www.isaca.org
Open in
urlscan Pro
2606:4700::6810:1c79
Public Scan
Submitted URL: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/top-cyberattacks-of-2022-lessons-learned#.Y7-fRhpT...
Effective URL: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/top-cyberattacks-of-2022-lessons-learned
Submission: On January 12 via api from ZA — Scanned from DE
Effective URL: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2022/top-cyberattacks-of-2022-lessons-learned
Submission: On January 12 via api from ZA — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
ISACA_logo_RGB
* Why ISACA?
* Membership
* Credentialing
* Training & Events
* Resources
* Enterprise
*
* Sign In
* Support
* Careers
* Join/Renew
* MyISACA
* Cart (0)
* Renew
* Professional Join
* Recent Grad Join
* Student Join
* Membership
* Certifications
* Certificates
* CPE Certificates
* Learning Access
* Resources
* Order History
Search
For 50 years and counting, ISACA® has been helping information systems
governance, control, risk, security, audit/assurance and business and
cybersecurity professionals, and enterprises succeed. Our community of
professionals is committed to lifetime learning, career progression and sharing
expertise for the benefit of individuals and organizations around the globe.
Today, we also help build the skills of cybersecurity professionals; promote
effective governance of information and technology through our enterprise
governance framework, COBIT® and help organizations evaluate and improve
performance through ISACA’s CMMI®. We serve over 165,000 members and enterprises
in over 188 countries and awarded over 200,000 globally recognized
certifications. ISACA is, and will continue to be, ready to serve you.
* Why ISACA Home
* What We Offer
Benefit from transformative products, services and knowledge designed for
individuals and enterprises.
* About Us
Information and technology power today’s advances, and ISACA empowers IS/IT
professionals and enterprises.
* One In Tech
One In Tech is a non-profit foundation created by ISACA to build equity and
diversity within the technology field.
* * Participate and Volunteer
* Leadership and Governance
* Academic Partnership
* Advocacy
* Contact Us
* Newsroom
Gain a competitive edge as an active informed professional in information
systems, cybersecurity and business. ISACA® membership offers you FREE or
discounted access to new knowledge, tools and training. Members can also earn up
to 72 or more FREE CPE credit hours each year toward advancing your expertise
and maintaining your certifications.
As an ISACA member, you have access to a network of dynamic information systems
professionals near at hand through our more than 200 local chapters, and around
the world through our over 165,000-strong global membership community.
Participate in ISACA chapter and online groups to gain new insight and expand
your professional influence. ISACA membership offers these and many more ways to
help you all career long.
* Membership Home
* IamISACA
We are all of you! Meet some of the members around the world who make ISACA,
well, ISACA.
* Professional
Contribute to advancing the IS/IT profession as an ISACA member.
* Recent Graduate
Start your career among a talented community of professionals.
* Student
Get an early start on your career journey as an ISACA student member.
* * Member Benefits
* Membership Levels
* Browse Chapters
* Join Now
* Contact Us
Validate your expertise and experience. Whether you are in or looking to land an
entry-level position, an experienced IT practitioner or manager, or at the top
of your field, ISACA® offers the credentials to prove you have what it takes to
excel in your current and future roles.
Take advantage of our CSX® cybersecurity certificates to prove your
cybersecurity know-how and the specific skills you need for many technical
roles. Likewise our COBIT® certificates show your understanding and ability to
implement the leading global framework for enterprise governance of information
and technology (EGIT). More certificates are in development. Beyond
certificates, ISACA also offers globally recognized CISA®, CRISC™, CISM®, CGEIT®
and CSX-P certifications that affirm holders to be among the most qualified
information systems and cybersecurity professionals in the world.
* Credentialing Home
A CISA, CRISC, CISM, CGEIT, CSX-P, CDPSE, ITCA, or CET after your name proves
you have the expertise to meet the challenges of the modern enterprise.
* Certifications
* Certificates
Choose from a variety of certificates to prove your understanding of key
concepts and principles in specific information systems and cybersecurity
fields.
* * Badges
* Career Pathways
* Verify a Certification
* Contact Us
ISACA® is fully tooled and ready to raise your personal or enterprise knowledge
and skills base. No matter how broad or deep you want to go or take your team,
ISACA has the structured, proven and flexible training options to take you from
any level to new heights and destinations in IT audit, risk management, control,
information security, cybersecurity, IT governance and beyond.
