Innofactor Cybersecurity Studio – Week 51: Christmas episode
Innofactor’s Cybersecurity Consultants Janne Nevalainen and Marcus Söderblom discuss the most topical cybersecurity news from all over the globe in our monthly Cybersecurity Studio. The week 51 episode is a Christmas special, where we cover cybersecurity news highlights from 2022.
- Sensitive data from almost 10 million customers leaked in Medibank breach
- Cyber attack resulted in national emergency in Costa Rica
- Record-breaking DDOS attacks
- OpenSSL vulnerabilities
- The hacking group Lapsus$ is considered inactive
- Change the locks if your keys are lost
Cybersecurity Studio hosts embrace Christmas spirit and celebrate every present received.
Sensitive data from almost 10 million customers leaked in Medibank breach
On October 13, 2022, Australian health insurance provider Medibank detected some “unusual activity” on its internal systems, which a few days later turned out to be a very nasty cyberattack.
The attackers, believed to be of Russian origin, exfiltrated sensitive data of 9.7 million customers, including medical information, days of birth, passport numbers, and even health claim information. Medibank refused to pay any ransom whatsoever, which resulted in the attackers publishing selected parts of the aforementioned customer information on the dark web.
US$30 million losses per day and national emergency – Fierce ransomware attack against Costa Rica
On April 17, 2022, Costa Rica’s government faced a ransomware attack against nearly 30 of its institutions, causing major disruptions to financial operations throughout Costa Rica and crippling the countries import and export businesses.
The attack was organized by a Russian-linked cyber group known as Conti, who demanded a US$10 million ransom in exchange for not releasing the stolen information. As a result of the attack, the Costa Rican government had to shut down the computer systems used to declare taxes and for the control and management of imports and exports, causing major losses of US$30 million – per day!
Record-breaking DDoS attacks from 2022
As we already stated in the episode from week 39, 2022 has been a year of DDoS attacks. Records have been broken in both attack volume and length, and hence it’s not easy to reward a single “champion” in this weight class of cyberattacks, if you will.
However, as cybersecurity experts, it’s our job to handpick a winner and the runners-up, so here we go.
Honorable mentions go to the companies Google, Akamai, and Cloudfare, who were volume-wise incredibly busy in protecting their servers from fake requests and garbage traffic. But they don’t quite match the winner, whom we actually introduced earlier this fall.
The winner is an unnamed Chinese company, who was forced to protect against DDoS attacks for four straight hours! The incident was reported by the cybersecurity company Imperva, who disclosed the following statistics of the global attack: 25 billion requests, 180 countries, and over 170,000 IP addresses affected. You can revisit the case in our blog post from week 39.
Hundreds of CSPs impacted by OpenSSL vulnerabilities
OpenSSL published details of two high-severity vulnerabilities in November 2022. OpenSSL is a widely used cryptographic library by Internet servers, including the majority of HTTPS websites. Thus, the potential impact includes hundreds of cloud environments from all major Cloud Service Providers (AWS, GCP, Azure) and millions of workloads.
Both of the reported cases were buffer overflow vulnerabilities, and they affect OpenSSL versions from 3.0.0 to 3.0.6, as well as any application with an embedded impacted OpenSSL library in the affected version range.
Luckily, the vulnerabilities turned out to be less critical than initially expected.
The hacking group Lapsus$ is considered inactive
As a result of multiple high-profile breaches against companies such as Microsoft, NVIDIA, Okta, and Samsung, the prolific hacking group Lapsus$ has been regularly in the news throughout 2022. The group is known for using multiple methods in gaining access to target systems, including recruiting, social engineering, and MFA fatigue.
The UK police has arrested several people suspected to having connections to Lapsus$, and the group is now considered inactive. According to rumors, however, the group might be gaining traction in the foreseeable future.
Would you change the locks if you lost your house keys? Samsung didn’t
Various Android vendors’ app-signing keys have been leaked and are now being used to sign malware. This includes Android vendors such as Samsung, LG, and Mediatek. Android app-signing key is a cryptographic key, which is used by a publisher to sign its applications so that Android devices can verify that the application is legit and actually comes from the publisher who claims to own it.
The danger with the leakage is this: Whoever gets hold of the signing keys can sign malware as genuine software that belongs to the affected companies. This, in turn, means that it’s not possible to know for sure if an app legitimately belongs to the company who claims to own it.
Shockingly, Samsung lost its keys already six years ago – and never replaced them!
To illustrate this: If you were to lose your house keys, you would probably replace the locks, right? And definitely so if the keys were tagged with your name and address. It wouldn’t make sense to blindly trust that no one would access your home with the lost keys.
Back to Android environment. In order to mitigate the vulnerability, users need to reset their device to the default factory settings, which wipes their device clean and eliminates any suspicious activity on the background. In addition, users should always update their apps by using Google’s Play Store.
The full episode of Cybersecurity Studio – Week 51 is available here.
Merry Christmas and stay safe!