Year by year, the digital threat landscape continues to grow challenging. cyber attacks have added to the COVID-19 pandemic, existing economic crisis, and international tensions.
2022 has been no different. The year’s first half has seen massive data breaches, notorious hacks, ransomware attacks, and security compromises. Cyber attackers disrupted many globally reputed institutions, reinforcing the fact that, unfortunately, nobody is safe from the cyber menace.
Here is a brief overview of some of the infamous cyber attacks that caught our eye this year.
The New Ransomware on the Block – Lapsus$
A South American-based ransomware collective called Lapsus$ has continuously been making headlines by launching a string of massive attacks on many high-profile tech companies. The actors behind Lapsus$ released source code, which the group claimed to have stolen from Microsoft and Okta. The other victims of these cyber attacks include Nvidia, T-Mobile, Globant, Samsung, Ubisoft, and even the Brazilian Health Ministry.
Ransomware gangs are growing in sophistication and opting for cyber extortion by stealing intellectual property. Though the exact vulnerability exploited by Lapsus$ is unknown, the leaked credential list of Nvidia revealed that employees using weak passwords could be the initial intrusion point.
Decentralized Financial Platforms – The Coveted Targets
Cryptocurrencies are now a global phenomenon as more and more investors explore the dynamics of crypto. The industry is deemed to change the face of the worldwide economy. However, the decentralized nature of crypto and its need for rapid development are creating vulnerabilities, attracting a wave of cyber threats.
For example, in January, a Singapore-based cryptocurrency company Crypto.com confirmed that threat actors had stolen 4836.26 ETH valued at $15 million, 443.93 Bitcoins worth nearly $19 million, and $66,200 in other currencies. In another incident that happened in March, the Lazarus Group of North Korea launched an attack on Ronin’s “Blockchain Bridge” and stole a whopping $540 million worth of ETH and USDC Stablecoin. And in April, Beanstalk Farms, a Decentralized Finance (DeFi) project, suffered a “flash loan” attack that resulted in the loss of $182 million in crypto assets.
Cyber Attacks on Costa Rican Government Services
Ransomware attacks are proliferating and emerging to target entire countries. In May, the president of Costa Rica announced a state of national emergency following a disruptive cyber attack on nearly 30 government institutions. This was the first time a country declared an emergency due to a ransomware attack.
The pro-Russian group, Conti, claimed responsibility for the attacks and demanded a $10 million ransom for not publicly releasing the sensitive information stolen from the Ministry of Finance. The Conti group reportedly launches attacks by infecting computers with Conti malware and stealing information from servers.
In the second incident in May, the Costa Rican Social Security Fund (CCSS) suffered a security breach by the HIVE ransomware group. The attack pushed the entire health system of Costa Rica offline. Anomalous information flow in its systems and the unusual behavior of computers made CCSS shut down all critical systems. The HIVE group demanded a ransom of $5 million in Bitcoin to let CCSS resume its operations.
The Proliferation of Malicious Lockbit
Kojima Industries is one of the suppliers of the automotive manufacturing giant Toyota. Between February and March, Kojima had to shut down its operations after identifying malware and a ‘threatening message’ that came on rebooting after a file error.
On March 1, Toyota issued a statement saying that it halted operations following “a system failure at a domestic supplier” to avoid long-term damage.
Two other suppliers of Toyota – Denso and Bridgestone- experienced a ransomware attack, which prompted a halt of operations in the middle and North American regions. The incident took place just 11 days after the attack on Kojima Industries. The ransomware group Lockbit claimed responsibility for the attack and gave a time window to pay a ransom, after which they’d publicize critical information.
The cyber attacks proved costly for organizations both economically and in terms of reputation. These digital threats have highlighted the need for organizations (of all sizes) to invest in cyber security technologies that can detect, prevent, and mitigate vulnerabilities across networks.
Of all the threat vectors, cyber attackers seem to have leveraged privileged access to reach lucrative organizational resources. In one case, using weak passwords led to cyber attacks. In another, an external contractor with access to sensitive information fell victim to a compromise. Hence, it is crucial for businesses to secure elevated access with robust privileged access management solutions. Implementing strategies like zero trust security and Just-in-Time access is even more critical.
In addition, arming internal teams with cyber security training and educating employees about following security best practices can help with quicker incident response.
As a leading Privileged Access Management company, Sectona helps organizations automate and integrate privileged access for a dynamic workforce. From continuous asset discovery, task delegation, and secrets management to deep API integrations, threat analytics, and dynamic grouping, Sectona PAM is an easy-to-deploy tool that is simple to work with.
Further Reading: Here are some lessons from our 2021 Privileged Access Management journey.
Read our Privileged Access Management Buyers Guide to understand the key features to be evaluated before selecting your PAM solution.