ISACA delivers expert-designed in-person training on-site through hands-on,
Training Week courses across North America, through workshops and sessions at
conferences around the globe, and online. Build on your expertise the way you
like with expert interaction on-site or virtually, online through FREE webinars
and virtual summits, or on demand at your own pace.
* Training & Events Home
* Train Your Way
Choose the Training That Fits Your Goals, Schedule and Learning Preference
* Digital Trust World Conference
Expand your knowledge, grow your network and earn CPEs while advancing
digital trust.
* GRC CONFERENCE
Grow your expertise in governance, risk and control while building your
network and earning CPE credit.
* Online Training
Advance your know-how and skills with expert-led training and self-paced
courses, accessible virtually anywhere.
* * Cybersecurity Training
* Career Home
* Find Training by Topic
* Training Partners
* Academic Partnership
* Sponsorship Opportunities
* Learning Access
* Call for Speakers
Get in the know about all things information systems and cybersecurity. When you
want guidance, insight, tools and more, you’ll find them in the resources ISACA®
puts at your disposal. ISACA resources are curated, written and reviewed by
experts—most often, our members and ISACA certification holders. These leaders
in their fields share our commitment to pass on the benefits of their years of
real-world experience and enthusiasm for helping fellow professionals realize
the positive potential of technology and mitigate its risk.
Available 24/7 through white papers, publications, blog posts, podcasts,
webinars, virtual summits, training and educational forums and more, ISACA
resources.
* Resources Home
* Insights & Expertise
Audit Programs, Publications and Whitepapers
* COBIT
The leading framework for the governance and management of enterprise IT.
* Journal
Peer-reviewed articles on a variety of industry topics.
* * Store
* Frameworks, Standards and Models
* IT Audit
* IT Risk
* Cybersecurity
* News and Trends
* ISACA Digital Videos
* ISACA Podcast
* Glossary
* Engage Online Communities
Add to the know-how and skills base of your team, the confidence of stakeholders
and performance of your organization and its products with ISACA Enterprise
Solutions. ISACA® offers training solutions customizable for every area of
information systems and cybersecurity, every experience level and every style of
learning. Our certifications and certificates affirm enterprise team members’
expertise and build stakeholder confidence in your organization. Beyond training
and certification, ISACA’s CMMI® models and platforms offer risk-focused
programs for enterprise and product assessment and improvement.
On the road to ensuring enterprise success, your best first steps are to explore
our solutions and schedule a conversation with an ISACA Enterprise Solutions
specialist.
* Enterprise Home
* Train
Build your team’s know-how and skills with customized training.
* Certify
Affirm your employees’ expertise, elevate stakeholder confidence.
* Performance Solutions
Build capabilities and improve your enterprise performance using: CMMI V2.0
Model Product Suite, CMMI Cybermaturity Platform, Medical Device Discovery
Appraisal Program & Data Management Maturity Program
* * CMMI - An ISACA Enterprise
* Medical Device Discovery Appraisal Program
* CMMI Cybermaturity Platform
* CMMI-CMMC
* Partner with ISACA
* Partner Directory
* Contact Enterprise Solutions
* Why ISACA?
