Author: Andy Thompson, Global Research Evangelist at CyberArk
2022 has been a stressful 12 months for security teams, to say the least. Many open cybersecurity jobs remained unfilled, straining staff while they grappled with remote workforce risks, accelerated cloud adoption, mounting cybersecurity debt and heightened exposure to ransomware and software supply chain attacks. Meanwhile, the Ukraine conflict created a host of new and formidable challenges.
Identity compromise was a familiar theme across major 2022 breaches – from a high-profile incident involving a leading identity provider, to the rise in deceptive “MFA fatigue” phishing, to a teenager’s headline-grabbing attack on a major ride sharing service. Tackling identity-centric challenges was top of mind for government leaders and business executives alike. In some cases, conversations about the “trust no identity, verify every identity” Zero Trust imperative turned to action. Governments enacted stronger cybersecurity regulations to harden networks and protect access to sensitive data and critical infrastructure. Private sectors increased supply chain scrutiny to identify areas of weakness, such as embedded credentials and unmanaged secrets.
Under extreme pressure, cyber insurance providers continued to ramp up requirements, making it even harder for organizations purchase or renew policies. And several landmark legal cases placed breach responsibility and disclosure obligations on individuals, suggesting major changes ahead.
Below, we revisit the past year in cybersecurity because history tends to repeat itself until we learn from it and make changes. While attack methods and threats continue to evolve, focusing on identity – the one true constant – is a solid cybersecurity strategy for 2023 and beyond.
Attackers breach a global humanitarian organization, gaining access to sensitive data and disrupting services around the world.
A U.S. mass media conglomerate discovers a persistent cyberattack targeting journalists in a suspected espionage campaign.
An attack on a global cryptocurrency exchange results in unauthorized withdrawals worth $35 million.
A multi-month attack spree by Lapsus$ Group compromises several leading tech companies. After the dust settles, an identity vendor is disclosed as the initial attack vector.
New HermeticWiper malware targets Ukrainian infrastructure as threats rise in the region.
More than 300,000 global volunteers form an “IT Army” to help bolster Ukraine’s cyber defenses.
A series of cyberattacks disrupt operations at oil distribution facilities across Europe, putting authorities on high alert as oil prices climb.
Attackers steal $625 million in the biggest crypto heist to date, raising questions about the vulnerabilities of decentralized finance.
A massive DDoS attack takes down Israeli government websites.
Ransomware attacks wreak havoc on Costa Rica, prompting the country’s president to declare a national state of emergency.
A former employee at a major mobile payment app downloads sensitive files containing personal customer information, impacting up to 8 million people.
The notorious Conti ransomware group disbands following a major data leak and increased scrutiny from law enforcement.
A 157-year-old U.S. college closes permanently following a ransomware attack.
The attacker responsible for the historic 2019 breach that put cloud security into the spotlight receives guilty conviction.
Attackers breach Italy’s energy agency compromising servers, blocking access to systems and suspending access to its website for a week.
Phishing attacks using “MFA fatigue” tactics successfully target several major tech orgs, reflecting new levels of attacker innovation.
Attackers infiltrate a large password manager provider, stealing company source code and technical information. Reports emerge that attackers had internal access for four days.
A third-party vendor reports a massive breach impacting 37 healthcare organizations.
A large MSP suffers a ransomware attack, causing a major outage to emergency services across the U.K.
Asia experiences the most cyberattacks in Q3 2022, with an average of 1,778 weekly attacks per organization.
A breach of a major Australian telcom provider exposes data of 10 million customers in one of several major 2022 cyber incidents in the country.
A teenager pwns a top ride sharing service by targeting embedded credentials to the company’s privileged access management solution.
K-12 schools across the U.S. land in ransomware’s crosshairs as the new school year begins.
Reports surface that a third-party contractor left a major automotive provider’s source code exposed for five years via GitHub.
U.S. agencies announce state-sponsored hacking groups have had long-term access to a defense company since January 2021 and compromised sensitive company data.
A former security chief is found guilty of hiding a 2016 cyberattack in a landmark legal case that could change how security professionals handle data breaches.
Reports emerge on a breach of a top Australian health insurer involving stolen credentials and exposed customer medical information.
Back-to-back cloud storage database leaks highlight pervasive misconfiguration issues.
Yet again, attackers compromise a third party to breach IT systems for a major European train network, suspending all trains in the country.
A large French aerospace and defense company reveals the LockBit 3.0 ransomware group published stolen data from the company.
A large pharmaceutical company suffers identity compromise in a social media scam and loses millions of dollars in market cap.
Another large Australian telecoms firm reports data breach impacting 132,000 customers resulting from a “misalignment of databases.”
Security researchers report a spike in devices infected with the TrueBot malware downloader created by the Silence criminal group.
Back-to-back attacks on a popular ride sharing company then a large cryptocurrency exchange underscore third-party vendor security risks.