2021 broke new ground in terms of cybersecurity, and much was ground just as well left unbroken. With no indication that ransomware, data breaches, and assorted malware will go away soon, the new year is a time for organizations to get a fresh start and really fortify themselves against a widening field of threats.
One month in, we’ve already seen a disturbing array of attacks, from those on political targets to distressing new malware to a breach of exceptional sensitive information.
January 2022’s Biggest Cyber Attacks
Global Affairs Canada Victimized by Undisclosed Threat Actors
Governments worldwide are currently bracing for an upswing in cybersecurity incidents as international tensions continue to bubble. Some targets are unfortunately predictable, such as a January 14 hack of Ukrainian government sites. But no nation is safe from cybercrime, as illustrated by a late January breach of Global Affairs Canada, a government department that oversees diplomatic functions, international trade, humanitarian aid, and other areas surrounding Canada’s role on the global stage. The attack interrupted access to some internet-based services but appears to have caused minimal damage otherwise.
Quick detection was able to mitigate the attack, which officials said did not impact any services critical to Canadians. A statement from Canada’s Treasury Board claimed that “There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur.” The statement did not immediately identify any specific suspects, but media observers were quick to note that this hack was followed in short order by a statement warning Canadians to “bolster their awareness of and protection against Russian state-sponsored cyber threats.” Canada’s experience is a reminder that—in the current cybercrime landscape—it isn’t only the most obvious targets that need to shore up their defenses.
Records Exposed: Unknown
Type of Attack: Data breach
Date of Attack: January 14, 2022
Location: Ottawa, Canada
Key takeaway: The international political landscape simmers beyond the surface currently. As tensions continue to flare, politically motivated attacks are likely to escalate against both government organizations and private industry. Any company or government agency needs to be doubly aware of their threat level and, like Global Affairs Canada, must be prepared to take immediate action when breaches do occur.
New Malware is Coming for Every Operating System
Back in the early days of computer viruses, many Mac and Linux users spoke confidently about how their operating systems were much more secure than lowly PCs. As a January report from Techspot makes clear, the threat landscape has evolved to a point where no OS is safe from sophisticated cyber attacks. The article details the discovery of a custom-made remote access trojan (RAT) known as SysJoker that comes disguised as a system update.
What makes this RAT especially worrisome is that security experts identified three distinct strains written to infect Windows, Mac, and Linux operating systems alike. Worse still, at the time of this writing, the trojan is undetectable by most Mac and Linux security systems.
Meanwhile, over in the mobile sphere, a different RAT known as BRATA is wreaking havoc on Android devices. This trojan was first discovered in Brazil back in 2019 and saw a sudden upswell around the world starting in December 2021. The nastiest aspect of BRATA is not just its ability to steal sensitive data from infected devices, but to also perform a factory reset, effectively wiping out all existing data.
BRATA attacks have been especially rampant in the banking and finance industries and are difficult to track since they are basically the mobile equivalent of robbing a bank before burning it to the ground on your way out.
Records Exposed: Potentially unlimited
Type of Attack: Remote access trojans
Date of Attack: Multiple dates
Key takeaway: There is no such thing as an attack-proof operating system, as organizations using non-Windows systems are at risk from cybercrime. This situation clearly demonstrates how infections can even be harder to detect in those systems. A cybersecurity program that can account for all of an organization’s devices, including mobile phones and tablets, is crucial to a holistic cybersecurity strategy.
No News Is Bad News for Norwegian Media Company
The presses stopped quite literally when a late December attack shut down operations at a media company that publishes approximately 80 local and regional newspapers across Norway.
The December 28 breach of Amedia’s IT systems forced the publisher to take its printing presses offline, preventing the publication of physical newspapers for several days. Hackers also accessed the company’s advertising and subscription services, potentially stealing names, addresses, and phone numbers of the publisher’s 2.5 million subscribers. Amedia assured subscribers that no financial information was compromised in the breach.
No culprit has been identified so far, but this was the third high-profile attack on a Norwegian organization in the same month. The Amedia breach followed a December 21 hack of food producer Nortura and a December 24 attack on Nordland County Municipality. Even in a country like Norway with high standards for online security, organizations are constantly at risk.
Records Exposed: Names, addresses, phone numbers
Type of Attack: Undisclosed. Possible ransomware attack
Date of Attack: December 28, 2021
Key takeaway: There is a tendency to think of cybercrime as a strictly online concern rather than something that can affect a business’s physical operations. But beyond the behind-the-scenes damage a data breach can incur, organizations also have to think about the negative publicity and confusion caused by physical disruptions like pausing publication of a newspaper for several days.
Red Cross Attack Further Endangers Vulnerable Individuals
Accentuating the fact that there is no such thing as honor among thieves, a cyber attack on a third-party contractor compromised more than half a million sensitive Red Cross records, including personal records the organization classifies as “highly vulnerable.”
The data was pulled from a network of 60 Red Cross- and Red Crescent-affiliated facilities around the world, encompassing more than 515,000 aid recipients as well as 2,000 employees. No cybercrime group has been identified so far, but officials worry that the stolen information will be used to target thousands of people who already live in dire conditions.
In a January 19 statement, the International Committee of the Red Cross (ICRC) confirmed that an attack on a data storage company contracted by the humanitarian organization compromised the data of thousands of people who are currently missing,—unhoused due to disasters, being held in detention facilities, or otherwise vulnerable.
The ICRC took its servers offline to investigate and mitigate further damage. It also issued a heartfelt plea to the criminals through the IRC director general: “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”
Records Exposed: Personally identifiable data of vulnerable individuals.
Type of Attack: Unknown
Industry: Medical and humanitarian aid
Date of Attack: January 19, 2022
Location: Switzerland, worldwide
Key takeaway: There really is no bottom when it comes to the depths criminals are willing to plumb to get their hands on data. This attack is a frightening example of the literal life-or-death consequences sometimes involved in cybersecurity, as well as yet another reminder of the risks involved with relying on any third-party service provider.
January provided more ammunition to the belief that no one is safe from cyberattacks, regardless of your affiliations, intentions, or operating systems. It’s a sobering and rather depressing thought, but sometimes it pays to plan for the worst. Shoring up your security operations sooner rather than later is always the wisest approach.