Cybersecurity in 2022
2022 was another huge year for cyberattacks. Although the news cycle was filled with many consequential stories related to the Ukraine War, inflation, and other major events and issues that pushed the ongoing cyber wars off the front pages, the digital dangers that exist in the "cybersphere" only grew, as governments and the private sector scrambled to stay ahead of the next major hack or data breach.
These online methods of espionage, offensive digital warfare, and for-profit criminality, are a great danger because they can be used to disrupt or damage IT systems, compromise critical infrastructure networks, and commandeer sensitive data.
They are carried out primarily by ransomware gangs and government-sponsored Advanced Persistent Threat groups (APTs), though the past several years have seen a sharp rise in the utilization of Ransomware-as-a-Service, which can make anyone willing to purchase malicious code on the dark web a hacker.
Hacking attacks are particularly dangerous because they can originate from anywhere in the world and are very difficult to detect and stop. In addition, with the ever-increasing use of cloud computing and mobile devices, it is now easier and more convenient than ever for cybercriminals to gain access remotely to sensitive data.
Furthermore, since most entities, both public and private, rely heavily on their computer systems for both communication and to facilitate financial transactions, it is easy for attackers to initiate serious disruptions through cyberattacks that may either prevent employees from accessing important data or perhaps even shut down an entire private network for days or perhaps even weeks at a time.
That said, these are some of the more notable cyberattacks that occurred in the past 12 months:
Major Breaches Expose the Data of Millions: Although the more prominent recent headlines surrounding social media giant Twitter have revolved around the company’s acquisition by Elon Musk and the revelations regarding the burial of the October 2020 New York Post article regarding Hunter Biden’s laptop, the company was victimized by a significant data breach that affected millions of users.
As a result of a vulnerability that was discovered in January of 2022, a hacker known by the alias ‘devil,’ was able to acquire the data of over 5.4 million Twitter users. The stolen data, which included email addresses and phone numbers from celebrities and companies, was offered for sale on the hacking forum known as BreachForums.
Student loans, which were a hot subject in the summer leading up to the 2022 midterm elections due to the Biden administration’s ill-fated Student Loan Forgiveness Program, were at the center of another major breach that would expose the social security numbers of more than 2.5 million individuals. As a result of a cybersecurity vulnerability that was suffered by student loan servicer Nelnet Servicing, which provides technology services including a website portal to two student loan companies, Edfinancial and OSLA services, student loan registration data including names, addresses, email addresses, phone numbers and social security numbers, were accessible during June and July of 2022.
Cyberwarfare Between Nation-States: In 2022, there was no shortage of major cyberevents between nations in what has quickly become a perpetual state of online warfare over the past several years.
The activity was related to everything from reconnaissance and espionage to attacks against infrastructure. These kinds of quasi-military cyber operations were most evident in the flurry of attacks carried out by belligerents on both sides of the Russia-Ukraine conflict, as well as a select few other long-standing conflicts between established combatants like Israel and Iran.
The early days of the Ukraine conflict saw an immediate spike in attacks that included the Russian-based Hermetic Wiper attacks that devastated hundreds of organizations in Ukraine by wiping out data on Windows-based computers and networks, as well as the mid-February Distributed Denial of Service (DDoS) incidents that took place against the financial sector in Ukraine. In the months after, hacktivist groups sympathetic to the Russian cause would organize subsequent cyberattacks via the messaging app Telegram.
In July, the Washington Post reported that Iran’s state-owned Khuzestan Steel Co. and two other steel companies were forced to halt production after suffering an Israeli cyberattack. An Israeli hacking group claimed responsibility on social media, saying it targeted Iran’s three biggest steel companies in response to the “aggression of the Islamic Republic.”
Lastly, one of the more attention-grabbing cyber headlines of the year belonged to the Chinese Advanced Persistent Threat group APT41, who brazenly stole at least $20 million in COVID relief (Small Business Administration loans and unemployment insurance). The Secret Service told NBC News that there were more than 1,000 ongoing investigations into the defrauding of public benefits programs, and that China’s APT41 was “a notable player.”
New Espionage Tactics Target Policy Experts: When people envision espionage or spying operations, their heads fill with thoughts of James Bond-type figures that talk into their watches and shady foreign characters that work as double agents, leveraging governments against each other. But in reality, many “spying” operations are as simple as attacking a target device with a keylogger and recording online actions.
But one story reported earlier this month broke the mold for the use of targeted email phishing to commandeer insight on potential policy trends for the upcoming year. It seems now that the North Korean APT known as either Thallium or Kimsuky is targeting people who are influential in foreign governments in an effort to better understand where Western policy may be headed on NoKo.
In October, that APT targeted Daniel DePetris, a U.S.-based foreign affairs analyst. DePetris received an email purporting to be from the director of the 38 North think-tank Jenny Town and commissioning an article. But the sender was really a member of Thallium or Kimsuky. This is certainly one of the oddest stories you’ll hear regarding an attempted spying campaign.
Despite all these stories and the fact that threats facing public and private sector entities carry the largest potential for devastation, the greater majority of cyberattacks still target individuals. Whether it's new strains of ransomware that spring from some of the more prominent families like STOP/Djvu, or browser hijackers that wreak havoc on your computer by attempting to take you to dangerous sites loaded with malware, with each passing year, you are more likely to become the victim of an online attack as threats continue to proliferate in the wild. Although government organizations like the Cybersecurity and Infrastructure Security Agency (CISA) continue to invest manpower and billions of dollars towards keeping Americans safe, with wildcards like the repercussions of the Log4Shell Vulnerability still being learned, there just aren’t enough eyes available to keep all Americans safe, and 2023, much like 2022, is likely to play host to the most cyberattacks in history.
Julio Rivera is a business and political strategist, Editorial Director for Reactionary Times, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, has been published by many of the most heavily trafficked websites in the world.