Heimdal
article featured image

Contents:

2022 was an all-around rollercoaster, and it was no different in the world of cybersecurity. Some of the biggest cyber attacks in recent memory occurred this year, as threat actors got slicker and their methods more sophisticated. Today, we will take a look back at some of the biggest cybersecurity incidents that happened in 2022.

Twitter Breach Causes Data of 5.4 Million Accounts to be Stolen

On November 24, 5,485,635 Twitter user records were made available for free on a hacker forum. Security experts claim that the data theft was caused by an API flaw that Twitter said it had patched in January of this year.

Fortunately, most of the database consisted of information that was already public, like Twitter IDs, names, and login names, but some records also contained private information such as phone numbers and email addresses.

Allegedly, the data leak was caused by an update Twitter did to their code in June 2021. Threat actors were vigilant and before the IT team of the social media platform noticed the bug and fixed it in January 2022, the hackers already managed to get their hands on website records. Shortly after, the data was put on sale on a hacking forum for $30.000. Twitter addressed the situation in July 2022, after learning about the up-for-sale database through a press report.

After reviewing a sample of the available data for sale, we confirmed that a bad actor had taken advantage of the issue before it was addressed.

(…)

While no passwords were exposed, we encourage everyone who uses Twitter to enable 2-factor authentication using authentication apps or hardware security keys to protect your account from unauthorized logins.

Twitter Statement (Source)

Uber’s Major Security Breach

Uber is one of the most used services on the planet, so of course that when the company announced that it was dealing with a cybersecurity incident a lot of people became concerned. Uber’s systems have been breached on September 15th by “Nwave”, a hacker affiliated with the notorious threat group Lapsus$.

The hacker was able to access internal systems used by the business, including the Slack server, the Amazon Web Services panel, the VMware ESXi virtual machines, and the Google Workspace email admin dashboard.

Lapsus$ managed to extract some internal messages and financial information and managed to access several internal tools such as G-Suite and Slack. Uber announced that despite reaching several internal systems, the threat actor was not able to extract sensitive data. To access the systems of Uber, the threat group used credentials from a third-party vendor, most likely purchased from the Dark Web.

First and foremost, we’ve not seen that the attacker accessed the production (i.e. public-facing) systems that power our apps; any user accounts; or the databases we use to store sensitive user information, like credit card numbers, user bank account info, or trip history. We also encrypt credit card information and personal health data, offering a further layer of protection.

Uber’s Statement Following the Incident (Source)

However, this wasn’t the only cyber incident Uber suffered from. The company was the victim of another data breach on December 10th, when the information of 77,000 employees was accessed by a threat actor.

Optus Data Breach

The second-largest telco company in Australia, Optus, was the victim of a massive data breach in September 2022. The IDs of 2.1 million current and former customers of the Australian company had been compromised following the attack, but all the 9.8 million customers of the company had other personal data exposed such as email addresses, birthdates, and phone numbers.

More than 20 Federal, State, and Territory government agencies and departments were involved in the investigation of the breach. Following the investigations, Optus confirmed that:

  • 2 million customers have had at least one number from a current and valid ID, and personal information compromised;
  • Approximately 900.000 customers have had numbers relating to expired IDs compromised, in addition to personal information.

Alongside another breach, which we will talk about soon enough, the Optus data breach caused a cybersecurity revolution in Australia. The Australian authorities announced the establishment of an ongoing cooperative operation against cybercriminal organizations, consisting of 100 of the best cybersecurity experts and professionals in the country. Claire O’Neil, the Australian Minister for Home Affairs and Cyber Security “declared war” on cyber criminals, stating that the newly formed force will “scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber-attacks and disrupt their efforts.”.

Medibank Ransomware Attack

The other important Australian breach of the year, Medibank, a health insurance company providing services for more than 3.9 million people in Australia, was the victim of a ransomware attack. Following the incident, all clients’ personal data and health claims data were accessed by the responsible threat group.

At first, Medibank played down the seriousness of the security breach, but soon after, the ransomware group got in touch with the business to demand money and delivered a sample of 100 stolen files out of the 200GB of data they claimed to have taken in the attack.

The company confirmed in an official statement that the following data was compromised:

  • Name, date of birth, address, phone number, and email address for around 9.7 million current and former customers and some of their authorized representatives.
  • Medicare numbers (but not expiry dates) for ahm customers;
  • Passport numbers (but not expiry dates) and visa details for international student customers;
  • Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers, and around 20,000 international customers. This includes the service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered.
  • Health provider details, including names, provider numbers, and addresses.

As mentioned previously, this case contributed to the formation of a special cybersecurity force in Australia.

GTA VI Footage Leaked

The world of gaming was also not safe in 2022. Footage of one of the most anticipated games in recent memory, GTA VI, got leaked on GTAForums after a threat actor managed to access Rockstar Games’ systems through Slack.

The user “teapotuberhacker” posted more than 90 videos of an early development version of the game, showcasing animation tests, gameplay mechanics, and level layouts. The fans of the game series were also delighted to find that the game will feature its first female protagonist and that it will make a return to one of the most beloved cities in the series, Vice City.

The threat actor responsible for the leak also claims to have been involved in the Uber breach we talked about previously.

NVIDIA Data Breach

The chipmaker company acknowledged on March 1st that threat actors had gained access to sensitive data and employee login credentials after a network breach that occurred in February.

NVIDIA initially said in a statement that it was looking into an event that had some impact on its systems. Not long after, data extortion gang Lapsus$ claimed responsibility for the hack and said 1TB of Nvidia’s network data had been stolen. Over the weekend, Lapsus$ uploaded a 20GB package including data from the Nvidia servers as more information about the hack. Additionally, this archive contained the staff members’ password hashes.

Lapsus$ warned the company to perform hardware information leakage if constraints on the GeForce RTX 30 Series’ firmware lite hash rate (LHR) were not removed.

How Can Heimdal® Help You and Your Company Stay Safe in 2023

We have a lot to learn from these cases, as well as from many others occurring in the past that I have not mentioned in this post. But I think we all can certainly conclude that threat prevention should be one of our greatest concerns when it comes to cybersecurity.

To help you better secure your business in the future, Heimdal® offers you a suite of tailor-made solutions. Our Heimdal® Threat Prevention – Network for example is a revolutionary DNS filter that adds HIPS/HIDS capabilities to your corporate system, stopping cyber attackers in the tracks.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Its AI-powered neural network not only recognizes but also anticipates sophisticated threats. As a result, you won’t be caught off guard if a new malware strain attempts to infect your company. It also does not require any software to be loaded on endpoints, making it a software-free solution.

And coming to its aid it’s our Heimdal® Threat Prevention – Endpoint module so that your business will receive full defense against DNS attacks as well as well-known dangers like ransomware, data breaches, exploits, and more. Your company’s confidential information will be protected by our solution regardless of where in the globe your employees choose to work from by enabling category-based restriction of web pages.

Heimdal Official Logo
Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® DNS Security Solution

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your endpoints.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
 

Parting Words

So with that, the 2022 season comes to an end! These were only some of the major events which occurred in cyberspace this year. You can study other cyber attacks by checking out our blog, where you can find the latest news and other helpful articles. I would like to wish you all a happy (and safe) new year, and see you again in 2023!

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE