Throughout the first half of this complicated year, there were massive hacks, data breeches, and digital scam attacks. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights disputes grinding on around the world, cybersecurity vulnerabilities and digital attacks have become intertwined in all aspects of life.
There are still six months to go in the year. The biggest digital security problems have played out.
After invading Ukraine in February, the digital dynamic between the two countries has changed While Russia has continued to attack Ukrainian institutions with cyberattacks, Ukraine has also been hacking back with success. At the beginning of the war,Ukraine formed a volunteer "IT Army" which has focused on mounting cyberattacks against Russian institutions and services to cause as much chaos as possible Hacktivists have turned their attention to the conflict. Russia has suffered a number of data breeches and service disruptions as a result of the hacks launched by Ukraine.
Lapsus$ went on a hacking spree in the first months of the new century. The group emerged in December and began stealing source code and other valuable data from more prominent and sensitive companies before leaking it. The group compromised a contractor with access to Okta's internal systems after leaking portions of Microsoft Bing and Cortana source code. Phishing attacks were used by the attackers to gain access to the systems. British police charged two people at the beginning of April after arresting seven people believed to have ties to the group. After the arrests, Lapsus$ became inactive.
Costa Rica was disrupted in one of the most disruptive ransomware attacks to date in April. Costa Rica's import/export businesses lost tens of millions of dollars a day because of the attack on the ministry. One security expert described the campaign as "unprecedented" and Costa Rica's president declared a national emergency due to the seriousness of the attack. There was a second attack on the Costa Rican Social Security Fund in late May and it was caused by the HIVE ransomware. While the attack on Costa Rica is historic, some believe that it was meant as a diversion while the gang tries to escape sanctions against Russia.
Tools and utilities for storing, converting, and managing cryptocurrencies have developed at a rapid pace. It has had its share of oversights and mistakes. Criminals have been eager to take advantage of these mistakes and steal huge amounts of cryptocurrencies worth hundreds of millions of dollars. At the end of March, North Korea's Lazarus Group stole $540 million worth of ether andUSDC stable coin from the popular Ronin bridge. In February attackers exploited a flaw in the Wormhole bridge to grab $321 million worth of Wormhole's ether variant. In April of this year, attackers stole about $182 million worth of currency from the stable coin protocol.
Hospitals and health care providers have long been a favorite target of ransomware actors, who look to create maximum urgency to entice victims to pay up in order to restore their digital systems. Criminals pool data they can monetize through identity theft and other types of financial fraud. In June, Shields Health Care Group, a Massachusetts-based service provider, disclosed that it had suffered a data breach that affected 2 million people in the US. The data that was stolen included names, Social Security numbers, birthdates, addresses, and billing information. In Texas, patients of Baptist Health System and Resolute Health Hospital said that their data was exposed. In June, two medical centers in Arizona disclosed data breeches.
The US Cybersecurity and Infrastructure Security Agency warned at the beginning of June that Chinese government-backed hackers had broken into a number of sensitive victims. They were able to do that by targeting known vulnerabilities and bugs in other network equipment, such as those made byCisco and Fortinet. The warning did not identify any specific victims, but it signaled alarm over the findings and a need for organizations to step up their digital defenses. The targeting and compromise of major telecommunications companies is detailed in the advisory. Cyber actors have been able to regularly exploit and gain access to vulnerable infrastructure devices due to a series of high-severity vulnerabilities. These devices are often ignored.
News Corp discovered an intrusion on January 20 that is believed to have been conducted by Chinese spies. Journalists' email and other documents were accessed by attackers. The Wall Street Journal is one of the high-profile news outlets owned by News Corp.
The US Supreme Court's decision at the end of June pertaining to concealed-carry permit laws may have exposed the information of everyone who applied for a concealed- carry permit in California. The data was impacted by the incident. Data that should not have been publicly accessible was exposed due to a misconfiguration in the California Department of Justice. "This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department," Rob Bonta said in a statement. I am upset and angry.
All Rights Reserved © 2024
