2022 roundup: major breaches and global cybersecurity events

2022 was a stressful 12 months for security teams, to say the least. Many open cybersecurity jobs remained unfilled, straining staff while they grappled with remote workforce risks, accelerated cloud adoption, mounting cybersecurity debt, and heightened exposure to ransomware and software supply chain attacks. Meanwhile, the Ukraine conflict created a host of new and formidable challenges.

Identity compromise was a familiar theme across major 2022 breaches: from a high-profile incident involving Okta, a major identity provider, to the rise in deceptive “MFA fatigue” phishing, to a headline-grabbing attack on Uber.

Tackling identity-centric challenges was top of mind for government leaders and business executives alike. In some cases, conversations about the “trust no identity, verify every identity” zero-trust imperative turned to action. Governments enacted stronger cybersecurity regulations to harden networks and protect access to sensitive data and critical infrastructure. Private sectors increased supply chain scrutiny to identify areas of weakness, such as embedded credentials and unmanaged secrets.

Under extreme pressure, cyber insurance providers continued to ramp up requirements, making it even harder for organisations purchase or renew policies. And several landmark legal cases placed breach responsibility and disclosure obligations on individuals, suggesting major changes ahead.

Below, we revisit the past year in cybersecurity because history tends to repeat itself until we learn from it and make changes. While attack methods and threats continue to evolve, focusing on identity, the one true constant is a solid cybersecurity strategy for 2023 and beyond.

January 2022 Breaches
  • Attackers breach a global humanitarian organisation, gaining access to sensitive data and disrupting services around the world.
  • News Corp discovers a persistent cyberattack targeting journalists in a suspected espionage campaign.
  • An attack on Crypto.com, a global cryptocurrency exchange, results in unauthorised withdrawals worth approximately US$35 million.
  • A multi-month attack spree by Lapsus$ Group compromises several leading tech companies. After the dust settles, Okta is disclosed as the initial attack vector.
February 2022 Breaches
  • New HermeticWiper malware targets Ukrainian infrastructure as threats rise in the region.
  • More than 300,000 global volunteers form an “IT Army” to help bolster Ukraine’s cyber defences.
  • A series of cyberattacks disrupt operations at oil distribution facilities across Europe, putting authorities on high alert as oil prices climb.
 March 2022 Breaches
  • Attackers steal US$625 million from Axie Infinity, a blockchain-based game, in what is said to be the biggest crypto heist to date, raising questions about the vulnerabilities of decentralised finance.
  • A massive DDoS attack takes down Israeli government websites.
April 2022 Breaches
  • Ransomware attacks wreak havoc on Costa Rica, prompting the country’s president to declare a national state of emergency.
  • A former employee at Cash App, a major mobile payment app, downloads sensitive files containing personal customer information, impacting up to 8 million people.
A blue screen with white text

Description automatically generated with low confidence
  • The notorious Conti ransomware group disbands following a major data leak and increased scrutiny from law enforcement.
  • Lincoln College, a 157-year-old educational institution in Illinois, closes permanently following a ransomware attack.
June 2022 Breaches
  • The attacker responsible for the historic Capital One 2019 breach, which put cloud security into the spotlight, receives a guilty conviction.
July 2022 Breaches
  • Hackers attack Gestore dei Servizi Energetici, Italy’s energy agency, compromising servers, blocking access to systems, and suspending access to its website for a week.
August 2022 Breaches
  • Phishing attacks using “MFA fatigue” tactics successfully target several major tech orgs, reflecting new levels of attacker innovation.
  • Attackers infiltrate LastPass, a large password manager provider, stealing company source code and technical information. Reports reveal that attackers had internal access for four days.
  • Third-party mailing and printing vendor OneTouchPoint reports a massive breach impacting 37 healthcare organisations.
  • Advanced, a large British MSP suffers a ransomware attack, causing a major outage to emergency services across the United Kingdom.
September 2022 Breaches
  • Asia experiences the most cyberattacks in Q3 2022, with an average of 1,778 weekly attacks per organisation.
  • A breach of Optus, a major Australian telecom, exposes data of 10 million customers in one of several major 2022 cyber incidents in the country.
  • K-12 schools across the US land in ransomware’s crosshairs as the new school year begins.
October 2022 Breaches
  • Reports surface that a third-party contractor left Toyota’s source code exposed for five years via GitHub.
  • US agencies announce state-sponsored hacking groups have had long-term access to a defence company since January 2021 and compromised sensitive company data.
  • Joe Sullivan, the former Uber security chief, is found guilty of hiding a 2016 cyberattack in a landmark legal case that could change how security professionals handle data breaches.
  • Reports emerge on a breach of top Australian health insurer Medibank involving stolen credentials and exposed customer medical information.
November 2022 Breaches
  • Back-to-back cloud storage database leaks highlight pervasive misconfiguration issues.
  • Yet again, attackers compromise a third party to breach IT systems for Denmark’s train network, suspending all trains in the country.
  • French aerospace and defence company Thales reveals the LockBit 3.0 ransomware group published stolen data from the company.
  • A large pharmaceutical company suffers identity compromise in a social media scam and loses millions of dollars in market cap.
December 2022 Breaches
  • Telstra, a large Australian telecom, reports data breach impacting 132,000 customers resulting from a “misalignment of databases.”
  • Security researchers report a spike in devices infected with the TrueBot malware downloader created by the Silence criminal group.
  • Back-to-back attacks on Uber and Gemini, a cryptocurrency exchange, underscore third-party vendor security risks.