* Why ISACA Home
* What We Offer
* About Us
* One In Tech
* Participate and Volunteer
* Leadership and Governance
* Academic Partnership
* Advocacy
* Contact Us
* Newsroom
* Membership
* Membership Home
* IamISACA
* Professional
* Recent Graduate
* Student
* Member Benefits
* Membership Levels
* Browse Chapters
* Join Now
* Contact Us
* Credentialing
* Credentialing Home
* Certifications
* Certificates
* Badges
* Career Pathways
* Verify a Certification
* Contact Us
* Training & Events
* Cybersecurity Training
* Training & Events Home
* Train Your Way
* Digital Trust World Conference
* GRC CONFERENCE
* Online Training
* Career Home
* Find Training by Topic
* Training Partners
* Academic Partnership
* Sponsorship Opportunities
* Learning Access
* Call for Speakers
* Resources
* Resources Home
* Insights & Expertise
* COBIT
* Journal
* Store
* Frameworks, Standards and Models
* IT Audit
* IT Risk
* Cybersecurity
* News and Trends
* ISACA Digital Videos
* ISACA Podcast
* Glossary
* Engage Online Communities
* Enterprise
* Enterprise Home
* Train
* Certify
* Performance Solutions
* CMMI - An ISACA Enterprise
* Medical Device Discovery Appraisal Program
* CMMI Cybermaturity Platform
* CMMI-CMMC
* Partner with ISACA
* Partner Directory
* Contact Enterprise Solutions
* Join/Renew
* Renew
* Professional Join
* Recent Grad Join
* Student Join
* MyISACA
* Membership
* Certifications
* Certificates
* CPE Certificates
* Learning Access
* Resources
* Order History
* Sign In
* Support
* Careers
* Cart (0)
HOME / RESOURCES / NEWS AND TRENDS / ISACA NOW BLOG / 2022 / TOP CYBERATTACKS OF
2022 LESSONS LEARNED
ISACA NOW BLOG
TOP CYBERATTACKS OF 2022: LESSONS LEARNED
Author: Raef Meeuwisse, CISM, CISA
Date Published: 21 December 2022
For over a decade, I have analyzed the root causes, trends and patterns from
what post-breach management specialists like to call unauthorized third parties
performing really sophisticated cyberattacks. In the past, these cyberattacks
were rarely “sophisticated” – and “unauthorized third parties” almost always
meant cybercriminals.
2022 was different because infamy, that quality of becoming well-known for being
cosmically bad at something, or an epic clown act, is no longer a prerequisite
when it comes to having your digital landscape compromised. It is no longer
*always* the organizations with lousy cybersecurity that are getting their data
hacked.
In 2022, when it comes to large breaches, the unauthorized third parties are not
necessarily the traditional organized gangs of cybercriminals from years gone by
– they might be rogue nation-states or gifted (albeit misdirected) teenagers.
Many of the cyberattacks are now looking far more sophisticated than in previous
years.
The past year has been so full of breaches, not even the tech journalists can
agree on what measurement to use to work out which of the hacks or breaches are
the worst. Should it be monetary? Number of people impacted? Amount stolen?
Remediation cost?
For those reasons, I am going to take what I think are the three largest data
breaches (based on number of records stolen) and identify what key lessons we
can take from them.
We start with the smallest of the three data breaches:
Optus (9 million)
“Cyber Security. We won’t just do better. We’ll do best” declares the Optus
cyberattack response page. A bold statement given that up to 9.8 million people
could be impacted by the breach, which equates to approximately 40% of the
entire population of the country it operates in, Australia.
Optus has not officially divulged the root cause, but various sources report
that the intrusion leveraged an application programming interface (API) that
could retrieve customer details without any authentication. Why? Because it was
*thought* that the API would only ever be instantiated within secure network
areas.
Allegedly – due to human error – a build engineer placed an instance of this API
(with access to real data) in a test environment – and that test environment was
accessible over the internet. Additionally, the records inside the database had
insecure serialization – meaning the intruder could use example customer record
IDs to predict the reference ID of other records.
If the information above proves to be correct, there were multiple, significant
major and critical security control gaps at Optus (what I have always referred
to as stacked risks). As I have stated in the past, any enterprise taking a
siloed approach and looking at individual risks can easily miss the potential
magnitude of their overall exposure.
Optus has set aside ~$95m (A$140m) to cover the fallout from this data breach.
Lesson Learned from Optus Breach: Do not be tempted to let multiple known
security risks sit unresolved because your organization *thinks* there is
another layer of security in place. Why? *Because* that other layer of security
will be taking the same approach.
As with every megabreach, intruders need to find multiple holes in the security
of a digital landscape to do real damage and take substantial amounts of data.
Uber (57 million):
This next example begins with an attack vector that is part of an intrusion
trend. The hacker, in this case understood to be a teenager affiliated with
Lapsus$, compromised the multi-factor authentication (MFA) by bombarding one
person with authentication requests. Eventually, the authorized user accepted
one of the bogus authentication requests, enabling the intruder to gain access
to the company VPN (virtual private network).
(Side note: In a prior cyberattack earlier in the year, Lapsus$ had a 5% success
rate in this type of MFA request-bombing attack vector, which was much higher
than the 0.1% predicted by some marketing materials.)
