Every year, we become more aware of the dangers of cybercrime and data breaches. Unfortunately, this doesn’t mean that the number of incidents decreases – quite the contrary. The biggest challenge for organizations is not the number or type of attacks they face, but how to respond quickly enough to mitigate their damage before it’s too late.
Cybercrime is expected to cost companies worldwide upwards of $10.5 trillion by 2025. The attackers use sophisticated tools to penetrate systems and steal data from organizations of all sizes. Malicious actors will also use social engineering tactics to lure employees into giving them access to their systems without knowing it.
There are many different types of data breach scenarios, so let’s take a look at some of the top ones that have happened this year so far.
January – Crypto.com Cyber Attack
Crypto.com is one of the largest cryptocurrency exchanges in the world, with over 50 million users. But on January 17, 2022, the crypto app became aware of unauthorized transactions within customer accounts. Upon investigation, Crypto.com learned that hackers had successfully bypassed 2-factor authentication (2FA) requirements to withdraw funds from digital wallets.
After an internal audit and third-party engagements, Crypto.com announced that they would transition to stronger Multi-Factor Authentication (MFA) to mitigate future risks. The malicious actors ultimately made off with $30 million in cryptocurrency. The 483 affected users were reimbursed by Crypto.com.
January – Red Cross Data Breach
The International Committee of the Red Cross (ICRC) learned on January 18, 2022, that private data from over 515,000 “vulnerable people” had been stolen. The attack targeted a Switzerland-based contractor where the data was stored. The hackers infiltrated through an unpatched vulnerability in ICRC’s servers. From there, they remained undetected for 70 days.
While a likely scenario could’ve been attackers using this data for ransom, to leak or sell, none of this has happened yet. Unfortunately, the victims of this data breach may likely experience identity theft down the road.
February – Credit Suisse Data Leak
One of the world’s largest private banks, Credit Suisse, made headlines in February after an anonymous whistleblower leaked data from over 30,000 clients. This unmasked the beneficiaries of nearly $100 billion, many with much darker secrets. High-risk clients around the world had their data exposed and published by news outlets.
Let’s ignore the reasoning behind the data leak and focus on the magnitude of such an internal event. The whistleblower had access to client records and was able to export a massive quantity to share externally.
March – Lapsus$ Ransomware Attacks
The Lapsus$ ransomware attacks initially surfaced in December 2021, but a range of high-profile attacks came to light throughout March 2022. The group, led by teenagers, caused a shocking amount of damage.
Early on the attack spree was Nvidia, where 1 terabyte of data was stolen and used for ransom. Samsung announced soon after that Galaxy device source code was stolen, though Lapsus$ was never the confirmed thief. Lapsus$ claimed to have stolen from Microsoft Azure – specifically source code for projects like Bing and Cortana. The group attempted to breach Okta next but was only able to two of the IAM company’s customers. Globant confirmed that source code was stolen from Lapsus$ as well. Finally, T-Mobile was breached multiple times throughout March, once again stealing source code.
Many target companies of the dramatic Lapsus$ breaches managed to avoid sensitive data leaks. However, the negative effects on these brands’ reputations can leave a lasting bad impression on customers.
March – NYC Department of Education Data Breach
On March 26, the New York City Department of Education confirmed that the private data of 820,000 students was hacked. The breach stemmed from an attack on Illuminate Education, software used by the city’s Education Department. Hackers successfully gained access to a range of student’s private information, including names and birthdays.
While the breach took place in January, the Department of Education wasn’t informed of exposed student data until late March. Not only has Illuminate faced a blow to its reputation, but families of the nearly million students may face lasting effects.
April – Cash App Data Exposure
On April 4, 2022, it was revealed that 8.2 million users of Cash App Investiging had their sensitive information exposed. The announcement came from a regulatory filing by Block, the company behind Cash App and the Square payments system.
