2022 saw more cybercrimes than ever and they were more costly than ever. Data breaches can have significant impact to organizations. According to the FBI’s cybercrime unit in 2022, data breaches cost businesses an average of $4.35 million – up from $4.24 million in 2021.
“In some ways it is discouraging, because we have more and more solutions than ever to thwart attackers, but the attackers have more and more weapons to thwart the solutions,” says Ron Gibbons, an IT specialist in Buffalo. “It’s a continual cat and mouse game and often, despite all the advances, it’s the human element that is the deciding factor and humans are fallible.”
Other research shows that there were 4,100 publicly disclosed data breaches in 2022, equating to approximately 22 billion records being exposed, and billions of dollars lost.
MSPs play an important role
MSPs are on the frontlines of keeping both SMBs and large enterprises from being attacked.
“For the most part I think they do an outstanding job”, notes Gibbons. “The key is to always stay one step ahead of the bad guys.”
Clearly that wasn’t always the case in 2022. Before the year disappears in the rearview mirror, here is a look at some of the biggest breaches of 2022:
Red Cross: In January, the records of more than a half a million “extremely vulnerable” people, many fleeing from warzones, were obtained by hackers via a complicated cyberattack. The data was pilfered from dozens of Red Cross and Red Crescent organizations across the world from a third-party company where the information was being stored.
Morgan Stanley: US investment bank, Morgan Stanley, indicated that numerous clients were victimized by vishing (voice phishing) in February 2022, from an attacker who claimed to be a representative of the bank, in order to breach accounts and initiate payments. This was not a classic breach in the sense that clients let the hackers in, Morgan Stanley’s systems were secure.
“Again, this incident just points to how humans are almost always the weak link,” Gibbons explains.
Nelnet Servicing: A data leak in the complex world of student loan servicing resulted in the private information of more than 2.5 million customers being leaked in June. The breach was not caught until August, which meant hackers had plenty of time to harvest the information and run.
Twitter: In July 2022, a hacker that went by the alias ‘devil’ posted to the hacking forum BreachForums saying they had the data of 5.4 million Twitter accounts for sale.
Medibank: Of course, data breaches happen across the world, but no one is completely immune. Large Australian healthcare and insurance provider Medibank detected some “unusual activity” on its internal systems. The company was then contacted on October 17th by the malicious party, who aimed to “negotiate with the [healthcare] company regarding alleged removal of customer data”. Medibank, at least publicly, refused to negotiate.
Givesendgo: As Canadians were grappling with a trucker protest, sympathizers across the country sent in funds to support them. But hackers commandeered a website to a page that condemned the Freedom Convoy protests – a case of Distributed Denial of Service (DDoS) attack. They then published the personal information of the 90,000 donors who had contributed to the initiative via the GiveSendGo website.
American Airlines: The personal data of a “very small number” of American Airlines clients were accessed by hackers after they broke into employee email accounts, the airline confirmed. Data accessed could have included customers’ date of birth, driver’s license, passport numbers, and even PHI.
Fishpig: Ecommerce software developer Fishpig, which is currently used by more than 200,000 websites, told customers that a distribution server breach has allowed threat actors to backdoor several customer systems. “We are quite used to seeing automated exploits of applications and perhaps that is how the attackers initially gained access to our system” lead developer Ben Tideswell said of the incident.
Plex: An August data breach into Plex, a media server app used by millions, resulted in personal encrypted data of their customers being compromised; including passwords, usernames, and emails. Plex addressed and repaired the vulnerability, but not before the incident damaged their reputation and customer privacy. Plex urged customers to change passwords and initiate MFA.
Uber: A social engineering attack against one of Uber’s contractors resulted in multiple compromised systems showing how third-party weaknesses can spread through a system. The hackers were eventually able to gain admin access and hijack many of Uber’s internal tools, including AWS, Google Drive, Slack, SentinelOne, and more.
“I think this is a pretty comprehensive list showing that no enterprise is immune, from the smallest to the largest. Hackers will probe for and usually find the weak spots, so MSPs and CISA’s need to stay a step ahead,” Gibbons advises.
Photo: Den Rise / Shutterstock