Biggest Data Breaches of 2022
ACM.122 A collection of reports on the biggest data breaches, hacks, and busts in 2022 as defined by multiple sources
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Data Breaches
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In my last post I was considering potential threats for a batch job authentication flow. It’s always a good idea to review what types of attacks are occurring to create appropriate defenses. I’ve spoken about this over and over again in my presentations, classes, and this blog. This post takes a look at some of the biggest attacks in the past year since we are just starting out in 2023.
It’s clear from the list below that the way the “biggest” breach is measured varies but that breaches abound. Is the biggest breach the one that exposed the most data? The most sensitive data? How do you measure Microsoft source code being stolen? Is it the breach that caused the most monetary loss? Or would a healthcare cyber attack that shuts down a hospital, resulting in loss of life, top the list? How about an attack on a government that causes them to lose a war if not defended against successfully?
Some of the breaches have byproducts that can’t be easily measured. One breach results in access to data in another organization. Stolen credentials or identities are sold later and result in identity theft down the line.
However you want to measure cyber attacks, they are something you want to avoid. I’m always reviewing the latest data breaches and trying to inform my followers of the best ways to avoid them.
These sources list the following as the worst data breaches in 2022 starting with the worst or sometimes in date order. Some are industry specific such as financial or crypto hacks. One bright spot is a list of some of the biggest cyber crime busts in 2022.
After reviewing this list, one of the breaches that stood out to me was the Oktapus breach which affected Twitter, Cloudflare, Signal and others. I’m going to explore that one in more detail in the next post.
Wired
Russia hacking Ukraine, Twilio and Oktapus, Los Angeles Unified School District, LAUSD, ransomware group and malware maker known as HIVE ransomware used to target over 1,300 organizations around the world, resulting in roughly $100 million in ransom payments from victims, Lapsus$ (Nvidia, Samsung, Ubisoft, and Microsoft, Okta, Uber, Rockstar), LastPass, Vanuatu, Twitter
Security Magazine
Medibank, LAUSD, Optus, DoorDash, Twilio, Uber, Twitter, Neopets
Cybersecurity Hub
Twitter, BidenCash (dark web marketplace), Optus, WhatsApp, Medibank, Uber and Rockstar, Twitter, Nelnet Servicing (student loan data), SHEIN, Revolut
CRN
Neopets, AT&T, Cash App, Beetle Eye, Flex Booker, Eye Care Leaders, Elephant, OneTouchPoint, Lakeview Loan Servicing, LLC, Nelnet
American Banker (Financial Breaches)
TransUnion South Africa, Revolut, Lending Tree, Cash Express, First Financial Credit Union, Boeing Employee Credit Union, Flagstar, Lakeview Loan Servicing, Elephant Insurance Services, Receivables Performance Management
nira blog
Okta, Uber, Cisco, Twitter, Rockstar Games, Microsoft, Dropbox / Github repositories, LastPass, Fast Company, Booz Allen Hamilton
Cybers Ghost VPN
Samsung, Optus, Twitter, Ronin Network, Credit Suisse, Plex, Costa Rican Government, Trans-Union South Africa, Russian-Ukrainian Cyberwar, Crypto.com, Red Cross, Uber, Open Sea (NFT Market), LastPass, Microsoft, News Corp, Nvidia
Gizmodo (ordered by date, latest to most recent)
Bunnings, Crypto.com, Nvidia, OpenSea, Medlab Pathology, E-Pal, SuperVPN, GeckoVPN, ChatVPN, Amart Furniture, Deakin University, Neopets, American Airlines, Cisco, Plex, University of Western Australia, Twilio, Signal, LastPass, Twitter, TikTok, The North Face, Uber, Rockstar, Optus, Get Revenge on Your Ex, Telstra, MyDeal, Vinomofo, Doomworld, Austrailian Defence, Harcourts, Abandonia, LJ Hooker
Security Boulevard (through September, ordered by date)
Crypto.com, Red Cross, Credit Suisse, Lapsus$ Ransomware Attacks (Samsung, Microsoft Azure, Okta — only two customers, Globant, T-mobile), NYC Department of Education, Cash App, Costa Rican Government, Twitter, Oktapus phishing attacks (Cloudflare, Twitter, Microsoft, T-Mobile and more), Uber.
Fortune — Five Biggest Crypt Hacks
Ronin Network, Wormhole Bridge, Nomad Bridge, Beanstalk Farms, Mango Markets
Decrypt — Biggest Crypto Exploits
FTX, Binance, Ronin, Wormhole, Nomad
TechCrunch — Biggest Cyber Busts of 2022
Bitfinex couple, doxed Conti ransomware member, NetWalker, Sebastien Vachon-Desjardins of Quebec, James Zhong the Silk Road hacker, Raccoon stealer operator, seller of WhatsApp hacking tech, some Lapsus$ members, SSNDOB taken down, ex-Amazon engineer (this one was quite obvious), REvil operator, teenagers linked to Uber and GTA hacks
Krebs On Security’s biggest stories for the year
Cryptominers installed by Norton and Avira, 14 people arrested suspected of working for REvil, IRS Selfie privacy issues, the FTX debacle and related sports advertising (I guess you do need to understand what you are investing in, was my take), Mark Sokolovsky of Raccoon and Vyacheslav “Tank” Penchukov of transnational cyber crime group nabbed, Conti chat logs posted online, Russia considers making prisoners to work in IT, NVidia, Microsoft, Okta, Samsung, T-Mobile and Uber targeted by LAPSUS$, impersonation of police, Mailchimp, pig butchering crypto scams, U.S. Drug Enforcement Administration (DEA) portal compromised, Costa Rican government, Denis Emelyantsev likely owner of the RSOCKS botnet, Experian investigated for allowing consumer account takeover, DoorDash, MailChimp breach affects DigitalOcean, LastPass, Uber, Optus, U.S. Banks stiffing account takeover victims, former Uber CSO found guilty of two felonies, Medibank, Infragard run by FBI compromised, Twitter, LastPass again, and two days before Christmas — anyone can bypass Experian questions.
Bleeping Computer’s biggest stories of the year
Russia creates it’s own TLS authority to bypass sanctions, malicious Android apps, famous npm package deleted in Ukraine protest and other corrupted packages break thousands of apps, reverse shell using MS Teams GIFs, 1M chrome extension hijacks, Linux bug gives root on all distros, MS Teams stores auth tokens in cleartext, Okta’s source code stolen (along with a bunch of others as noted above), and Android phone owner accidentally finds a way to bypass the lock screen.
Here are a few other good sources for cyber secruity news you will probably want to follow:
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2023
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab