From Costa Rica to Ukraine - the cyber threat field is growing exponentially, become increasingly sophisticated year after year
1. Conti shuts down in Costa Rica, ransomware causes "national emergency" for first time ever
Following the short-lived downfall of high-profile ransomware group Conti after an internal feud that spit the group over support for the Russian invasion into Ukraine, in April, Conti successfully disrupted the banking operations and Finance Ministry of Costa Rica, crippled Costa Rica’s import/export industry. This led to the country declaring a national crisis due to ransomware, an unprecedented event.
The country suffered a similar attack in May on their Social Security Fund, with many connected it to Conti due to the usage of the Hive ransomware, whose authorship is associated with the Russian affiliated cyber threat group.
2. Lapsus$ breaches multiple giants, shows ransomware isn’t the only threat
In February of 2022, Lapsus$, a group known of loosely based hackers that included teenagers, began a string of attacks on high-profile targets including the world largest semiconductor manufacturer Nvidia, Ubisoft, Samsung, T-Mobile, EA Games, Microsoft and identify and access management (IAM) vendor Okta.
While being mislabeled as a ransomware group, their operating model is extortion where access is most often gained through phishing before exfiltrating sensitive data, without even encrypting software.
The Lapsus$ attacks were highly notable given their list of victims, alleged lack of financial motivation, and apt use of social media to gain attention, even running polls to vote on whose data they should publish next. However, the most notable part is when British police apprehended two teenagers aged 16 and 17 years old as part of seven people arrested, showing how even amateur threats .
3. North Korean "Lazarus Group" attack on Ronin shows rise in DeFi attacks
In March, North Korean state-linked APT "Lazarus Group" carried out the largest cryptocurrency hack to date, stealing $625 million worth in Ethereum and USDC stablecoin from the popular Ronin blockchain ‘bridge’ (an application allowing users to move crypto from one blockchain to another). U.S. officials later attributed to the Lazarus Group.
According to cryptocurrency researchers, North Korean hackers stole an additional $400m worth of digital assets in at least seven attacks on cryptocurrency platforms in 2022.
This highlighted a trend where cryptocurrency is increasingly being seen as low hanging fruit by cyber actors, as cryptocurrency firms are essentially huge financial target for hackers as crypto transactions are irreversible. In just this year, more than $2.6 billon were stolen from cryptocurrency hack to date.
4. Russian attacks on Ukrainian gives precedence of full-scale cyber capabilities spill over into Europe, highlights Critical infrastructure weaknesses
Since the beginning of Russia's war on Ukraine, Russia's cyberwarfare capabilities have shown us how vulnerable SATCOM networks and Global Navigation Satellite Systems (GNSS) both of which spilled over into European neighbors with the attack on Viasat.
The war also brough forth the resurgence of DDoS attacks, which while is a relatively older method, have since grown in type and scale, with 2022 reporting record sized DDoS attacks. The worst of all were the various data "wiper" malware which, unlike ransomware which allows organizations to recover their data, destroyed the digital infrastructure of over 100 organizations, ranging from financial services, energy, IT and aviation sectors.
While Russia cyber capability and intent on using it to meet its interests hardly comes as a surprise, the shear variety, scope and scale gives not only gives precedents to other nations in future wars but is likely to inspire cybercriminal groups who often refer to the technical prowess of APT groups to fulfil their profit generating operations.
This is especially considerable given the alleged connection between many so called "state-linked" hacktivist and ransomware groups with Russia, China, Iran and North Korea.
5. Marquard & Balhs attack shuts down fuel in Germany, shows energy is vulnerable
The war in Ukraine has also correlated with a significant uptick in attacks on various European energy providers following a sanction that came in response to the invasion. In February 2022, German energy giant Marquard & Balhs was attacked and saw more than 200 gas stations across Germany closed after its IT infrastructure destabilized.
The attack was attributed to the Russian linked BlackHat gang, which has previously targeted energy pipelines. This attack was just one of many German energy firms which lasted throughout the year, with the countries cyber agency the BSI warning that the threat situation is ‘higher than ever’ in its annual report release on October.
Moreover, this attack also reflects increase on attacks on global multiple energy providers in 2022, including two Luxembourg's Encevo, Italian energy giant ENI and its national energy agency GSR, Indian power company TATA, and oil refining hub of Amsterdam-Rotterdam-Antwerp (ARA), which disrupted the movement of refined cargo throughout the region.
public. While this kind of offer may serve the victims interest by protecting them from falling stock prices for example, it makes the organization complicit in breaking data breach laws.
Written by the BDO staff.