group deployed more ransomware on the Costa Rican social security fund, demanding $5 million this time. The government refused to pay the ransom on both occasions. Instead, the action it adopted to mitigate the damage was to disable computer systems related to taxes, social security, imports, and exports, as well as government websites. In total, the two attacks caused a loss of almost US$30 million.

While there is no direct reference to passwordless accounts, in this case, it highlights the need for a good MFA solution. In our predictions, we said that the only robust solution for digital identity validation is multi-factor authentication (MFA). We believe that applying this measure would have helped significantly in this case.

  1. The cyberattacks on Uber and Rockstar Games: We are treating these cyberattacks as a 2-for-1 deal, as the same perpetrator carried out both hacks in just three days. In the case of the ride-hailing service, the threat actors acquired a freelance driver's password by purchasing it on the dark web and then bombarded the system with MFA requests, using the MFA fatigue technique, until the target accidentally accepted one of them. Once inside, the cybercriminals accessed several employees’ Google Suite accounts, Slack, and other tools. In the case of the video game company, the perpetrator claimed to have accessed the company's Slack servers using social engineering. He then took it upon himself to leak several videos of the upcoming Grand Theft Auto 6 games. Although the attacker claimed to have also obtained the game's source code, the company assured that he had not succeeded. Later, the police linked the 17-year-old suspect, who had previous charges against him for hacking, to the Lapsus$ ransomware group and arrested him in Oxfordshire.

Other predictions come true

At the end of 2021, we also talked about a potential rise in SMSishing through Messenger platforms. A report has revealed that there were more than 255 million fraudulent attacks through mobile and other platforms, such as WhatsApp and Slack, as employees increasingly use them on their devices for work and personal life. This represents an increase of 61% compared to last year.

Similarly, despite the cost of cybersecurity insurance skyrocketing above 100% in the first quarter of 2022, many organizations purchased this service as protection against potential security incidents. In a survey of 450 companies, 19% claimed coverage for events above $600,000, 55% say they have some coverage, and 28% plan to purchase insurance in the short term.

Moreover, this year the use of malware to infect cell phones for cyber espionage has continued. Malware (75%) is the most common mobile attack, while credential harvesting accounts for most of the remaining percentage.

While we would love to be 100 percent accurate with our cybersecurity predictions, we did have some accuracy, which you can listen to on The 443 Podcast. Soon we’ll present our 2023 cybersecurity predictions as we shed light on next year's cyberattack landscape and stay one step ahead of the hackers. Before that, we would like to share our recommendation to adopt a unified approach to security that provides the different advanced cybersecurity solutions needed to protect corporate networks, both your own and those of your customers. A unified platform delivers visibility, control, automation, and, most importantly, comprehensive security, which are essential in a zero-trust approach.