The 6 Worst Cyber Attacks of 2022 (to date)

From the Russian Cyber Crime Group attacking KP Snacks to one of the biggest losses in digital assets in history, we list 6 of the worst cybercrimes of this year so far.

2022 Cyberattacks

2022-08-17

Multiple major cyberattacks have occurred in the first seven months of 2022, resulting in reduced productivity and revenue, as well as large-scale data leaks as expected.

The United Kingdom has also been hit by some major cyberattacks, even though some of the biggest attacks have taken place in countries like America and Ukraine.

Despite the media’s attention on these cyberattacks, there have been many other attacks on smaller businesses that caused major damage. In 2022, 39% of UK businesses have identified cyberattacks within their organization.

Fortunately, this number is substantially lower than the 46% identified in 2020. In no particular order, here are the 6 worst cyberattacks that have occurred in 2022 thus far.

(In 2022) 39% of UK businesses identified a cyber attack

KP Snacks – Ransomware Attack

Russian Cybercrime Group

In January of this year, KP Snacks, which manufactures KP Nuts, Hula Hoops, Nik Naks, Tyrell’s, Pom-Bears, and others, suffered a ransomware attack.

Conti, an infamous Russian cybercrime group, was responsible for this attack. According to KP Snacks’ statement released shortly after detection of the attack, the company was unable to ‘safely process orders or dispatch goods’ as a result of the attack.

As a result, supply chain issues continued until the end of March.

It is now expected that the Conti gang operates double extortion, by releasing stolen data if KP Snacks doesn’t pay the ransom.

In the beginning, a few staff documents were posted online, with a 5-day countdown. If the ransom was not paid, all the data would be released.

A short time later, the Conti website post was removed, potentially indicating that the ransom had been paid, or that negotiations were ongoing between the two parties.

In light of this, neither party disclosed whether the ransom was paid.

UKVCAS – Data Breach

Data Breach of Personal Emails

Over 170 email addresses of customers were mistakenly copied into an email by the UK Home Office’s visa service in April.

An email was sent to inform the customer that their appointment time had been changed.

Emails included in this breach were both personal and those sent by lawyers on behalf of clients.

Since UKVCAS is run on behalf of the Home Office by a private contractor, this data breach is particularly noteworthy.

It is likely that the breach was caused by a malicious insider, and regular cybersecurity awareness training can decrease the likelihood of these kinds of breaches in the future.

The Works – Presumed Ransomware Attack

Ransomware Attack Halting Vital business Systems

Back in April the UK retail chain, The Works, was hit by a widespread cyberattack forcing them to shut a number of stores.

Although the retailer did not go into much detail about the character of the attack, it is thought to have disrupted deliveries, prolonged online order times and compromised the security of payments on their POS systems.

Once the attack was identified it was discovered that customer data had been compromised.

It is assumed that the attack was a ransomware attack, but the ransom amount is unknown, as is the method of recovery of their systems.

As a result of their systems being brought down and stores being shut, the share price for The Works fell by 10% the day they announced the cyberattack.

In addition due to the attack, there was also a loss of revenue from the stores that were unable to open.

Crypto.com – Account Compromise

Crypto.com, one of the largest cryptocurrency exchanges released a statement that it had fallen victim to an account compromise attack resulting in 4,836.26 Ethereum and 443.93 Bitcoin being stolen, resulting a near $35 million loss.

The result being that it affected 483 users, with unauthorized withdrawals from the victims’ wallets to the hacker. Shockingly these actions were done without the MFA authentication control being inputted by the user.

Post attack, Crypto suspended all withdrawals and moved away from their old MFA infrastructure to a completely new one.

Crypto.com reimbursed customers that were caught out before accounts were suspended, so there was no loss of customer funds.

To prevent this from happening again Crypto.com has now implemented a new program for MFA and anti-phishing codes, the Worldwide Account Protection Program.

It can come from many places, from phishing, social engineering and other cyber-threats. When the account is compromised the threat actor can then perform malicious actions on behalf of the targeted user.

Ukrainian Government – Website Hacks & DDoS Attacks

70+ Sites Hacked

Russian hackers targeted many Ukrainian websites in the first quarter of the year including financial services and multiple government websites.

Such sites as the Ministry of Foreign Affairs, Security and Defence Council and Cabinet of Ministers were of the 70 to be hacked. The damage made during these attacks involved changing the text on the website to display pro-Russia sentiments.

Soon after these events, Russian threat actors targeted multiple government, non-profit and information technology organisations within Ukraine with a piece of malware concealed as ransomware.

The malware had all the characteristics of ransomware but lacked a recovery feature – in short it meant that it simply destroyed all files on the victim’s computer.

At the beginning of February, there were several large distributed denial of service (DDoS) attacks, bringing down the websites of Ukraine’s two largest banks, and the Defense Ministry, and Army.

Shortly after in the same month there were more DDoS attacks, but fortunately, the organisations were able to recover quickly from these.

These cyberattacks, aimed at Ukrainian citizens and businesses continue today and are mostly begun from phishing attacks, with the primary goal of releasing widespread malware attacks.

Ronin – Account Compromise

$600 Million Stolen in Digital Assets

One of the largest cyberattacks we have on the list, in fact in recent history too!

Approximately $600 million worth of digital assets were stolen from a blockchain network, Ronin, that is connected to a popular online game, Axie Infinity, created by Sky Mavis.

The attack was made possible using outdated Sky Mavis accounts with dangerous permission levels.

This resulted in the attacker being able to compromise these accounts and subsequent nodes, allowing them to authorise fake transactions on the network or bridge that handles converting tokens.

With this they were able to steal 173,600 Ether and 2.5 million USD Coin, totalling over $600 million.

Although not that relevant to most businesses, it does act as a cautionary reminder for organisations considering Web 3.0 technologies as a possible solution to their organisational needs.

How can Businesses Protect themselves from Cyber Attacks

Regardless of the size, industry, or location all types of businesses are at risk of falling victim to cyberattack.

No single solution solves all the problems of cyber security, but with the right ones implemented it can certainly decrease your cyber risk significantly, as well as making detection and remedy as effective as possible saving you time and money.

If you want to find out more about how your business can reduce its cyber risk, contact us today or watch our Cyber security animation about the brief history of cyber security and why businesses and organizations should consider advanced it security by Dunedin IT.

More Useful Resources on Cyber Security

Learn about the history of Cybersecurity in under 3 minutes by Dunedin IT Director Jamie Clague.

 
Jamie Clague, Dunedin IT Director