Gartner predicts that by 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%. In 2022, we saw data breaches, financial loss, and new vulnerabilities in complex multi-cloud environments. Remote work and digital business processes in the cloud are the top contributors to these new risks, along with technology gaps and skills shortages.
Here is what we learned from the biggest real-life data breaches of 2022* and what to look out for in 2023.
10 Biggest Data Breaches in 2022
- Red Cross
In early 2022, a sophisticated cyberattack was detected against computer servers hosting information held by the International Committee of the Red Cross (ICRC). The breach compromised personal data and confidential information of over 515,000 people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention, and hampered the ability of the organization to help those in need.
In January 2022, actor Matt Damon-backed cryptocurrency exchange, Crypto.com was hacked, leading to unauthorized withdrawals of bitcoin and Ether worth a whopping $35 million. To investigate the situation, the organization had to put all its users’ accounts on hold for 14 hours. They found out that transactions were being approved without the second-factor of authentication.
Samsung had two breaches in 2022: one in March and another in July. In March, hacking group Lapsus$ claimed responsibility for the breach, after they accessed its internal systems and stole source code relating to its Galaxy smartphones. In July, an unauthorized third-party breached and gained access to the company’s US-based systems and it wasn’t until August that Samsung took notice of the users’ personal information being affected.
At the end of 2022, a report found out that hackers were selling data stolen from 400 million Twitter users, and a widely circulated trove of email addresses linked to 200 million users is likely a refined version of this data. In a period from June 2021 to January 2022, there was a bug in a Twitter API that allowed attackers to submit contact information like email addresses and receive the associated Twitter account. The social media platform is also under investigation by the US Federal Trade Commission (FTC) over whether the company violated a “consent decree” that obligated Twitter to improve its user privacy and data protection measures.
In another Lapsus$ attack, an Uber EXT account was compromised to access the company’s internal systems in September of last year. This happened after an employee’s personal device was infected with malware and their login credentials posted to the dark web. Former CSO of Uber, Joe Sullivan was convicted on obstruction of proceedings of FTC and felony in connection with attempting to cover up the data breach.
- Costa Rica Government
Risk of data breach is not just restricted to big corporations - hackers often target governments and countries to instigate border tensions or demand exorbitant ransoms. Costa Rica had to declare a state of emergency in April, after weeks of major ransomware attacks. The Russian-based Conti gang has claimed they launched the attack and asked the people of Costa Rica to pressure the government to pay $20 million in ransom. “We are determined to overthrow the government by means of a cyberattack, we have already shown you all the strength and power,” they wrote.
A total of three attacks in 2022, Okta suffered significant damages from its data breaches. In January 2022, Lapsus$ hacked the organization, gaining access to 2.5% of the 15,000 Okta customers. Then in August 2022, a third-party individual notified the company that they possessed a copy of Auth0 code repositories from 2020. Finally, in Decemeber 2022, Okta confirmed that threat actors were able to steal the company’s source code after compromising its Workforce Identity Cloud repositories on GitHub.
In a statement in October, Microsoft confirmed that the “misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services." The exposed information included names, email addresses, email content, company name, and phone numbers, as well as files linked to business between affected customers and the company or authorized partners.
In November 2022, a threat actor gained access to a GitHub account belonging to a Dropbox developer who had fallen for a sophisticated phishing attempt that compromised the developer and provided the attacker with access to approximately 130 internal code repositories.
- Marriott International
The hotel group suffered two attacks in 2022. In June, an anonymous hacking group used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer. In another attack in July, hackers stole over 20 gigabytes of sensitive data, including guests’ credit card information.
*As reported from publicly available resources, linked in the sections above.
Top threats to your cloud in 2023
Gartner predicts that by 2025, 30% of critical infrastructure organizations will experience a security breach that will result in the halting of an operations- or mission-critical cyber-physical system. It is vital to secure your data on the cloud and be aware of bad actors that could potentially harm your company’s sensitive data, customers, finances, and even reputation. Here are some threats to watch out for in 2023:
- IoT and Smart Devices
With a hybrid workforce and increasing dependency on digital business, employees are using their own IoT devices to access data and applications on an organization’s cloud, which may not be properly secured and may contain malware that the user is unaware of. According to Gartner, misuse of credentials is now a primary method that attackers use to access systems and achieve their goals.
- Social Engineering
Social engineering is a technique used to exploit human complacency to gain access to private information, access, or other forms of valuable assets. Within the narrower context of cybercrime, these ‘human-hacking’ techniques focus on luring unsuspecting users into sharing secrets, spreading malware, or giving access to restricted systems. Phishing, baiting, favors are all examples of social engineering attacks, and organizations should establish strong networking practices and ensure attackers cannot retrieve information about you from levering a vulnerability in the technologies you use.
- Supply Chain Attacks
In a podcast with Horangi, Steven Sim, one of Singapore's most renowned and decorated CISOs, said, “We have seen supply chain attacks that went sour because the vendor itself hasn't disclosed Zero Day vulnerabilities. They disclose it only when the patch is up and by then it’s too late, so a number of telcos were actually breached a couple of years back because of that supply chain attack. So the need for the vendors to report vulnerabilities as they are identified and being able to share compensating controls is very important for the consumer and enterprise to be able to make that well-informed decision on what to do with it.”
- API Threats
Gartner has been warning about API server attacks and we already saw a lot of examples just last year. The number of APIs has grown and there is an increasing usage of applications that rely on computational communications. APIs play a critical role in enabling data exchange, but they can also provide hackers with a potential gateway to user data theft. Recently, well-known organizations like Twitter, Experian, Peloton, and the FBI suffered API-related breaches.
What to look out for?
- Zero Trust
Zero Trust is becoming more and more important for organizations everyday. A strategic approach to cybersecurity that secures the foundation of an organization’s cloud security, Zero Trust removes the possibility of any implicit trust by constantly validating every stage of a user’s digital interaction. Gartner predicts zero trust network access (ZTNA) will be the fastest-growing network security market segment worldwide. It’s forecast to achieve a 27.5% compound annual growth rate (CAGR) between 2021 and 2026, jumping from $633 million to $2.1 billion worldwide. Read more about zero trust and PoLP here.
- IAM & PAM
Identity and access management (IAM) and Privileged Access Management (PAM) is about defining and managing the roles and access privileges of individual network identities like users and devices in your multi-cloud infrastructure. As more organizations are adopting a multi-cloud strategy, each Cloud Solution Provider (CSP) has its own particular way of managing access and entitlements to resources which puts your organization at an increased risk that attackers will find and exploit these misconfigurations, as shown by recent data breaches. Check out Warden’s IAM feature here.
- CISO Security Budget
According to Forbes, companies are looking for ways to cut costs in the wake of a recession and the cybersecurity budget is often the one that suffers a cut. Hackers will, however, use this period to take advantage of the weakened defenses, possibly making 2023 one of the worst years for cybersecurity. Horangi Warden’s pricing is built for businesses of all sizes and there's a plan for everyone on the one-click cloud security platform that can transform your cloud security posture management (CSPM) journey. Know more about the pricing here.
- Cybersecurity Risk Assessment
A security risk assessment can help your organization identify, assess, and implement key security controls in applications by focusing on preventing application security defects and vulnerabilities. Start a focused cybersecurity strategy by engaging Horangi to do a comprehensive and objective evaluation of your organization's current security posture across core business processes, endpoints, digital and physical footprint, threats, and all other plausible risks - from an attacker’s perspective. Learn about Horangi Cybersecurity Assessment (CSA) here.