Cybercrime is an ever-evolving problem, with an estimated cost of US$10 trillion by 2025. In 2021, there will be more than 4,100 publicly disclosed data breaches, or about 22 billion records leaked. The figures for 2022 are expected to at least match this number, if not exceed 5%.
Cybersecurity Center is dedicated to providing breaking news from the field of cybersecurity. With this in mind, here are the news stories detailing the threat vectors, cyberattacks, and data breaches that had the biggest impact on its readers over the past 12 months.
10. The “most dangerous” threat of social engineering, according to 75% of security experts
In the May, Cybersecurity Center Research reveals that three out of every four cybersecurity professionals consider phishing or social engineering attacks to be the “most dangerous” threat to cybersecurity at their company.
Research, done for CS Hub Mid-2022 Market Reportalso found that other top threats include supply chain/third party risks (36% of respondents said) and lack of cybersecurity expertise (30% of respondents said) ).
Learn more about concerns about social engineering attacks in our analysis from August 2022.
9. Meta fires employee for allegedly hacking into user accounts
On November 17, 2022, The Wall Street Journal reported that 12 Meta employees were disciplined or fired for violating Facebook’s terms of service and taking over user accounts.
The employees, some of whom were contractors hired as security guards at the tech company’s offices, used a highly regulated internal access tool called ‘OOps’ to reset permissions. access your Facebook account. An employee has been fired following allegations that they used OOps to allow hackers to fraudulently access multiple Facebook accounts in exchange for thousands of dollars worth of Bitcoin.
Read about the consequences for those who abuse access to account resetting tools in our recent news report.
8. Dropbox suffers data breach after phishing attack
On October 14, 2022, a malicious actor gained access to 130 company source code repositories after company employees became the target of a phishing attack.
The attack exposes a malicious actor acting as a distribution platform and integrating CircleCI tokens to collect credentials and authentication tokens from employees. It also has access to Dropbox’s account on the GitHub code hosting page, as CircleCI credentials can be used to access Github.
During the attack, hackers gained access to some of the Dropbox code stored on the platform, including API keys used by its developers.
Discover more about how phishing attacks happen in our guide to social engineering.
7. Google blocks ‘biggest ever’ web DDoS attack
Google reports that it intercepted the “largest” distributed denial of service (DDoS) attack on record, peaking at 46 million requests per second (rps) on June 1.
The attack targeted Google Cloud Armor users with HTTPS for 69 minutes and had 5,256 source IPs from 132 countries contributing to the attack. Google reported that this attack is the largest Layer 7 DDoS attack reported to date and is 76% larger than the previous record.
In a blog post about the attack, Emil Kiner, senior product manager at Cloud Armor, and Satya Konduru, engineering lead, both at Google, note that the attack is like a “get it all” daily requests to Wikipedia…in just 10 seconds”.
Learn more about DDoS attacks in this section from earlier this year.
6. Kaspersky Antivirus added to US security risk list
The US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) have revised the list of foreign IT vendors that “pose an unacceptable risk to national security or national security.” and the safety of the American people” on March 25.
The revision added Kapersky Antivirus, a digital security company formerly named by Gartner as the third-largest vendor of consumer-grade IT products and the fifth-largest supplier of consumer-grade IT products. Enterprise IT. Two Chinese-owned companies, China Mobile International and China Telecom Corp, were also added.
FCC Commissioner Brendan Carr said the companies were added to the list to “help secure” [US] networks against threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and harm US interests.
Learn more about Kaspersky’s response to the blacklist modification and impact.
5. Twitter confirms data of 5.4 million accounts was stolen
On July 27, Cybersecurity Center reported that a hacker with the alias “devil” claimed to have details of 5.4 million Twitter accounts for sale.
The hackers said they gathered information using a vulnerability previously flagged on Twitter on January 1, 2022.
Twitter confirmed the breach on August 5 and suggested that in the future users should enable two-factor authentication to protect their accounts from unauthorized login activities.
Read more about how hackers could exploit the vulnerability and the accounts affected by the data breach.
4. Grand Theft Auto 6 hacker suspect was arrested by British police
Rockstar Games, the developer of the popular Grand Theft Auto (GTA) game series, suffered a data breach on September 19, 2022, after an unauthorized party gained access to the company’s Slack channel.
From there, hackers downloaded and leaked previously unseen content and clips from the unreleased GTA 6 game to a fan forum. Although it was initially thought to be a hoax, the rapid involvement of both Rockstar Games and the authorities confirmed the clips to be real.
A 17-year-old man from Oxfordshire known only as AK was later arrested by City of London police, accused not only of the hack but also of the hacks against Uber. and Microsoft from the beginning of 2022.
Learn more about the alleged hacker and his many attacks in this September news post.
3. Google announces acquisition of Mandiant
Google announced plans to acquire cybersecurity firm Mandiant for more than $5 billion on March 8, 2022, in a move to bolster its internal network security resources.
The $5.4 billion acquisition is the second most expensive in Google’s history, behind only the $12.5 billion purchase of Motorola Mobility in 2012.
Google and Mandiant’s plans to merge cloud services, as well as the size of the deal, led to speculation about its impact on the overall cybersecurity sector. Cybersecurity experts note that it could signal a change in the cloud landscape, with cloud providers increasing their investment in consulting and security services.
Learn more about the merger and its impact on the cybersecurity sector in this March post.
2. Samsung hit with class action lawsuit after data breach
At the end of July 2022, an unauthorized party gained access to internal servers for customers of tech giant Samsung in the United States. Samsung warned customers about the data breach on August 4, after an internal investigation confirmed that a malicious party gained access to customers’ personal information.
Just over a month later, a class-action lawsuit was filed by a Samsung customer affected by the breach. Shelby Harmer filed a lawsuit in the US District Court for the District of Nevada on September 6 “on behalf of Samsung customers whose personally identifiable information was stolen by cyber criminals”.
The lawsuit alleges that Samsung not only frustrated its customers by not reporting the breach in a timely manner, but also by wrongly protecting their personal information in the first place.
Learn more about the lawsuit and the allegations in this September update.
1. More than 1.2 million credit card numbers leaked on hacking forum
Card markets are dark websites where users exchange stolen credit card details for financial scams, often involving large sums of money. On October 12, 2022, the BidenCash card marketplace released the details of 1,221,551 credit cards free of charge.
A file posted on the website contains information for more than 1.2 million credit cards that expire between 2023 and 2026, in addition to other details needed to make an online transaction.
BidenCash previously leaked the details of thousands of credit cards in June 2022 as a way to promote the site. As the token market was forced to roll out new URLs three months later in September after suffering a series of DDoS attacks, some cybersecurity experts argue that the disclosure of this new insight could Another attempt at advertising.
Discover how BidenCash gained access to 1.2 million credit card details in our October coverage.