In 2022 we have already seen a long list of significant recent cyber attacks that have impacted governments, organisations and individuals.
But what good is a countdown of the biggest cyber attacks of 2022 (so far) if we don’t learn from them?
Steve Schupp is an Executive Director of the WA branch of CyberCX, a sovereign Australian organisation providing protection from, and incident response to, cyber attacks. In this countdown of the top seven biggest cyber attacks of 2022, Schupp explains how they happened and what we can do to protect ourselves from suffering the same fate.
If you want to gain the tools to identity and mitigate cyber threats, ECU’s 100% online Master of Cyber Security will give you hands-on skills that are immediately applicable to industry needs.
1. The Optus data breach
On September 22, Optus customers received news that details including names, birth dates, phone numbers, email addresses and even drivers licence and passport numbers had been stolen by cyber criminals. This breach was said to impact 9.8 million Optus customers, but it would affect even more than that.
The true fallout of this breach is still being determined, but it is likely that this data is already being distributed across the dark net. Cyber criminals can then use this data to commit other crimes, such as identity theft, fraudulent credit card applications, social engineering scams and more.
According to Damien Manuel, Chair of the Australian Information Security Association, the effects of this breach will be felt for years to come.
“One of the things we’re really worried about is that this is going to have a very long tail, where people may have debt collectors coming after them in a couple years time looking for money that they’ve got to claim back based on [fraudulent accounts] that have been opened.”
Manuel also warns that this breach demonstrates the change required in how companies view data and personal information.
“This could happen in any organisation… What we need to get to is a point where companies are thinking of information and data not as an asset they can exploit or monetise, but that once they finish using that information or data for whatever purpose… they should look at destroying that data instead of leaving it lying around. Think of data as a liability instead of an asset.”
The federal government’s Australian Securities & Investments Commission has shared guidance for people who think they may have been impacted by the Optus data breach.
2. Russia-Ukraine conflict
When Russia attacked Ukraine in early 2022 with missiles, air strikes and a ground invasion, it also escalated an ongoing campaign of DDOS attacks and ransomware attacks.
While the bombardment of cyber attacks damaged Ukrainian bank and government websites, The Australian Cyber Security Centre asked organisations and businesses to be on high alert.
Cyber security agencies in the US, the UK and New Zealand did the same.
“One of the challenges, when we ask customers to be on high alert, is what does that actually mean? If customers are currently on high alert, because they should be anyway, how do they increase that?” says Schupp.
Will Australian organisations be specifically targeted by Russia? Probably not, explains Schupp, but there is a possibility of spill over.
“It's very difficult to constrain malware. We've seen a few examples where malware has got outside of a particular geo-fence and gone elsewhere.”
For a business trading in Australia, it’s unlikely they’ll see any cyber consequences as a result of the Russia-Ukraine conflict, but it’s advisable that they consider the threat in their cyber security risk register.
“For me, cyber attack prevention is more about: what can we give businesses that's actionable? For example, what if you keep an eye on your logins and anything that comes from outside Australia, so you can investigate anything unusual,” says Schupp.
3. German fuel supplies
One of the world’s largest independent operators of tank storage of oils, gases and chemicals experienced a security breach in its facilities in Germany. This major incident puts it on the biggest cyber attacks 2022 list.
Oiltanking Deutschland normally stores and transports oil and fuel for petrol stations like Shell but after the attack, transporting that fuel was out of the question.
Cyber security experts speculated that the attack could have been linked to the Russia-Ukraine conflict, may have come from China, or even be linked to the Russian hackers responsible for the Colonial Pipeline attack in the US a year before.
According to Steve Schupp, when it comes to how to prevent cyber attacks, it’s less important to know where the attack comes from and more valuable to know who might be behind the attack.
“What we can determine from incident response is we start to see common factors in the trade craft of the attackers. So, we might be able to say, we've seen that particular command and control server used in recent attacks.”
By identifying who is behind the attack, cyber security professionals can better respond to minimise the impact.
“We might know that threat actor group A is typically an access broker. So, if we see them on the network it's unlikely that there's been data exfiltration or ransomware being staged – but they might just be setting up to resell the access for an attack,” says Schupp.
“However, if it's threat group C, we might know that their MO is crypto lockers and extortion, and we've got to start looking pretty quickly to find out what data might have been compromised or stolen.”
4. Costa Rica in state of emergency
Believe it or not, the entire country of Costa Rica was held to ransom by a cyber attack that affected 29 public institutions including the ministries of finance, social security and meteorology.
So how do you hack an entire country?
“We can assume that the attacker in this situation was highly motivated, and they also had time on their hands prior to launching this attack.”
Schupp points out that countries and companies have to be successful at defending cyber attacks 100 per cent of the time, while cyber criminals only need to be successful once.
“They probably gained access to one entity and realised that the same vulnerability was inherent across their infrastructure.”
Could the same thing happen in a country like Australia?
“It seems to me that Costa Rica’s government infrastructure is probably run by very similar departments or almost centralised.”
