Only one and a half months into the year, hackers have stormed the news space already. Countries are not spared. Not even humanitarian organizations.
U.S. defense contractors, Ukrainian Banks and Government websites, Red Cross, Sansad T.V. of Government of India to name some.
You read it right.
2022 seems to be a year for hackers. The year might be a very trying year for cybersecurity experts.
2021 was not behind the race even. It also recorded some of the most notorious hacks in history.
Countries and businesses are putting a ton of resources to fortify and bolster cybersecurity; it seems they aren’t enough.
Let’s look at five such incidents that took everyone by shock:
- Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
As per an alert by the Cybersecurity and Infrastructure Security of the Government of USA, from at least January 2020 through February 2022, the Federal Bureau of Investigation, National Security Agency, and Cybersecurity and Infrastructure Security Agency have observed regular targeting of U.S. cleared defense contractors (CDCs) by Russian state-sponsored cyber actors. The actors have targeted both large and small CDCs and subcontractors with varying levels of cybersecurity protocols and resources.
The acquired information provides significant insight into U.S. weapons platforms development and deployment timelines, vehicle specifications, and plans for communications infrastructure and information technology.
- At least 10 Ukrainian websites stopped working due to DDOS attacks, including Defence Ministry, Foreign Ministry, Culture Ministry, and two largest state banks.
A cyberattack hit the websites of Ukrainian government agencies and major banks on February 15. This isn’t the first attack. There were several such hacking operations that happened before targeting Ukraine country. At least 10 Ukrainian websites stopped working due to DDOS attacks, including Defence Ministry, Foreign Ministry, Culture Ministry and Ukraine’s two largest state banks.
Customers at Ukraine’s largest state-owned bank, Privatbank, and the state-owned Sberbank reported problems with online payments and the banks’ apps. The Ukrainian Information Ministry’s Center for Strategic Communications and Information Security said Russia could be behind Tuesday’s incident in a statement. “It is possible that the aggressor resorted to tactics of petty mischief, because his aggressive plans aren’t working overall,” the statement said.
In mid-January, 70 Ukrainian government websites were temporarily disabled.
- In an apparent hack, GiveSendGo, a crowdfunding website used to raise funds for the “Freedom Convoy” demonstration organized by Canadian truckers, was taken down, and information about purported donors was leaked online. According to The Verge, the names, email addresses, ZIP codes, and country of origin of some 93,000 donors were leaked to a hosting website called “Distributed Denial of Secrets.” More than half of the donors are based in the United States.’
A self-described “cyberterrorist” who rose to infamy as a member of the hacktivist group Anonymous is taking credit for the recent breach of GiveSendGo that released the names of donors to the Canadian trucker convoy.
- The Indian Parliament’s YouTube station, Sansad T.V., was hacked on February 15 morning. Its name was even modified by the hackers and changed to Ethereum. It took two hours to rectify. The hack disrupted the channel’s live streaming.
In an official statement, Sansad T.V. informed about this:
Sansad T.V.’s YouTube station broadcasts the same feed as the regular Lok Sabha T.V. broadcast.
- In January, it was reported that a cyber security attack had compromised personal data and confidential information on more than 515,000 highly vulnerable available at computer servers hosting information held by the International Committee of the Red Cross (ICRC).
This data, originated from at least 60 Red Cross and Red Crescent National Societies worldwide, has sensitive information on highly vulnerable people, including those separated from their families due to conflict, migration, disaster, missing persons.
In an official update on February 16, ICRC has clarified that the attackers used a very specific set of advanced hacking tools designed for offensive security. These tools are primarily used by advanced persistent threat groups, are not available publicly and therefore out of reach to other actors. Elaborating the threat further, the statement says – An advanced persistent threat (APT) is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
One hack story that made headlines was Rituraj Chaudhary from Bihar, who hacked Google for 51 seconds.
The viral post in Hindi roughly translates to, “This man, Rituraj Chaudhary, hacked Google for 51 seconds a few nights ago. Google officials in the USA went crazy. But Rituraj resumed Google’s services and mailed them about a flaw on their website that can be used to hack the system.”
However, post a fact-check by many media outlets, the story came out to be fake.
ZDnet has reported that devious hackers are using NFT hype to hijack your PC and webcam
Cybersecurity researchers warn that criminals are using hype around NFTs to trick victims into downloading password-stealing BitRAT malware that allows them to hijack infected machines.