The 6 worst cyberattacks of 2022 (so far)

long futuristic hallway

The 6 worst cyberattacks of 2022 (so far)

As expected, in the first 7 months of 2022, there have been multiple major cyberattacks that have resulted in a loss of productivity, revenue or large-scale data leaks. Whilst some of the largest attacks have been in countries such as America and Ukraine, there have also been some major cyberattacks within the UK. Although these cyberattacks are the ones that receive media coverage, there are many more attacks on smaller businesses that cause major devastation. This can be seen as so far in 2022, 39% of UK businesses have identified cyberattacks within their business. Fortunately, this number is significantly less than in 2020, as 46% of businesses identified cyberattacks. Without further ado, here are the 6 worst cyberattacks of 2022 so far.

KP Snacks – Ransomware Attack

KP Snacks, the maker of KP Nuts, Hula Hoops, Nik Naks, Tyrell’s, Pom-Bears and more, fell victim to a ransomware attack in January of this year. The gang behind this attack was Conti, an infamous cybercrime group from Russia. Shortly after the attack was detected, KP Snacks released a statement explaining that it could not ‘safely process order or dispatch goods’ due to the incident. Following this, there were supply chain issues until the end of March.

As is now expected, the Conti gang operate double extortion, whereby they would release stolen data if KP Snacks did not pay the ransom. Initially, a small number of staff documents were posted online, with a 5-day countdown, that when the clock hits zero, all data will be released, unless the ransom is paid. However, the post on the Conti website was removed soon after, potentially indicating that the ransom was paid, or the two parties were in negotiation. With, neither party disclosed whether the ransom was paid.

UKVCAS – Data Breach

In April, the UK Home Office’s visa service had to apologize for a data breach in which the email addresses of over 170 customers were mistakenly copied into an email. The email was informing a customer of a change in the time of their appointment. The emails included in this breach were a combination of personal emails and lawyers working on behalf of customers. This data breach was particularly noteworthy as UKVCAS is run on behalf of the Home Office by a private contractor, therefore it was not directly the Home Office’s fault. The breach was a case of an accidental malicious insider, and businesses can decrease the likelihood of these forms of breaches through regular cybersecurity awareness training.

The Works – Presumed Ransomware Attack

UK Retail chain, The Works, was forced to shut down a number of its stores in April due to a widespread cyberattack. Although the retailer did not go into much detail about the nature of the attack, it is believed to have interrupted deliveries, extended online order fulfilment times, and compromised the safety of payments on their POS systems. After the attack was remediated, it was found that no customer data was exfiltrated. However, it is believed that the attack was a ransomware attack, although it is unknown how much the ransom amount was, or how The Works restored their systems.

The real-world impact of this attack was the fact that the share price for The Works fell by 10% the day they announced the cyberattack. There was also a loss of revenue from the stores that were unable to open due to the attack.

Crypto.com – Account Compromise

In January, one of the largest cryptocurrency exchanges, Crypto.com, released a statement explaining they were the victim of an account compromise attack that resulted in 4,836.26 Ethereum and 443.93 Bitcoin being stolen, totaling approximately $35 million. The attack affected 483 users, and the threat actors performed unauthorized withdrawals from the victims’ wallets to their own. Interestingly, the attackers were able to perform the withdrawals without the MFA authentication control being inputted by the user. After the attack, Crypto.com suspended all withdrawals and migrated to a new MFA infrastructure.

Crypto.com was able to prevent some of the unauthorised withdrawals before it was too late, and the company reimbursed customers so there was no loss of customer funds. Crypto.com has now implemented a new program, the Worldwide Account Protection Program, which will prevent this from happening again. The program includes controls such as the use of MFA and anti-phishing codes.

Ukrainian Government – Website Hacks & DDoS Attacks

Throughout the first quarter of 2022, Russian hackers targeted many Ukrainian websites, including multiple government and financial services websites. In January, around 70 websites were hacked, including the Ministry of Foreign Affairs, Cabinet of Ministers and Security and Defense Council. Most of these hacks only involved changing the text on the website to display pro-Russia sentiments.

Shortly after, Russian threat actors targeted multiple government, non-profit and information technology organisations throughout Ukraine with a piece of malware disguised as ransomware. The malware had all the features of ransomware, but lacked a recovery feature, meaning that it simply destroyed all files on the victim’s computer.

Early in February, there were several large, distributed denial of service (DDoS) attacks, bringing down the websites of the Defense Ministry, Army, and Ukraine’s two largest banks. Later in the month, there were more DDoS attacks, but the organisations were able to recover quickly from these.

From March until the present day, there are still many cyberattacks being launched against Ukrainian citizens and businesses. Most of these attacks are phishing attacks, with the goal of launching widespread malware attacks.

Ronin – Account Compromise

In March, one of the largest cyberattacks in recent history occurred, when a threat actor stole approximately $600 million worth of digital assets. These were stolen from a blockchain network, Ronin, that is connected to a popular online game, Axie Infinity, created by Sky Mavis. This attack was possible as there were some outdated Sky Mavis accounts with dangerous permission levels. The attacks were able to compromise these accounts and subsequent nodes, allowing them to authorize fake transactions on the network or bridge that handles converting tokens, Ronin. The hackers were able to steal 173,600 Ether and 2.5 million USD Coin, totaling over $600 million. In 2021, there were many similar attacks on bridges and Decentralized Finance platforms, totaling $2.3 billion.

Whilst this form of attack is not viable for most businesses, it acts as a cautionary reminder for businesses looking to adopt new Web 3.0 technologies.

Two Largest Bug Bounties

Although the media is awash with stories of malicious actors exploiting vulnerabilities and targeting organisations, there is a community of ethical hackers actively trying to find exploits to responsibly disclose them to the affected organization. Many organisations offer a monetary reward for finding these vulnerabilities, called a bug bounty program. So far in 2022, we have seen two of the largest bug bounties paid out, one totaling $6 million, and another totaling $10 million.

The $6 million bug bounty was awarded to the ethical security hacker by the name of pwning.eth who found a critical vulnerability in the Aurora Engine, a bridging and scaling solution for the cryptocurrency Ethereum. If pwning.eth was to have exploited the vulnerability it could have cost the company $200 million.

The $10 million bug bounty was awarded to the bug hunter Satya0x after discovering a vulnerability in Wormhole cryptocurrency bridge. Wormhole is the message-passing protocol that connects blockchains such as Ethereum, Terra and Binance Smart Chain. If the vulnerability was exploited, it could have resulted in $736 million worth of digital assets being lost forever.

How to Keep Your Business Safe

The past few years have taught us that all businesses, regardless of size, industry, or location, are at risk of falling victim to a cyberattack. Although there is no way to ensure that your business is immune to cyberattacks, there are controls and solutions that can be implemented to significantly decrease your cyber risk, as well as making detection and remediation as effective as possible. If you want to find out more about how your business can reduce its cyber risk, contact us today.