Top 10 Hacks 2022: Learn from it

As technology continues to advance and become more integrated into our daily lives, the importance of secure systems and practices becomes increasingly clear. Unfortunately, 2022 has been a tough year for security experts, as major tech companies such as Microsoft, Uber, and Nvidia that has been targeted by first ligue Cybercrime gang. In this article, we will recount the top 10 security breaches of the year and delve into the details of how these companies were hacked. By examining these incidents, we can learn how to avoid making the same mistakes and ensure that our own systems are secure. So buckle up and prepare for the top 10 wall of shame!

#1 Uber “god-like pwn”

In September 2022, Uber suffered a major security breach when its administrative accounts were compromised. The hacker was able to gain access to Uber's systems by stealing employee passwords, and from there was able to access multiple major administrative panels, including Google Apps, AWS, SentinelOne, Slack, and Uber's internal financial information.

I consider this hack to be the most significant because the attackers were able to access the admin accounts by finding plain text files stored on an accessible share within the company. It could has been easily avoided with simple best practice of access management.

However, the consequences of the Uber hack did not end there. In October 2022, Uber's Chief Information Security Officer (CISO), Joseph Sullivan, was convicted for obstructing the Federal Trade Commission (FTC) and for failing to report the 2016 hack in which 57 million customers' and drivers' data was stolen. This highlights the importance of not only protecting against cyber attacks, but also properly disclosing and addressing them when they occur.

I published a detailed article about Uber Hack available here.

#2 LastPass Hack Exposes User Data

In August 2022, LastPass, a popular password management solution with over 33 million users worldwide, suffered a hack that exposed user data. The attack began when technical information was stolen from LastPass's development environment, leading to the compromise of an employee account. From there, the attackers were able to access a cloud storage location where customer vault backups were stored.

It's important to note that these backups were encrypted with the AES algorithm and could only be decrypted by generating a derived key from the master password of each vault. However, older accounts may have had their encryption keys derived with a smaller number of iterations, meaning that it could be easier for an attacker to guess or crack the password for those accounts.

If you are a LastPass user, it is recommended that you change all of your passwords as a precautionary measure. It is also a good idea to choose strong, unique passwords for all of your accounts, and to enable two-factor authentication whenever possible to add an extra layer of security.

LastPass has stated that the hack did not compromise the primary servers that store user data, and that all user passwords and data remain encrypted. However, it is always important to be aware of potential security risks and to take steps to protect your accounts.

source:

• https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
• https://eprint.iacr.org/2019/161.pdf

#3 Twitter

In 2022, Twitter suffered a major customer data breach, with up to 440 million users potentially affected. Security firm Hudson Rock discovered that the personal information of notable accounts was being sold on the Dark Web. The source of the hack was traced back to a vulnerability in the API system, which had been identified in January 2022 through a bug bounty program.

The vulnerability allowed the attacker to identify which accounts were linked to specific email addresses or phone numbers. Because the phone numbers were part of an incremental series, it was relatively easy for the attacker to iterate through a large number of numbers and identify the linked accounts.

The hacker demanded a payment of $200,000 from Twitter in exchange for not disclosing the information, potentially sparing the company a fine from the European Union for violating GDPR policy. This incident serves as a reminder of the importance of regularly identifying and fixing vulnerabilities in order to protect customer data.

I personally always refuse to give my phone number to Twitter for this exact reason. In 2018, Twitter admitted to having recorded account passwords in plaintext in their application logs due to a bug.

With access to email and phone number, hackers can attempt more sophisticated social engineering attacks such as SIM swapping on high-profile individuals. If you are an influential person on Twitter, it may be worth considering changing your phone number to protect yourself from these types of attacks.

source:

• https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts
• https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html

#4 T-Mobile data breach

The famous US Mobile operator T-Mobile was hacked due to a vulnerability in one of their router that has led the attacker accessing production databases with 76 million of users information such as names, birth dates, addresses, social security numbers and drivers’s licence. It is one of the biggest nation hack in the USA were 44 class-action lawsuits has been issued with over $350,000 million in settlement.

#5 Medibank

Australian health insurance company Medibank suffered a major data breach that exposed the personal information of 9.7 million customers. The hacker behind the attack was able to extract and leak approximately 500,000 health claims containing medical information on the Dark Web. On December 2, the hacker released the final portion of a 200GB file of extracted data.

The Australian Federal Police suspect that the Cybercriminal organization behind the attack may be connected to the REvil ransomware group. The only known detail about the origin of the hack is that the credentials of an individual with high-level access within the organization were compromised.

This incident serves as a reminder of the importance of properly securing all levels of access within a company to prevent data breaches and protect customer information.

#6 Microsoft BlueBleed

Microsoft suffered what may be its biggest data breach of the decade. Information about 65,000 companies in 111 countries, totaling 2.4 TB, was publicly accessible between 2017 and August 2022. Microsoft confirmed that the cause of the breach was a misconfiguration of Microsoft endpoint in their Azure Blob Storage service.

The leaked information included transaction data such as names, email addresses, email content, company names, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. The Microsoft Security Response Team announced that all affected customers were notified starting on October 4, 2022.

While Microsoft did not classify the misconfiguration as a vulnerability, it is worth noting that the incident was ultimately caused by a lack of built-in security processes. If the configuration had reached production without proper checks or appropriate automated security policies in place, the data breach could have been avoided.

#7 Shields Health Care Group Data Breach

Shields Health Care Group Data Breach: It was reported in early June that Massachusetts-based healthcare company Shields was the victim of a data breach that affected 2,000,000 people across the United States. The breach was first discovered on March 28 2022. Information such as Social Security numbers, Patient IDs, home addresses, and information about medical treatments was stolen. A class action lawsuit was filed against the company shortly after.

#8 Okta

A company specializing in centralized authentication for large enterprises was victimized by an attack by the criminal organization Lapsus$. The hackers gained access to an employee's computer where they found AWS keys on a slack channel giving access to about 2.5% of their database, or 15,000 customers. Lapsus$ also hacked Microsoft, Nvidia, Samsung, and Ubisoft in the same year.

#9 Revolut

Revolut, a leading fintech company with over 20 million users worldwide, recently fell victim to a social engineering attack in which hackers obtained the login credentials of an employee. It is estimated that the personal information of approximately 50,150 customers, or less than 1% of Revolut's user base, was compromised in the attack. The data that was disclosed included names, emails, phone numbers, and postal addresses, but no financial information or funds were stolen.

#10 Crypto.com

What’s better than a good old robbery. In 2022 it’s way more lucrative and safer to stole crypto currency. The well known Crypto.com exchange admit having $35million of US dollar stolen from his exchange related to 483 wallets. There is no direct vulnerability that led to this robbery, it seems that all accounts with the compromised transaction didn’t had any MFA enable. Since then Crypto.com add a new security measure that require any new address to be verified 24h before any transaction can be sent out of the exchange. No customer has lost any money as the exchange took the loss and reimburse the wallets.