25 Jan The 3 most impactful cyberattacks of 2022
With an increased dependency on technology and information, organizational networks keep broadening well beyond the confines of organizational cyber defenses. This wide adoption of digital applications expands the threat landscape, this way presenting malicious actors with novel opportunities to exploit new emerging vulnerabilities.
In the year 2021, the average cost of a data breach for an organization was roughly $4.24 million (IBM’s Cost of a Data Breach Report 2021). At the same time, 87% of organizations “have experienced an attempted exploit of an already-known, existing vulnerability”, according to Check Point’s Software Security Report.
We are already in year 2022, and digital risk has never been greater, since the previous year brought ground-breaking cybersecurity incidents that forever changed the playing field.
Cybercrime is a real issue that is now taking broader dimensions as to how much damage it can inflict. With major cyberattacks taking place in 2021, we narrowed it down to 3 incidents that have the most to teach us about preventing similar, and perhaps, more catastrophic attacks from taking place in the future:
The Florida Water Supply Attack
In February 2021, a potentially catastrophic breach occurred threatening the entire water supply of Oldsmar city, Florida. A threat actor had managed to infiltrate into the systems of the city’s water plant, hijacked its controls, and attempted to increase the levels of the water’s sodium hydroxide, which can be poisonous in large quantities. Without any security alert warning of this breach, an operator was lucky enough to notice the intrusion just in time to reduce the sodium hydroxide setting to normal levels before it was too late.
This was a clear example of how a cyberattack can directly result in bodily injury and death. With an investigation still ongoing, it is still unclear whether the attackers were using a remote or localized location, and how exactly they managed to conduct their attack. What is known so far is that inadequate security controls and policies were in place at the plant, with unregulated use of unsecure remote access tools, vulnerable password policies, and lax access control security.
The US Fuel Pipeline Attack
All eyes were on the US oil and gas pipeline cyberattack in May of 2021, as the financial implications were dire. Supplying almost half of the East Coast’s fuel supply, the Colonial Pipeline company was forced to shut down all of its systems after a successful ransomware attack. This temporary halting of fuel supply caused a number of States to experience a steep rise in fuel prices and a surge in gas station runs. The company succumbed to the ransom request, and reluctantly paid a total of 75 bitcoins ($4.4 million at the time), with $2.5 million of that being recovered later by the FBI. Also, 100 GB of sensitive data were stolen by the attackers, who are suspected of being a criminal organization, not a government-sanctioned operation.
Investigation showed that the attackers managed to breach the company’s systems via an intercepted VPN password that belonged to an old user account. This lack of access control, coupled with the absence of multi-factor authentication policies, provided a significant advantage to the threat actors.
The SolarWinds Hack
Technically, the SolarWinds hack began in early 2020, but was still ongoing until early 2021, due to its massive scale and timespan. Malicious actors (speculated to be a Russian government-sanctioned intelligence agency) managed to breach SolarWinds, the supplier of the Orion network management software. By remaining undetected inside SolarWinds’s network, the threat actors were able to structure a backdoor into Orion’s update packages, this way granting them access to Orion’s customers (which include giants like Microsoft, as well as Fortune 500 companies and US government agencies).
It is yet unclear what level of information this stealthy operation managed to extract. The lack of access control policies, coupled with the absence of security evaluation and approval of software update packages, were the main culprits that enabled this cyberattack.
What are the implications of the 2021 cyberattacks?
These cyberattacks prove to the world that data are never 100% secure, and that we must remain vigilant and prepared for the worst at all times. Cyber warfare is a now reality, and the way we rely on information technology in the digital era means that our very lives are now at stake when facing cyber-threats.
Ransomware damages climbed to a staggering $20 billion total, with an expected $265 billion by 2031, according to a Cloudwards publication, and this is partly attributed to remote working trends post-2020.
How can we avoid similar attacks from happening in the future?
Since the cyber-threat landscape is continuously evolving and expanding, it is practically impossible to predict what kind of threats and vulnerabilities will emerge. This is why adopting a cyber resilience approach on top of cybersecurity is fast becoming the norm. This can be accomplished through adaptive intelligent security monitoring solutions, founded on machine learning algorithms as well human expertise, which are vital in maintaining an optimized security posture.
Recommendations for 2022
- A Threat and Vulnerability Management Platform, with a Next-Gen Cloud SIEM, Endpoint Security and Identity & Access solutions, enable the continuous monitoring of critical information assets, and allow a timely detection and response to security incidents.
- A state-of-the-art post-breach detection solution can mislead, lure and trap threat actors inside your network, misdirecting them towards “poisonous” data, and forcing them to reveal information about them, this way ending their breach before it even begins.
- A disaster recovery plan is essential for recovering data after a catastrophe or a ransomware attack, while file integrity monitoring (FIM) solutions can safeguard the confidentiality and integrity of sensitive information.
- Additionally, strong password policies, multi-factor authentication, device hardening, and a segmentation of the VPN network and the internal network provide compounded security and an overall reduction in total operational risk.
Cybersecurity is no longer enough. Organizations need Cyber Resilience
A cyber resilient organization is able to effectively anticipate, respond, swiftly recover, and adapt to the emerging threats and vulnerabilities of a dynamically expanding and unpredictable threat landscape.
Author: Alexandros Kaniklides, Manager, IthacaLabs™