With every passing year, the list of companies suffering data breaches continues to grow. In 2022, high-profile hacks seemed to be coming out of the woodwork on a regular basis.
Hacks were not limited to just one sector. The range of companies affected included retail, government, manufacturing, healthcare, finance and many more.
These incidents were often made possible due to poor security practices that hackers were able to take advantage of.
That was the case when Uber and Ronin were hacked last year. Both firms failed to keep a close eye on the individuals that had access to their systems and data.
“For many businesses, 2022 saw cyberattacks join hardware failure and human error as the most common causes of data loss,” Jake Peters, secops manager at cloud services provider M247, told Verdict.
It’s not just the amount of breaches that grew in 2022, the global average cost of their caused losses increased too.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
The global average cost of a data breach increased 2.6% from $4.24m in 2021 to $4.35m in 2022. This is the highest it’s ever been, according to IBM Security’s The Cost of a Data Breach Report.
Of course, the financial cost has a significant impact on even the biggest companies; but reputational loss, legal liability and the trust of consumers are what is really impacted by a data breach.
With that in mind, let’s look at some of the biggest hacks from last year to hopefully learn something from them.
Uber, the car-hailing and food-delivery giant, suffered through two high-profile data breaches last year.
The first occured in mid-September when a hacker announced in the company’s Slack community: “I am a hacker and Uber has suffered a data breach.”
The alleged hacker claimed they had accessed several of Uber’s databases, including its messaging data.
This forced the company to shut down all its internal messaging and engineering systems, including its Slack and Google Cloud Platform.
Just three months later, Uber was compromised again where a hacker calling themselves “UberLeaks” gained access to over 70,000 Uber employees’ data.
An Uber spokesperson told Bleeping Computer that the files “are related to an incident at a third-party vendor and are unrelated to our security incident in September.”
UberLeaks posted four packages of data on to Breach Forums, which they claimed held source code information for mobile device management (MDM) platforms linked to the company. The hacker alleged the leaked data contained MDM platforms for both Uber and Uber Eats, as well as a range of its third-party vendor services, including IT asset management company Teqtvity and corporate card platform TripActions, Cyber Security Hub reported.
However, Uber and TripActions denied hackers gaining access to their internal systems. Talking to BleepingComputer, TripActions claimed that “no TripActions data was exposed… nor were TripActions’ customers impacted as part of this security incident as “TripActions does not maintain an MDM”.
In the series of posts on BreachedForums, UberLeaks alleged that the infamous Lapsus$ hacking gang was responsible for the breach, who carried out a hack into Uber’s internal systems back in September.
Lapsus$ is known for gaining access to companies by targeting employees through social engineering attacks – they’re categorised by Microsoft as DEV-0537.
Lapsus$ constantly “announce their attacks on social media or advertise their intent to buy credentials from employees of target organisations,” according to Microsoft.
Uber has denied allegations that Lapsus$ was behind its second infiltration of the year.
Garry Veale, UK & Ireland regional director at Vectra, told Verdict: “The increasing risk of third-party threats can be linked to modern large organisations ever-expanding IT environments, which typically contain a vast hybrid network consisting of cloud, infrastructure, and devices that go far beyond the traditional perimeter.
“With every new vendor added to the ecosystem, the attack surface that an organisation faces grows.”
The Ronin Network, a sidechain attached to blockchain game Axie Infinity, was breached by hackers that managed to make off with 173,600 ethereum and $25.5m. The laptop-wielding larcenists’ takings totalled a whopping $615m in stolen funds.
Axie Infinity is one of the most popular crypto games in the world, with almost three million monthly active players and a whopping market cap of well over $4bn.
The game is built on the Ronin network, an Ethereum-linked sidechain which was developed by Sky Mavis studio, who also developed the game.
The huge hack took place on the Ronin bridge, which acts as a bridge for users to deposit assets from other locations into Ronin as well as withdraw their funds.
In one of the biggest hacks of the year, the attacker managed to take advantage of how the Ronin Network validates transactions to speed away with millions.
“Sky Mavis’ Ronin chain currently consists of nine validator nodes, Ronin Network explained the breach in a blog post. “In order to recognise a deposit event or a withdrawal event, five out of the nine validator signatures are needed. The attacker managed to get control over Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO.”
