Intro

Every year, many major organizations experience catastrophic cyber attacks. A cyber attack can have a major impact on an organization: both reputational and financial. And there is a lot we can learn from these recent cybersecurity incidents.

Here’s a list of 20 major recent cyber attacks:

1. Twitter Accused of Covering Up Major Data Breach

Chad Loder, a cyber security researcher, co-founder, and CEO of Habitu8, accused Twitter (now known as "X"), of covering up a data breach in November 2022.

Loder claimed that the breach affected millions of Twitter users worldwide, and Twitter's authority covered up the data breach.

It was one of the two biggest data breaches Twitter faced in 2022. Another data breach occurred in Twitter in July 2022, which they admitted took place. However, the data that impacted the November breach was different from the July breach, even though the cybercriminals utilized the same vulnerabilities.

2. Over 1.2 Million Credit Card Data Published on A Hacking Forum

Darknet credit card marketplaces offer stolen credit card data or sell it for financial fraud. Usually, these procedures involve a large sum of money, in both the stolen accounts and the transactions for the purchase of the account itself.

Back in October 2022, a carding marketplace by the name of BidenCash released the details of 1.2 million credit cards for free. The information included cards that were to expire between 2023 and 2026, along with all the details needed to perform transactions with the leaked cards.

This was a publicity stunt done by BidenCash. They did something similar back in June 2022 to promote the website. After suffering from several DDoS attacks (Distributed Denial of Service) back in September, BidenCash was forced to release new URLs.

Many cybersecurity experts still emphasize that the attacks were staged, and BidenCash is just trying to get into the limelight by releasing the data on the market.

3. Optus Data Breach Revealed Information About 11 Million Clients

Optus is a telecommunications company in Australia. The company suffered a major data breach attack that gave the hackers access to the data of 11 million customers. The data included:

• Names
• Dates of birth
• Phone numbers
• Email
• Home addresses
• Driver’s licenses
• Passport numbers
• Medicare ID numbers

They demanded a ransom of AU $2000 from Optus, and they leaked the data when Optus refused.

4. An Attempt to Sell 500 Million WhatsApp User Data On The Dark Web

A hacker posted a dataset containing 487 million WhatsApp users from over 84 countries on the BreachForums. The hacker also mentioned that anyone purchasing this dataset would gain access to the most recent mobile numbers of the users.

Among the details were details for 32 million US users, 11 million UK users, and 6 million German users. The hacker didn’t specify the methods of collecting so much data at once, only mentioning that they got it by “using their strategy”.

5. Data of 9.7 Million People Exposed in Medibank Data Leak

Australian healthcare and insurance provider Medibank detected unusual activity on their web servers back on October 13, 2022. On October 17, they received threats of data removal and a negotiation offer to prevent that from an unknown third party. However, Medibank completely refused the offer.

The severity of the hack was revealed by Medibank on November 7th. The hacker had managed to gain completely unauthorized access and steal the data of 9.7 million patients. The information included all the diagnoses and medical procedures, including their specific codes. All of this information could easily be used to identify any patient.

Since Medibank wasn’t bending to any demands of the hackers, they then decided to release a so-called “naughty list” of the patients.

These records included patients who were seeking medical treatment for

• HIV
• Drug addiction
• Alcohol abuse
• Different mental health issues

To take the matter even further, they posted another file on November 10th that was labeled “abortion”. The data was uploaded to a website backed by a popular Russian group, REvil, mostly known for their ransomware attack expertise. The list contained information on procedures that the policyholders claimed to have, including

• Miscarriages
• Terminations
• Ectopic pregnancies

6. Uber and Rockstar Games Hit By The Same Attacker

This is a double incident orchestrated by the same attacker. A hacker breached both the servers of Uber and Rockstar games between September 15-19, 2022. It started with a breach of Uber’s servers via a contractor’s device that was hacked with malware.

The login information for the device was sold on the dark web, where the bad actor picked it up and gained unauthorized access to launch the attack. They managed to access several other employee accounts via another attempt and gained access to the critical infrastructure of the companies.

The hacker posted a message on one of the company’s Slack channels. In addition, the hacker configured the open DNS of Uber to preview a graphic image to employees when they try to access some internal sites.

On September 19th, Rockstar Games discovered that their database was infiltrated. A user by the name of "teapotuberhacker" posted in one of the most popular forums of their best-selling game, Grand Theft Auto.

The GTA Forums post said: “Here are 90 footage/clips from GTA 6. It’s possible I could leak more data soon, GTA 5 and 6 source code and assets, GTA 6 testing build.” The hacker also claimed in the comments that he downloaded the clips from Slack by hacking into a channel the employees were using for communicating about the game.

After finding out about the incident, Rockstar Games made an official statement on their Twitter page describing how it happened.

