Cybercrime is an ever-present threat, even with increasingly sophisticated security measures. In 2021 alone, we had more than 41,000 publicly disclosed data breaches, which translated to over 22 billion records exposed.
In the third quarter of 2022, data breaches have risen by 70% globally, so we expect an increase in total data breaches from 2021. The following are some of the biggest cyber-attacks in 2022 that had massive impacts.
1. Meta fires 12 employees for hacking into user’s accounts
In November 2022, news broke that Meta fired or disciplined 12 employees for violating Facebook’s terms of service and illegally seizing accounts. Some employees were contractors who worked as security officers at the company’s offices.
The twelve had been using “Oops,” an internal access tool, to reset multiple Facebook accounts. One of the employees was fired for allegedly using Oops to enable hackers to access several Facebook accounts after receiving payment in Bitcoin worth thousands of dollars.
2. Dropbox falls victim to a phishing attack, suffering a major data breach
Dropbox employees were targeted by a phishing attack on October 14, 2022. The phishing attack resulted in a hacker gaining access to 130 of the company’s source code repositories and code used for APIs used by external developers. The actor also managed to access the company’s account on GitHub using the CircleCI login information.
How did they do it? The actor posed as CircleCI, a code integration and delivery platform, to get employee login information.
3. Google Cloud blocks the “largest ever” web DDoS attack
Google reportedly blocked the “largest ever” distributed denial of service (DDoS) attack ever recorded, which peaked at 46 million requests per second on June 1. According to Google, the attack was the most significant Layer 7 DDoS attack ever reported and was 76% more extensive than the previously reported record.
The attack was targeted at a Google Cloud Armor user. The attacker(s) used HTTPS for 69 minutes, armed with 5,256 source IPs from 132 countries. Cloud Armor Adaptive Protection detected and analyzed the traffic early in the attack’s lifecycle and blocked the attack.
4. Twitter confirms data breach resulting in 5.4 million stolen accounts
On July 27, a hacker by the alias ‘devil’ allegedly breached 5.4 million Twitter accounts and stole data, including phone numbers and email addresses. The hacker reportedly used a vulnerability that was previously reported to Twitter. Devil then demanded a ransom of not less than $30,000 for the database, sharing a sample of the data to prove its authenticity.
The data breach was confirmed by Twitter on August 5, after which they patched the issue on January 13. The site also encouraged its users to enable two-factor authentication as a safety measure against unauthorized logins to their accounts.
All companies, big and small, could fall victim to a cyber-attack. More prominent companies have the infrastructure to deal with these attacks. However, it is not just the big companies being targeted. Smaller companies are now being targeted more than ever, and these attacks could potentially cripple a smaller company. Working with a cyber-support company is your best line of defense. Contact us to meet with our team of cybersecurity experts.