2022 has been a very eventful year - also seen through a lense of cybersecurity. The cyber threat has not diminished, quite on the contrary, but fortunately there is much we can learn from looking back at the year that has passed.
In this post, we will bring a chronological overview of selected cyber attacks, cyber threats and data breaches from the past year and reflect on how we can use them to equip ourselves for the year ahead - especially in a Danish context.
Russian cyber attacks against Ukraine
Modern warfare often begins as cyber war. The year thus began with strong tensions between Russia and Ukraine. This was particularly reflected in Russia carrying out several cyber attacks against Ukrainian targets well before the invasion on February 24, 2022.
These attacks included methods such as wiper malware, DDoS, phishing and hacking websites. These methods were used, for instance, to manipulate information and target critical infrastructure. Examples of such attacks include WhisperKill and WhisperGate, both of which were wiper attacks against Ukrainian authorities and organisations respectively, deleting and overwriting websites and files.
The day before the invasion, the US satellite company Viasat also suffered a destructive cyber attack known as AcidRain. AcidRain targeted broadband services in Ukraine, probably with the aim of disrupting internet access and restricting communications. In addition to hitting Ukrainian broadband, AcidRain also caused 5800 wind turbines in Germany to stop working.
However, Ukrainian forces have also been working to carry out cyber attacks against Russia in response. Thus, cyber attacks can be considered an important part of modern warfare.
Major DDoS attack against Google
In June, a Google Cloud Armor customer suffered a significant DDoS attack, described by some as the largest of its kind ever.
The attack lasted more than an hour and peaked at 46 million requests per second. It also included more than 5000 IP addresses from more than 130 countries.
Despite the scale of the attack, the motive behind it remains unknown. The perpetrators are also still at large.
Google itself says it was able to stop the attack because its Cloud Armor Adaptive Protection intercepted the massive amount of traffic on the website. Cloud Armor therefore alerted the customer and proposed a security measure that stopped the attack before it reached its peak. Cloud Armor blocked the attack and ensured that the customer could remain online.
7-Eleven in Denmark hit by ransomware attack
On August 8 this year, 7-Eleven in Denmark was hit by a major ransomware attack, which resulted in all computers going dark and POS systems stopping working in all 175 stores. It later emerged that the attack was ransomware, as the perpetrators had demanded a ransom to unlock the systems. The hackers' ransom demand was for $1 million paid in the cryptocurrency xmr.
Only three days later, the stores were back in normal operation after the chain chose to reinstall the systems itself rather than engage with the attackers or pay the ransom.
Subsequently, several experts in the field have stated that we will see an increase in the number and scale of ransomware attacks like this.
Denmark wins gold at European Cybersecurity Championship
In September, the Danish national cyber team made history when they won gold at the European Cyber Security Championships (ECSC). This is the best placing Denmark has ever achieved at the championships.
Denmark competed against 26 other EU countries and six guest countries in the two-day competition in the disciplines of web, reverse engineering, cryptography, hardware hacking, forensics, binary exploitation and OSInt. The two overall cyber themes were Jeopardy and Attack/Defence, for which Denmark placed at the top of the list.
The Danish victory shows that cyber security initiatives are making a difference.
Meta fined billions for leaking user data
Ireland's Data Protection Commission fined Meta Platforms in November for failing to protect the personal data of more than half a billion Facebook users. The fine came in the wake of a data breach in which users had sensitive information leaked such as their phone number, birthday, location, email address, gender, marital status and other details.
Just a few months earlier, another of Meta's platforms, Instagram, was fined $405 million for failing to comply with GDPR. On business profiles, phone numbers and email addresses were publicly available, in violation of GDPR.
These large fines testify to the seriousness of data breaches. At the same time, they send a message to organisations about the importance of handling personal data correctly.
Defence hit by DDoS attack
In early December, the Danish Defence was hit by a DDoS attack when the Ministry of Defence and other Defence websites crashed for several hours due to external overload.
The attack came after both Sweden and Norway had experienced similar attacks on their defences during the year. In all cases, the pro-Russian hacker group Killnet has been suspected of being behind the attacks, although this has not yet been confirmed.
However, the group has claimed responsibility for an attack on the European Parliament in November, and is thus known to carry out activist DDoS attacks in support of Russia, particularly against governments and public sectors and institutions. There are indications that the attacks are being used to send a political signal in relation to the war in Ukraine.
Efforts to catch backers
2022 has also seen a major focus on catching cybercriminal masterminds and holding them to account. Indeed, this is an area that requires development, as it has long been known that hackers are hard to catch, which also explains why cybercrime has become such a lucrative business.
But with recent developments, it seems that this may slowly be changing. In 2022, the following, among others, have been held to account:
- At the beginning of the year, the Russian intelligence service FSB was able to reveal that the Russian hacking group REvil had ceased to exist after making a series of arrests and seizing cryptocurrency worth 4 million kroner. The hacker group was known to have been behind attacks on companies such as Bauhaus and Coop in Denmark.
- In March, 22-year-old Russian national Igor Dekhtyarchuk was charged with helping to operate a cybercrime network where stolen data was resold to thousands of other cybercriminals. However, he remains at large but wanted by the FBI.
- In November, the Metropolitan Police Service in London arrested more than 100 people for defrauding more than £414 million through 'spoofing'. They did this by infiltrating the iSpoof service, which allowed criminals to impersonate banks and other public bodies and thus defraud victims.
- In November, the Interpol police operation called Haechi III was also completed after five months of work on the case. Almost 1000 suspected cyber criminals were arrested for 1600 crimes. At the same time, virtual assets worth €933 million were seized.
Which 2023 are we looking into?
The cyber threat is constantly evolving as cyber criminals' methods become more sophisticated and organised. But fortunately, it seems that best practices in cybersecurity are also evolving in a stronger direction.
In 2022, cyber attacks were trending as weapons of modern warfare, but also as methods to take data hostage as in the case of the ransomware attack on 7-Eleven and to send political messages as in the many DDoS attacks against various government institutions. In other words, the cyber threat against countries, governments, organisations and individuals is growing.
But there is also much evidence of an increased focus on cyber security and good cyber hygiene. Multi-factor authentication and password managers will be the way forward in the near future - they will be elements that are more need-to-have than nice-to-have, to secure oneself and one's data.
In addition, there will most likely be an increased focus on cyber security and awareness training in the workplace. This is the result of the aforementioned hacker attacks that large companies have experienced. If large companies can be targets of hacker attacks, so can your workplace.
In 2023, we will most likely see much of the same as we have seen this year, but likely also an increased focus on the consequences of cybercrime and data breaches. Businesses and individuals should prepare to be more aware of social engineering, as this year we have seen more and more frequent examples of hackers using this method. As we learn more about social engineering and how to spot it, hackers are also learning to use new methods such as deepfakes, which are even more convincing than seen before.
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.