That left the attacker needing just one more key to have full access to any transactions they want to make, so they moved their attention elsewhere. The cybercriminal apparently found a backdoor through Ronin’s gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
It was revealed that the Axie DAO validator, the port that holds the remaining five keys, gave the keys to Sky Mavis in order for transactions to be authorised faster. They reported that Axie DAO took the keys back, however, the keys were never actually deleted from the Sky Mavis server.
This allowed the attacker to claim all of the keys needed to created fake withdrawals.
In two huge transactions, the attacker forged fake withdrawals and validated them with stolen keys, taking almost all of the company’s funds.
“Huge companies, including the likes of Uber and Ronin faced significant hacks last year. In both instances, data security (or a lack thereof) was at fault,” Peters told Verdict.
“In particular, both firms failed to monitor the individuals and organisations that had access to their system, and what they were sharing.
“Instances such as these were on the rise in 2022, where hackers found gaps in vulnerable systems.
“The key to avoiding such events is to understand where a business’s data is stored, how safe it is, and who has permission to access what.”
Australia based health insurer Medibank faced a huge data breach in October which effected 9.7 million current and former customers.
The hacker gained access to all Medibank, its health insurance branch ahm and international customers’ personal data, as well as a significant number of health claims data.
This personal informational included customers’ name, address, date of birth, along with their Medicare card number in some cases.
The notorious Russian REvil gang, tied with several other high-profile data breaches over the years, started to publish the stolen records in November 2022.
Hackers had previously tried to demand a ransom from Medibank but began releasing the data after the company refused to pay.
“We believe there is only a limited chance paying a ransom would ensure the return of our customers data and prevent it from being published,” a spokesperson for Medibank said at the time.
It is understood that health claims for around 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers were accessed.
This included service provider names and even diagnosis and procedures.
It is also understood that the leaked data included names of high-profile Medibank customers, such as government lawmakers in Australia, including the prime minister, Anthony Albanese, The Guardian reported.
“Clearly the extortion attacks that hit Medibank and Los Angeles Unified School District (LAUSD) were considered to be lucrative, and the success of the attackers indicates that there was simply not enough protection in place to stop them,” Dave Waterson, CEO at security company SentryBay told Verdict.
The attackers posted what appeared to be the remainder of the customer data obtained from the health insurer at the beginning of December.
Accompanied with multiple compressed files amounting to over 5GB, the blog posted “Happy Cyber Security Day!!! Added folder full. Case closed.”
Crypto.com is one of the best-known cryptocurrency exchanges in the world, with an instantly recognisable name and high-profile backers such as actor Matt Damon.
It has also made several stunts to boost its brand, such as buying the name right for the LA Lakers’ home arena and running ads during the Super Bowl.
It might not be surprising then that 483 of its users were hit in a huge hack last year which led to unauthorised withdrawals worth up to $35m.
The hackers took large amounts of bitcoin and ether from customers using exchange.
“On 17 January 2022, Crypto.com learned that a small number of users had unauthorized crypto withdrawals on their accounts,” Cyrpto.com wrote in a post at the time.
“Crypto.com promptly suspended withdrawals for all tokens to initiate an investigation and worked around the clock to address the issue. No customers experienced a loss of funds. In the majority of cases we prevented the unauthorised withdrawal, and in all other cases customers were fully reimbursed.”
The company announced that it saw several accounts were approving their second-factor of authentication by one user. This led the company to investigate further, putting all withdrawals across the exchange on hold for 14 hours.
As a security measure, all customers were asked to login again and go through a new two-factor authentication process. The company also added a new feature that alerts users when a new address is added to their payee account, giving them 24 hours to cancel any payment if they don’t recognise it.
As it investigated, Crypto.com put all withdrawals on hold. It then required all customers to login again and go through a new two-factor authentication process.
“Identity remains a popular vector for threat actors seeking effective and swift entry points into businesses,” David Higgins, senior director of identity security company CyberArk’s Field Technology Office, told Verdict.
“And plenty have woken up to the fact that ‘machine’ identities, rather than ‘human’ ones, are often a productive target.
“That’s because there are 45 machine identities for every human one, meaning there are far more of them to defend.”
GlobalData is the parent company of Verdict and its sister publications.