To demonstrate how unlikely a complete government shutdown by hackers would be in Australia, Schupp compares Costa Rica’s population of 5 million to a state like Western Australia that has a population around half that.
“WA is quite decentralised – each agency runs their own infrastructure to a large degree. Plus, there's been quite a significant state government push to raise the bar in terms of government capability around cyber security.”
5. Atlassian Confluence Vulnerability
Confluence is a wiki or collaboration software that was developed by Atlassian in 2004 and has become one of the most popular wikis in corporate environments.
In June 2022, a years-old zero-day vulnerability in the software emerged, prompting urgent warnings from cyber security professionals to disconnect Confluence servers from the internet.
“It was certainly something that we responded to quickly and our advice to customers was to do the same,” says Schupp.
“Confluence is a knowledge-based system and there's probably a huge amount of good information and intel in those Confluence Servers that would be ripe for an attacker.”
In addition to a potential data breach that could expose personal data, customer data or other sensitive information, the backdoor vulnerability also posed a threat to network security and any connected IT infrastructure.
With no immediate resolution on offer at the time of the attack, Steve Schupp thinks it was appropriate to get thousands of Confluence servers off the internet until a patch became available.
“There's enough out there that, the risk to data or as an infection point – it was worth responding to like that.”
6. Microsoft Follina Exploit
The Microsoft Follina exploit was a good, old-fashioned, malicious Word file that you might receive in an email – otherwise known as social engineering or phishing.
Surely, we’re not still falling for this lowest common denominator of hacking?
“I was in a secure operations centre recently, talking to analysts who were reviewing a phishing attack where an employee of another company had clicked the link, put their credentials in and downloaded an Excel document.”
“I asked how many times does that happen a day for that customer? And they said with 3000 employees, we'd probably do between five and six of these tickets a day.”
In fact, Steve Schupp confirms that phishing is responsible for the highest proportion of initial attack vectors. It’s also possible that phishing could have been behind most of the top five biggest cyber attacks of 2022 (so far).
7. Medibank data breach
Australians were once again racing to protect their personal information this year as news of the Medibank data breach broke in October.
Although this situation is still developing, at the time of writing, it is believed that up to four million current Medibank customers may have had their data stolen, as well as an unknown number of past customers. Medibank chief executive David Koczar explained how the criminals gained access to the data.
"What we know is the criminals did steal a username and password from someone with high level access to our system. They then impersonated this individual and that's how they got into the systems."
While the extent of this breach is still unfolding, it is another clear reminder that organisations must prioritise keeping customer data safe from cyber criminals, including protecting the credentials of their employees.
How to defend against cyber attacks in Australia
You may be wondering, just how common is cyber crime in Australia? Dr Ahmed Ibrahim is a lecturer in the Computer and Security discipline in ECU’s School of Science and suggests it’s extremely common.
“Our exposure to cyber threats has increased significantly over the past few years in parallel with everything around us being connected to the internet,” says Dr Ibrahim.
More specifically, the Australian Cyber Security Centre (ACSC) 24-hour Cyber Security Hotline 1300 CYBER1 receives a report of cyber crime every 8 minutes. We also know that cyber crime is under-reported.
To better combat cyber crime, Australian Prime Minister Anthony Albanese has created a new portfolio for cyber security in his ministry. Clare O’Neil is the first Minister for Cyber Security in Australia and in fact, in the entire G20 group of nations.
Before the election, Prime Minister Albanese highlighted the importance of increasing cyber resilience in addition to the offensive cyber security programs established by the previous government. That so-called REDSPICE program was set to double employment in the Australian Signals Directorate with 1900 new jobs.
In another potential employment lift for cyber security professionals, the Small Business Technology Investment Boost is offering rebates on cyber security expenses. Businesses with turnover under $50 million can claim up to $100,000 of the cost of digital adoption of cyber security systems.
Learn cyber attack prevention with ECU
Dr Patryk Szewczyk is the Course Coordinator of ECU’s Master of Cyber Security and takes an unsurprisingly binary view of our relationship with cyber security.
“There are two types of people in this world. Those who have already succumbed to the agony and financial stress of cyber-crime, and those who are patiently waiting their turn,” says Dr Szewczyk.
Whichever category you fall into, it’s not too late, or too early to start learning cyber attack prevention with ECU.
ECU’s accelerated 100 per cent online Master of Cyber Security will prepare you with comprehensive cyber security skills in as little as 24 months.
As one of only two universities in Australia recognised by the Federal Government as an Academic Centre of Cyber Security Excellence, ECU has over 15 years’ experience offering cyber courses. With that experience and our close industry connections, we have created two specialisations in our Master of Cyber Security to help you achieve your career goals.
The Technical Analysis specialisation will further advance your technical cyber security skills. You’ll focus on cyber security incident detection and response, data analysis and data visualisation.
The Governance specialisation will broaden your knowledge of cyber policy, governance, ethics and law. You’ll focus on cyber security ethics and principles, as well as cyberspace law policy and governance.
Are you ready to become a leader in cyber security? Learn more about our 100% online Master of Cyber Security. Call our student enrolment team on 1300 707 760 or email email@example.com.