Once inside the Uber VPN, the attacker was able to leverage several sub-optimal
security configuration settings within the network and locate a PowerShell
script that contained hard-coded privileged account management system (PAMS)
credentials.
Once inside the PAMS, the intruder was able to access multiple tools and storage
areas containing millions of Uber drivers and user records.
Lesson Learned from Uber Breach: Never rely on MFA alone to protect critical
assets. Expect that hackers will compromise MFA on occasion and will target your
highest value security assets (such as PAMS).
Take steps to mitigate the potential for compromise of these systems by, for
example, minimizing any system accounts to the very least privilege they
require, having automated monitoring alerts for any unusual behaviors and
enforcing the highest standards of security best practice.
If you *must* place privileged access credentials in any system scripts, then
compensating controls, such as surgically limiting permissions and automated
monitoring, will be required.
Neopets (69 million)
… Although I did state that an enterprise no longer needs to fail badly at
cybersecurity, in my view, this breach seems to flatly fall into that category.
Neopets managed to get its source code and 69 million user details stolen …
without noticing until the cybercriminal offered to sell their database.
As Neopets put it in their statement:
As part of that same statement, Neopets stated that it “… is committed to
safeguarding our players' personal information.” – which felt a little hollow –
but at least the company committed to more extensively implementing MFA and
strengthening security.
With the dwell-time (time from intrusion to discovery) of around 16 months, the
intruders were able to take a leisurely stroll around the internal digital
landscape for a long time without any fear of detection.
Lesson Learned from Neopets Breach: Underinvestment in cybersecurity continues
to be a false economy. Breaches create brand damage, remediation work and
potential regulatory fines that massively outweigh any initial cost-savings from
underspending on security operations. When regulators look at organizations
after a breach, the main question is: Can this enterprise demonstrate due
diligence in how it invested in and operated its cybersecurity BEFORE the breach
took place?
Average Isn’t Good Enough
2022 saw most organizations continuing to scale up their investments in
cybersecurity as awareness grew that skimping on infosec was not a wise or
viable way forward. Nonetheless, 2022 was still a cyberattack wasteland because
the threats are still moving faster than the *average* enterprise.
Hackers (ethical or otherwise) can get in through the tiniest of gaps. If there
are layers of security gaps, then intruders can also get back out with a lot of
data.
Expect that it is the multiple unresolved gaps that can seem small on their own
that hackers can stack together to form a bridge into and back out of your
critical systems.
Expect intruders to try to target and re-purpose the tools and processes your
enterprise uses to keep itself secure (such as multi-factor authentication and
PAMS).
For me, the primary breach lesson from 2022 is this:
If your enterprise security wants to stay ahead – do not aim to be average – aim
to be exceptional.
Previous Article
Next Article
ISACA NOW BY YEAR
2023
2022
2021
2020
2019
QUICK LINKS
RESOURCES
COBITISACA JournalPress ReleasesResources FAQs
Insights and Expertise
* Audit Programs and Tools
* Publications
* White Papers
* Engage Online Community
News & Trends
* @ ISACA
* Industry News
* ISACA Now Blog
* ISACA Podcasts
* ISACA TV
Frameworks Standards and Models
* IT Audit
* IT Risk
* Glossary
* Call for Case Studies
*
*
*
*
*
* Contact Us
* Terms
* Privacy
* Cookie Notice
* Fraud Reporting
* Bug Reporting
* COVID-19
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173,
USA | +1-847-253-1545 | ©2023 ISACA. All rights reserved.
ISACA COOKIE CONSENT INFORMATION
This website uses information gathering tools including cookies, and other
similar technology. We use cookies to personalize content and ads, to provide
social media features and to analyze our traffic. We also share information
about your use of our site with our social media, advertising and analytics
partners. Ad and Cookie Policy
Cookies Settings Accept All Cookies
COOKIE SETTINGS
* YOUR ISACA COOKIE PRIVACY...
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
* SOCIAL MEDIA COOKIES
YOUR ISACA COOKIE PRIVACY...
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be
able to use or see these sharing tools.
Cookies Details
Back Button
BACK
Filter Button
Consent Leg.Interest
Switch Label label
Switch Label label
Switch Label label
* View Third Party Cookies
* Name
cookie name
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Deny All Allow All