Cyberattacks and security data breaches are still a big business, despite numerous advances in cybersecurity defense mechanisms. Why? Well, money would appear to be the biggest motive behind these attacks. So, let’s look at some of the major security breaches in 2022.
Firstly, hackers will spare no industry – from financial services, to healthcare and multinational tech companies. These cybercriminals often use social engineering and phishing attacks to trick unsuspected victims into providing their credentials.
According to findings by Surfshark, Q3 of 2022 showed a 70% increase in breaches compared to Q2. And while this number is slightly lower than the same time last year, the results are still concerning.
For this reason, it’s important to understand how and why these events took place, and to learn how to protect against them from reoccurring.
Unfortunately, physical and digital security breaches are common nowadays and a growing threat that no one believes will let up. It is only going to get more sophisticated and worse.
What companies can do differently when it comes to physical access control and security breaches is, first, to set proper expectations from their partners of choice. Too many companies stick with a company based on yesterday’s needs.
The legacy physical access control industry is an industry that set its value propositions and uses cases from the 1970s, or what I like to say are ‘today and yesterday use cases and value propositions.’ The physical access control industry is no longer just about keeping bad people out. We need to make sure the right people are also let in.
This slight change in how systems are built and approached is a monumental shift in our industry’s value proposition and shows the difference between those who are set up for success versus those set up for short-term failure.
I advise ensuring you work with modern companies and products that support current practices and use cases that set you up for success today and tomorrow. I know that sounds simple, but sometimes simple is what is needed.
– Lee Odess, The Access Control Executive Brief
Crypto.com Crypto Theft
The dire event took place in January 2022 and saw hackers stealing 4,836.26 ETH and 443.93 BTC. That’s equivalent to roughly USD15.2 million and USD18.6 million respectively, from 500 people’s cryptocurrency wallets. The attack occurred thanks to the malicious actor’s ability to bypass the site’s two-factor authentication.
Crypto.com later announced all affected customers have been fully reimbursed for the losses. This came after an initial dismissal of the attack as ‘just an incident.’ In the aftermath, the company also announced they improved the organization’s security posture to ensure that all sensitive data is encrypted.
Pro tip: The above is a great example of why using a password manager is so important.
SuperVPN, GeckoVPN, and ChatVPN
The data of some 21 million users of three different Android VPN services was stolen. Subsequently, it was placed for sale on a popular hacker forum. The information they posted included:
- User email addresses,
- Full names,
- Payment information, and
- Account status.
The hacker claims this data has been exfiltrated from publicly available databases that VPN left exposed. If this is true, it appears that the VPN providers in question are logging far more information about their users than stated in their privacy policies.
Moreover, they are leaving default database credentials in use.
For this reason, users need to always make sure that the VPN in question does not log their online activities or collect personal data about them. Otherwise, data contained on the VPN servers that become compromised will be used to carry out malicious activities such as man-in-the-middle attacks and more.
Hint: Beware of free VPNs who claim they don’t log user data, and yet collect and sell information about their users to third parties.
FlexBooker Data Breach
At the start of this year, the business management group FlexBooker was hit by a data breach, affecting nearly three million users. The company Amazon’s AWS servers were compromised, preventing customers from accessing their data.
As part of the incident, a hacking band called Uawrongteam extracted FlexBooker’s sensitive data by exploiting their AWS configuration. In other words, they managed to access and download their data storage by installing malware onto the servers. In turn, this allowed them to gain full control over the system.
The confidential data that was retrieved included:
- Full names,
- Email addresses,
- Phone numbers,
- ID information,
- Drivers’ licenses, and
This stolen information was then offered for sale on popular hacking message boards. As to be expected, and following the attack, many clients left the platform that resulted in the company suffering financially.
130 Plus Companies Compromised in Phishing Breach
Cybersecurity company Group-IB details in a report how a months-long phishing campaign went after Okta identity credentials. Some 130 organizations have been compromised in a well-designed and executed attack that uses simple phishing kits.
Cloudflare, Doordash, Mailchimp, and Twilio are some of the targeted companies in which they imitated the authentication service Okta. They did this by directing targets to a fake authentication page where victims had to enter their login credentials, giving the attackers access to their account.
Moreover, attackers tried to use one compromised service to breach another. For example, cyber hackers abused access to Twilio’s phone number verification services in order to compromise Signal app users. It was possible for the attacker to try and register phone numbers they accessed to another device using the SMS verification code.
Australian private health insurance company Medibank announced a data breach detection in October 2022. The hacker contacted the insurance giant claiming to have stolen 200GB of sensitive client data.
In fact, the data breach in question exposed all Medibank, ahm health insurance, and international student customers’ information in the hands of a malicious actor. Not only does this include significant amounts of claim codes made by customers, but personal information such as:
- First name and surname,
- Date of birth,
- Phone number,
- Client ID, and
- Medicare card numbers (Australian universal health care insurance number).
As far as the insurance company is aware, the threat actors have not retrieved credit card and banking details and any primary identity documents, i.e., driver’s licenses.
It is through this communication with the hacker that Medibank has been able to determine the extent of the breach. Furthermore, they cannot say for sure how many customers are affected. However, they believe the data stolen has been released by the criminal on the ‘dark web’. The dark web is a closed online network, often accessed for criminal purposes.
Like many other major security breaches, this particular hack is under investigation by the Australian federal police.
Extra Precautions to Take to Secure Your Online Data
Looking at the above major security breaches we can outline some common reasons for these cyber threats and lessons to learn:
- Human error. The use of weak passwords may expose a company’s systems to frequent attacks. Additionally, clicking on malicious links and visiting phishing sites leaves businesses vulnerable.
- Missed vulnerabilities. Understanding who has accessed sensitive information can help to detect a potential data breach. It’s not uncommon for a hacker to leave a secret window where they can access a company’s systems again.
- Malicious software. The use of malware like viruses, spyware, trojans, etc., is an extremely effective way to steal confidential information. Especially, when organizations don’t step up their monitoring protocols and repeat attacks happen.
In response to this, everyone should be advised to take all necessary precautions to safeguard their online identity. Be vigilant with all online communications and transactions. This may look like:
- Being alert for any phishing scams that may come to you by phone, post or email.
- Making sure to verify any communications you receive to ensure they are legitimate.
- Being careful when opening or responding to texts from unknown or suspicious numbers.
- Regularly updating your passwords with ‘strong’ passwords, not re-using passwords, and activating multi-factor authentication on any online accounts, where available.
From cryptocurrency thefts to intrusions into healthcare insurance giants, sneaky attackers have been having a field day. And with data breaches soaring by 70% in the third quarter of 2022 in an otherwise dull year, we need to remember to not let our guards down!
An article documenting the major security breaches in 2022 is a helpful starting point to explain the importance of having solutions in place to apply security best practices. By learning from these events, you can hopefully bring new knowledge into updating your cybersecurity efforts to protect confidential information online.
So, the bottom line: when it comes to preventing data breaches and their financial consequences vigilance and perseverance seems to be the key. Especially as cybercriminal activity shows no signs of stopping soon.