The Top Cyber Security News From 2022

What a year it’s been! The last 12 months have seen a dramatic increase in the frequency and severity of cyber attacks and some unforgettable updates to the world of cyber security.

We’re looking back at some key developments and highlights from 2022. From the largest DDoS attack in history and millions of users affected by breaches across the globe, all the way through to reaching one million TryHackMe users - we have a lot to share!

Let’s dive straight in…

You’re One in a Million!

At the beginning of the year, we officially surpassed one million users on TryHackMe! To celebrate this momentous milestone, we released batches of brand-new content, gave away a bunch of year-long subscriptions (plus epic limited edition swag!), and even dived into a live Q&A featuring some of the faces behind TryHackMe. We have a team of over 50 experts with combined hundreds of years experience in cyber security; we love to share what we’re all about!

Kaspersky Antivirus Considered a Security Risk

Previously named by Gartner as the third-largest provider of consumer-level IT products, Kaspersky, the digital cyber security and anti-virus company used across the globe, has since been identified as a risk to national security. On the 25th of March, the US Federal Communications Commission (FCC) and the Department of Homeland Security (DHS) added Kaspersky to the list of foreign IT vendors that “pose an unacceptable risk to national security or the security and safety of United States persons”.

While we’re yet to see public evidence of wrongdoing, companies in the US are forbidden from using FCC funds to purchase Kaspersky products.

Google Hit by “Largest Ever” Web DDoS Attack

On the 1st of June, Google reported that it had blocked the “largest” distributed denial of service (DDoS) attack on record, targetting a Google Cloud Armor user with HTTPS for over an hour. The peak of the attack reached 46 million requests per second.

At 9:45 AM (PT), an attack of more than 10,000 requests per second (rps) targeted Google’s customer’s HTTP/S Load Balancer. Eight minutes later, the attack grew to 100,000 requests per second. Google announced the DDoS attack was 76% larger than the previous record, highlighting the severity of the attack.

DDoS (distributed denial-of-service) attacks are designed to exceed a website’s capacity to handle multiple requests, preventing the website from functioning as it should. DDoS attacks are increasing in frequency and growing in size at an alarming rate, often used to blackmail businesses into paying a ransom, disrupt service, distract an incident response team and even inflict long-term brand damage.

Twitter’s Data Breach Affects 5.4 Million Users

Towards the end of July, a hacker claimed to have possession of 5.4 million Twitter accounts for sale. As a result of the attack, the hacker was able to link email addresses and phone numbers to user accounts, compiling a list of 5.4 million Twitter user profiles.

The hacker (going by the alias “devil”) revealed they harvested the data using a vulnerability initially flagged to Twitter six months prior. Twitter confirmed the breach on the 5th of August, advising users to secure their accounts with multi-factor authentication. The social giant reassured users that no passwords were compromised in the breach.

Uber Systems Breach

September brought us the news of a significant Uber systems breach that sent shockwaves throughout the ride-hailing company.

Uber employees initially received a message that read, “I announce I am a hacker, and Uber has suffered a data breach”, before listing several internal databases that had supposedly been compromised. It’s thought that the breach took place after an Uber employee fell victim to social engineering targeting and mistakenly handed over login credentials to the hacker.

Uber’s system breach left internal systems inaccessible, with the hacker gaining access to the organisation’s email dashboard, endpoints, Windows domain and Amazon Web Services console.

Over 1.2 Million Credit Card Numbers Leaked on Forum

On the 12th of October, BidenCash, a carding marketplace that promotes the trafficking and unauthorised use of credit cards, released the details of 1,221,551 credit cards of individuals from the United Kingdom and United States.

A file posted on the site contained the card numbers, expiration dates and CVV numbers of cards expiring between 2023 and 2026, meaning that fraudsters could use these details to make online transactions.

BidenCash hit the news earlier in June 2022 after previously leaking thousands of credit card information to promote the carding website. Cyber security experts believe the latest October release of credit card information could be another attempt at advertising.

The Launch of Hackerween

For the very first year, we released TryHackMe’s Hackerween - a spooky five-day affair running over Halloween week packed full to the brim of juicy content!

Hackerween brought us new daily challenges, created by our team of experts to exercise your skills on different topics. Daily challenges alternated between blue teams and red teams, with a difficulty rating of easy to medium to test your skills in offensive and defensive topics. You can still access all the Hackerween challenges, totally free. We’re excited to launch more challenge events in 2023 - watch this space!

Denmark Ranked As the Most Cyber-Secure Country in the World

According to the Global Peace Index 2022, Denmark is the fourth safest country in the world, with considerably low crime rates and a fantastic economy and welfare system. And, on the 26th of September 2022, Denmark was announced as the most cyber-secure country in the world!

In the report of cyber secure countries, Denmark was closely followed by Germany, the United States, Norway, the UK, Canada, Sweden, and Australia. Named as the least cyber-secure countries in the world were Tajikistan, Bangladesh, and China.

While countries across the globe are facing increasingly sophisticated cyber attacks, Denmark consistently leads the global race in cyber security for their widespread implementation of two-factor authentication, strict legislation, cyber security laws, the wide-ranging digitisation of public services, a technologically proficient population, and Danish businesses keeping up with technological advances. These initiatives have contributed to Denmark's becoming more robust and digitally secure.

Dozens of Meta Employees Fired for Alleged Hacking

On the 17th of November, global outlets were flooded by the news that dozens of Meta employees were disciplined or fired for breaking Facebook’s terms of service by allegedly compromising and taking over user accounts.

The employees, - some of whom were contractors employed as security guards - were investigated for abusing internal tools to bribe users into paying a fee to recover their locked social media accounts. According to the social network's terms of service, the buying or selling of accounts or paying for account recovery is a violation.

One employee was dismissed following accusations that they allowed hackers to fraudulently access multiple Facebook accounts in exchange for thousands of dollars worth of Bitcoin.

Log4j

In December of 2021, a newly-discovered zero-day vulnerability, Log4j, hit the cyber news with the highest possible CVSS score of 10. The vulnerability enabled attackers to remotely gain access to and take control of machines and servers. It was (and still is) embedded in many apps, services and enterprise software tools written in Java.

Within hours of its discovery, cyber criminals began exploiting the vulnerability globally. Log4j was claimed to be one of the most severe exploits worldwide.

One year on, customers are still hit by an average of 500,000 attack requests daily, with around 7% of those requests successful. On the 3rd of December, 2022, attack requests skyrocketed higher than had been seen when the vulnerability was first released.

As a reactive platform closely monitoring recent threats, TryHackMe launched a training lab within 24 hours of log4j’s launch. You can still access our free interactive training lab, allowing you to find out more about how you can exploit, detect and mitigate Log4j!

The Return of the Bandit Yeti

Ho ho hackety ho! Advent of Cyber returned to our screens on the 1st of December, and this time round, all users were in with the chance of winning epic prizes worth over $40,000!

We needed your help investigating a serious breach and testing all remaining systems for security flaws. Thanks to all of you, we managed to help McSkidy and the team identify their mysterious adversary, investigate the incident and secure their systems once again throughout each of the daily exercises!

We also gave away some fantastic prizes, subscription vouchers and free swag to our awesome users - to thank you for joining in on the hacking festivities!

Don’t panic if you missed out! All Advent of Cyber tasks from 2022 will be available until November 2023.

We’re excited and intrigued to see what 2023 has in store for the wonderful world of cyber security; the good, the bad, and the ugly. We’ll be here with you throughout your learning journey! Here’s to 2023!