This past year has been tumultuous to say the least. There have been drastic shifts in the world, between the ongoing conflict in Ukraine, Twitter’s acquisition by Elon Musk, the continued evolution of ransomware gangs, crashes in the cryptocurrency market, and breakthroughs in practical AI technology such as ChatGPT and DALL-E 2 that have brought the ethics of artificial intelligence back into public discourse. Today though, we want to discuss the top 3 biggest cybersecurity events of the year, because there have been some doozies.
1. Cyberwar in Ukraine
In February 2022, the world watched in shock as tensions between Ukraine and Russia descended into an all-out war. With Russia’s invasion of Ukraine, many in the industry braced for the increased likelihood of collateral damage as Ukraine and Russia inevitably resort to cyberattacks. Russia had previously utilized cyberattacks against Ukrainian power distribution and communications infrastructure, and this behavior surged in the buildup to the invasion. According to James Andrew Lewis, writing for the Center for Strategic & International Studies, Russia launched a broad cyber campaign shortly before, and continue after, the invasion. The primary targets of which were government websites, energy providers, telecommunications companies, financial institutions, and media outlets.
However, these attacks were not relegated merely to those listed above; cyberattacks were up across the board for Ukrainian companies regardless of industry, and even non-Ukrainian targets were caught up in attacks that were intended for other targets. These operations were also not exclusively destructive network intrusions, as Russia utilized complex phishing and misinformation campaigns targeting Ukrainian refugees. The conflict is ongoing, and we continue to see elevated levels of cybercrime in the region.
2. LastPass Breach(es)
On August 25th, LastPass notified the world that an unknown threat actor accessed a cloud storage development environment to steal portions of LastPass’ source code and proprietary technical documentation. The breach was caused by a single compromised developer account, supposedly due to a phishing attack. In September, LastPass provided an update that the investigation had concluded that the attacker had only managed to steal source code, with no access to customer data or encrypted password vaults.
Unfortunately, this was not the end. In late November, LastPass notified customers that there had been a secondary compromise that allowed the threat actor to obtain a copy of a backup of customer vault data from an encrypted storage container. The threat actor was also able to obtain basic customer account information such as company names, usernames, billing addresses, email addresses, mobile numbers, and IP addresses.
Though passwords themselves are safely encrypted in the vault, there is also some unencrypted data such as website URLs that would have been included with the vault. However, now that the actor has their hands on the encrypted password vaults, the only thing that prevents them from cracking a specific password vault is the strength of the master password used to encrypt the vault. Those who have used lengthy and complex passwords will be relatively insulated from the fallout of this attack, but all LastPass users should be on the lookout.
3. Twitter API Leaks
It’s been a tumultuous year for Twitter with Elon Musk’s purchase of the social media goliath and the resulting organizational restructuring, and the holiday season hasn’t treated them any better. Just after Christmas, a threat actor going by the name “Ryushi” on a black-market hacking forum claimed to be in possession of the data of 400 million Twitter users by exploiting a now-fixed vulnerability in the Twitter API. Ryushi gave examples of high-profile twitter users contained in the dump such as US Congresswoman Alexandria Ocasio-Cortez, Donald Trump Jr., the official SpaceX twitter account, and others. The threat actor appeared to be ransoming the data back to Twitter, demanding $200,000 for the data dump under consequence of heavy GDPR fines if the data is released publicly.
Since then, much of the data has been released publicly by a new threat actor on the same black-market forum. However, this batch seems to be a more tightly curated duplicate of the 400 million user dataset stolen by Ryushi, cut down to only 221 million records. Both sets include detailed information about user profiles, including email addresses, names, screen names, follower counts, account creation dates, and more.
While 2022 has been a challenge for many around the world, we have hope that things will begin to improve. At this point, it’s been made clear that organizations need to change how they think about and manage cybersecurity within their organizations. Cybersecurity Performance Management (CPM) makes this possible. According to Gartner’s® Hype Cycle for Cyber Risk Management, 2022 – CPM is expected to “highly benefit” organizations who adopt it. When there is visibility into the alignment of the business and cybersecurity, it vastly increases performance, ROI on security improvement initiatives, and reduces risk. We believe that businesses will continue the process of maturing their cybersecurity and risk management processes to a point where there is lower overall risk of catastrophic data breaches due to lack of actionable visibility into the operational effectiveness of security measures.