They also stated that the company had faced a network intrusion that allowed the perpetrator to access and download confidential information from the system. The information included footage of their upcoming game, Grand Theft Auto 6.

7. Twitter Confirmed Data Theft of 5.4 Million Accounts

This is the first Twitter hack of 2022 that we mentioned earlier in the November incident. A hacker by the alias "Devil” posted on the hacking form “BreachForums” that they were selling 5.4 million Twitter accounts. The reason for this data breach was a vulnerability that was discovered back in January 2022 but never resolved.

The stolen information included email addresses and phone numbers, and the information came from a wide range of random people, celebrities, different organizations, and OGs. The term “OGs” refers to Twitter handles that are short, only comprising a couple of letters.

The hacker started the bid at $30,000 for the dataset and made it clear that he wasn’t accepting offers any lower.

8. Social Security Information of 2.5 Million Students Leaked in Student Loan Data Breach

In June 2022, Nelnet confirmed that a data breach on their server caused a major data leak for 2.5 million users. Nelnet is a student loan service company.

An investigation was conducted which concluded on August 17, 2022, that revealed the cause of the breach. There was a vulnerability in the central system of Nelnet that allowed access to the hackers since June 2022. The range of accessible information included:

• Names
• Home Addresses
• Email Addresses
• Phone Numbers
• Social Security Numbers

As soon as the event was discovered, Nelnet Servicing contacted the US Department of Education and Law Enforcement to resolve the issue.

9. SHEIN Fined 1.9 Million for Data Breach of 39 Million Customers

Zoetop Business Company failed to disclose a data breach that affected its subsidiary companies, SHEIN and ROMWE. The company was fined $1.9mn for its failure to comply with rules. The event took place in 2018, but due to the recent hearing, it makes the list.

The data breach was discovered back in July 2018, which revealed that an unauthorized third party had complete access to SHEIN’s payment systems. The breach leaked the information of 39 million customers online.

The company was contacted by a large credit card network and a credit card issuing bank, and both provided confirmation that Zoetop’s systems had been infiltrated, and their card data was being stolen.

Both these companies found the compromised card dataset on hacking forums up for sale and notified Zoetop right away.

10. Revolut Data Breach Exposes 50,000 Customers

An unknown third party breached the central systems of Fin-Tech start-up company Revolut on September 11, 2022. They gained access and stole the personal information of 50,150 users. The information included:

• Names
• Home Addresses
• Email Addresses
• Partial Payment Card Information

Though Revolut insisted that the card details were masked to avoid exact identification, the incident was still regarded as a major breach.

The situation even involved the Lithuanian government, which ensured that Revolut had taken “prompt action to eliminate the attacker’s access to the company’s customer data and stop the incident” as soon as it was discovered.

11. Crypto.com Attacker Escaped With $18 Million Worth of Bitcoin

This incident is considered one of the most intense cyber crimes of 2022 because the attack occurred despite having a high-fidelity security measure in place.

On January 17th, 2022, crypto.com got hit by a group of hackers who bypassed two-factor authentication and stole nearly 500 cryptocurrency wallets. The wallets contained approximately $18 million worth of Bitcoin and $15 million worth of Ethereum, in addition to other cryptocurrencies.

Though the attack was dismissed as “just another incident” at first, crypto.com retracted its statement later after they confirmed that the money was stolen and the users had been reimbursed.

12. Microsoft Faces Data Breach From A Major Attacker Group

This event goes to show that even the goliaths of the cyber industry are not safe from attacks. A hacking group called Lapsus$ posted a screenshot on Telegram on March 20th, 2022, indicating that they had successfully hacked into the systems of Microsoft, compromising several of their products, including Cortana and Bing.

Though the hacker managed to retrieve some data from Microsoft, they quickly stopped the hacking attempt and published reports about the incident and the entire event. They mentioned that only one account was compromised, which was quickly taken off the system.

Microsoft also stated that no customer data had been reported, marking this attack as “completely insignificant.”. The event didn’t damage Microsoft in any way. In contrast, Microsoft benefited from the extra media coverage and publicity for the company’s effective security response.

The reason behind this preparedness was the past track record of Lapsus$. They had targeted companies like Samsung and Nvidia beforehand, so Microsoft was already expecting a major incident.

13. News Corp Had A Server Breach

Another incident came to light in 2022 but took place long ago. News Corp admitted to data breaches taking place back in 2020, in February 2022. While revealing the information, News Corp also added that no customer data was stolen during the incident, and that it didn’t hinder their day-to-day work lives.

But Newscorp stated that several emails were stolen from the company’s journalists. News Corp. has put espionage at the top of their speculation, but no perpetrator has been identified yet.

14. Red Cross Server Breach Caused Information of 500,000 People To Leak Online

The Red Cross and the Red Crescent Movement both use external servers to host their personal information. More than 500,000 records in their databases were exposed after a hack attack on the servers of both organizations.