This massive data exposure stemmed from a former employee who downloaded corporate reports after they left the company. It took nearly four months for the incident to be discovered. Whether malicious or not, the insider threat-related breach left a sour taste for millions of Cash App customers.
May – Costa Rican Government Ransomware Attacks
April 17, 2022, marked the beginning of a ransomware attack by Conti Group, targeting nearly 30 institutions of the Costa Rican government. The international attack organization demanded US$10 million in ransom, or else citizens’ tax return information would be leaked. Another ransomware on May 31 – this time by the Hive Ranomsware Group – targeted the Costa Rican Social Security Fund. Their ransom demand was $5 million.
Branches including the Ministry of Finance, Technology and Communications, the state internet service provider and others all fell victim to attacks. To mitigate the damage, computer systems related to taxes, social security, imports and exports were shut down, as well as government websites.
The overall effects caused nearly $30 million in losses. Although the most damaging means of attack was ransomware, web pages were also defaced and email files were stolen.
July – Twitter Breach
On July 21, 2022, a hacker posted the data of 5.4 million Twitter users for sale (for a mere ~$30,000). The attacker had exploited a known vulnerability that was first identified in January. Twitter had patched this vulnerability, but the malicious actor was faster than Twitter in this case.
2022 hasn’t been a great year for Twitter. In August, the former head of security made public allegations against the social media company. In the 200-page complaint filed with the SEC, Twitter is described as having “egregious deficiencies, negligence, willful ignorance, and threats to national security and democracy.”
August – 0ktapus Phishing Attacks
On August 25, 2022, the threat researchers at Group-IB revealed their findings from the months-long 0ktapus phishing campaigns. Attackers imitated Okta single sign-on services to steal the credentials of nearly 10,000 users. Over 130 organizations were potentially compromised, including Twilio and DoorDash.
Phishing isn’t anything new, and Group-IB even suggests that the attackers were likely inexperienced. Nevertheless, they targeted 169 unique domains in this campaign, including Cloudflare, Twitter, Microsoft, T-Mobile and more. While many of these organizations were able to thwart attacks, the size of the attack surface is alarming.
September – Uber Breaches
Last on the list is Uber’s organization-wide security breach, announced on September 15, 2022. A social engineering attack against one of Uber’s contractors resulted in multiple compromised systems within. Led by an affiliate to the Lapsus$ hacking group, the attacker was eventually able to gain admin access and take over many of Uber’s internal tools: AWS, Google Drive, Slack, SentinelOne and more.
Social engineering attacks continue to cause severe damage to organizations. While this 2022 attack didn’t expose Uber users’ information, the infamous 2016 breach is another story. Another social engineering attack at Uber exposed approximately 57 million users, including approximately 600,000 drivers’ license numbers. To make matters worse, the former Uber CISO was convicted for its role in deceiving the federal government while investigating the breach.
Security Automation: Reduce Your Risk of a Data Breach
Data breaches are becoming more frequent and more costly, but they don’t have to be.
Over the past few years, data breaches have hit some of the biggest organizations in the world. From Uber and Facebook to Twitter and government entities, these cyberattacks have exposed personal data and cost millions of dollars.
What’s causing delays in threat detection and incident response? In many cases, it’s a lack of automation.
Studies have found that phishing attacks have risen by 29% in the past year. Insider threats have increased by 44% over the past two years. The global average cost of a breach is a whopping $4.35 million. And while it’s true that no one can completely stop all data breaches, companies can significantly reduce their exposure by implementing low-code security automation.
Security automation, like Swimlane, is a trusted solution for SecOps teams because it accelerates incident response and reduces dwell times, MTTD and MTTR. Security automation also helps security analysts proactively hunt for threats and reduce overall risk.
Get Your Buyer’s Guide for Security Automation
Cut through the complexity and frustration of SOAR and security automation solutions. This guide analyzes the wide range of security automation platforms available today, so you can find the best solution for your team.