The servers contained data regarding the Restoring Family Links services. These groups of services work to reconnect people who have been separated by war, migration, and different acts of violence.

As an immediate attempt to stop these attacks, the Red Cross took its servers offline altogether. No culprit has yet been identified.

15. Ronin Paid The Price For Lowering Their Security

Ronin was a popular gaming blockchain platform that enabled players to earn digital currencies and NFT (non-fungible tokens) through their game Axie Infinity. NFT is a financial security through digital data that is stored in a blockchain.

The game continued to increase in popularity very quickly after release, and the user base was increasing quickly. However, the security measures of the server were interrupting the game’s overall user experience. The developers decided to tone down their strict security measures to support their increased player base. This decision became the reason for their downfall soon after.

The hackers took advantage of their vulnerable state of security and performed a full-scale attack. A total of $625 million was stolen in cryptocurrency from the company servers. Ronin’s parent company is still trying to figure out the culprit, but the investigation hasn’t led to any conclusions yet.

16. FlexBooker Data Breach Leads To Leak of Confidential Information

FlexBooker was an appointment management company that received a major financial hit from a hack attack incident in early 2022. The attack affected three million users, and the attackers stole the following information:

• Name
• Home Addresses
• Email Addresses
• Phone Numbers
• ID Information
• Driver’s License Information
• Passwords

To add insult to injury, the stolen data was sold to the highest bidder on different hacking forum boards. The group behind the attack was called Uawrongteam, and they managed to exploit the AWS configuration of the website.

After the hackers gained access to the system, they installed malware on the servers and gained complete control over the system.

The incident was so severe that many clients left the platform altogether in fear of their security. As a result, the company was heavily affected financially.

17. GiveSendGo Became A Victim of Political Data Breach

GiveSendGo is a Christian fundraising site backing the Freedom Convoy movement. This movement was started by Canadian truckers who drove across the country as a protest against the strict isolation rules of COVID-19.

A hacker breached the website of GiveSendGo in February 2022. The individual claims credit for hacking a few more far-right social networks, including GiveSendGo.

The hacker redirected the fundraising site to a page that actively condemned the Freedom Convoy movement, making it a case of a DDoS attack. The attack was also politically motivated.

The hacker also leaked personal information about 90,000 donors who actively participated in, and contributed to the movement via the website.

18. CashApp Narrowly Escaped A Server-Wide Hack

In April 2022, a former employee of CashApp attempted to breach their servers due to a personal grudge they had against the organization.

The hacker tried to access and release the following information for sale and public damage:

• Names
• Stock Trading Information
• Account Numbers
• Portfolio Values
• Various Other Sensitive Financial Information

The company immediately reached out to more than eight million customers to inform them about the incident. Though the warning incited panic, the hacker only stole a limited amount of information, and no account credentials were lost.

CashApp has since taken measurements against both the incident and the perpetrator.

19. Marquard & Bahls Had Their Supply Chain Broken

Marquard & Bahls is one of the big names in the energy industry in Germany. In February 2022, a heavyweight attack on their systems took out more than 200 gas stations all across Germany. The hacker was planning a supply chain attack, and this move even caused big companies like Shell to support and supply their customers.

The attack was done using similar methods used by a Russian group called the BlackHat gang, which has attempted to destabilize oil pumps in the past.

20. PressReader’s Operation Halted Due To An Attack

Hackers took over PressReader for three days and stopped people from accessing over 7,000 news sources, from the New York Times to local newspaper outlets.

Though PressReader denied the involvement of any malware in the attack, the company announced it would give users in Ukraine free access to all their news publications.

After the three-day issue was resolved, PressReader reached full functionality again.

What We Can Learn From All The Recent Cybersecurity Incidents

These recent cybersecurity incidents shed light on a critical issue: the negligence of essential security measures by organizations. And, an alarming example is Ronin, who compromised their security for the sake of accessibility, which was, suffice to say, a very unwise move.

The overarching lesson here is that no organization must go the extra mile to demonstrate its unwavering commitment to security, which is especially crucial for entities like government agencies. The recent surge of ransomware attacks and cyber attacks from North Korean or Iranian government-sponsored hackers highlights the urgency of robust security practices, which are also recommended by entities like the National Security Agency and the Cybersecurity (NSA) and Infrastructure Security Agency (CISA).

On the other hand, Microsoft's swift and effective response to a significant security incident shows us how a combination of professional expertise and necessary precautions can help an organization handle a cyber incident.

If you're concerned about the security infrastructure of your business, reach out today to TechForing. Our experts specialize in testing business websites, devices, and network infrastructures, as well as providing necessary training and support for your employees to cover all your cybersecurity needs.