It was all over the news, but ZDNet’s Eileen Yu was one of the first. — “Hacker is believed to have breached Uber’s entire network in a social engineering attack, which one security vendor says is more extensive than the company’s 2016 global data breach and access logs potentially altered.”
The article continues: ” A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber’s cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).
“The attacker is claiming to have completely compromised Uber, showing screenshots where they’re full admin on AWS and GCP,” Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: “This is a total compromise from what it looks like.”
Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according a report by The New York Times (NYT), which broke the news. The company’s internal messaging platform, Slack, also was taken offline.
The hacker, who claimed to be 18 years old, told NYT he had sent a text message to an Uber employee and was able to persuade the staff member to reveal a password after claiming to be a corporate information technology personnel. The social engineering hack allowed him to breach Uber’s systems, with the hacker describing the company’s security posture as weak.
With the employee’s password, the hacker was able to get into the internal VPN, said Acronis’ CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber’s Slack management interface.”
Quote from WIRED: “One independent security engineer described the OneLogin account access the Uber hacker seems to have had access to as “the golden ticket jackpot.”
“That’s God—they own that there’s nothing they can’t access,” the security engineer added. “It’s Disneyland. It’s a blank check at the candy shop and Christmas morning all rolled up together. But sure, customer ride data wasn’t impacted. OK.”
The theft of portions of the source code is the second cybersecurity incident LastPass suffered in nine months. The company has confirmed the breach.
Sumeet Wadhwani Asst. Editor, Spiceworks Ziff Davis Last Updated: August 30, 2022
Password management services provider LastPass suffered the theft of proprietary information after a hacker used a compromised developer account to access the company’s development environment. The incident compromised portions of the company’s source code and some proprietary technical information.
LastPass explained that the incident occurred a couple of weeks ago when the unknown hacker gained access to its systems through a breached developer account, alerting the password management company of unusual activity.
While customer data and passwords remain unaffected despite the break-in, LastPass said the hacker could steal the source code and other proprietary data, given the compromised account had access to the LastPass development environment.
The company said, “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
Avishai Avivi, CISO at SafeBreach, explained to Spiceworks how the theft of the source code could be damaging in the future. He said, “Bad actors will want source code for the same reason bank robbers will want floor plans to a bank. Being able to understand how the particular software works can potentially help the malicious actor identify its weak points and ways of gaining entry.”
“This doesn’t, however, mean that access to the bank’s floor plan, or even being able to compromise one of the bank employees, necessarily means that any money will be stolen.”
LastPass’ encrypted vaults store customer passwords that can be decrypted only using the master password. The master passwords weren’t compromised, considering LastPass doesn’t store them and are accessed through the Zero Knowledge security model described in the image below:
LastPass Zero Knowledge Security Model | Source: LastPass
“Zero knowledge means that no one has access to your master password or the data stored in your vault, except you. Not even LastPass,” the company notes on its website. Late in 2021, LastPass was suggestively victimized in a credential stuffing attack, the kind PBKDF2 hashing from the flowchart above is used to thwart.
Easy solutions for 10 common IT help desk problems.
Help desks in most organizations are extremely busy places. A wide range of issues and problems are normally sent into the help desk and the support team has to find ways of dealing with them.
Nevertheless, there are some problems that recur again and again, to the point where you may be tearing your hair out trying to help users reset their password for the umpteenth time. Or troubleshooting the same errors with their computers might make you want to drown yourself in your coffee.
“Have you tried turning it off and on again?” might not be a sufficient solution – although in many cases this does work! Many problems require in-depth troubleshooting to find the answer, and users are desperate for the help desk to assist them.
On the bright side, you may feel inspired that you know how to easily solve these common problems for your users.
10 common help desk problems and solutions
1. I forgot my password!
You go away on holiday and you forget your system password when you come back. You regret not writing your password down on a post-it-note underneath your desk. There’s nothing more frustrating than not being able to access all of your files because you forgot your password, and the answer is usually a quick email to the help desk.
It’s important to bear in mind that you might be entering your password incorrectly but this problem could be fixed.
Maybe you do remember your password, but you’ve left the CAPS lock key on while trying to enter it. This is an important troubleshooting step when the user thinks they have forgotten their password. Additionally, their password may have expired and you should ask them whether they’ve received notifications asking them to update their password.
If they really have forgotten the password and they need a new one, the help desk can send the employee a password reset link. If there are further problems, the help desk can offer more support.
2. The blue screen of death
Encountering the blue screen of death is the worst fear of any Windows user. It results in a loss of productivity and potentially the need to invest in new hardware.
The blue screen signifies that the system has crashed and often makes the user fear that the computer is irreparably broken. They have no choice but to immediately contact the help desk for assistance.
However, it’s not usually as bad as you think. You can still save a computer that is experiencing the blue screen of death. The problem is usually related to the hardware or one of the drivers, and can often be fixed by restarting the system.
It’s important to remember that the blue screen of death often includes information about the nature of the issue. Making sense of the screen’s text can often tell you whether a restart will be sufficient or you need professional help to save your computer.
3. Can’t connect a USB device
It’s common for a help desk issue to involve a computer that won’t recognize a USB drive. Maybe the user has an important file saved on their device and they want to import it onto their computer but are encountering issues. There are many reasons why the computer will fail to recognize the device, including a problem with the USB port in question.
Ask the user to check whether the device is recognized by a different port. You can also ask them to check whether the USB drive works on another machine – if it does then it’s probably an issue with the computer rather than the USB.
If it’s a problem with the device itself, then the help desk can provide assistance with looking into possible reasons and coming up with potential fixes.
4. The system is running slowly
Sometimes, users contact the help desk with the problem that their computer is taking too long to execute tasks. A slow-running computer is frustrating and severely hampers productivity.
This could be happening for a number of reasons, the most likely of which is that the user is running too many programs at once and this is making the computer slow down. The solution is to close down some of these programs to cause your computer to speed up.
Another possible reason is that the computer is running scans or updates in the background without the user’s knowledge. This plays a big factor in slowing down your computer. If possible, try to reschedule the updates for outside of work hours when they won’t have an impact on the computer’s performance.
5. I can’t print my work
Having problems with the printer is one of the most common reasons that users contact the help desk. There’s nothing more frustrating than being about to go into a big meeting and being unable to print the agenda. A troublesome printer seems impenetrable and users have no idea how to fix it.
The solution could be as simple as the printer being turned off. It’s advisable to ask users to check this first. If the printer is on, there may be problems with the configuration which will be harder to fix.
If the problem is a configuration issue, then someone from the help desk might need to go down and change the settings.
Alternatively, the solution could be that the printer paper tray is jammed, the printer has run out of paper, or the printer has run out of ink or toner. These are problems that the user could probably fix themselves, or they could ask the Operations Manager to do it for them.
6. I deleted an essential file!
Sometimes users accidentally delete important files from their computer, which is enough to make anyone tear their hair out. All that work is lost and they worry that they can’t get it back.
But it’s not the end of the world. Often, these files can be recovered from the recycle bin or the trash, but other times it may have been emptied and it’s a little more difficult to get these files back.
First check whether the user’s file is in the recycle bin. Secondly, get the user to search for the file on the system using the file name and if it’s located anywhere on your device then you should be able to find it. Meanwhile, stop using your system for any other task to reduce the risk of your data being overwritten.
If it isn’t anywhere on the system, you may be able to recover the file for the user from the server backup.
7. I forgot to save my work!
Working for hours on a document and closing it but forgetting to save your changes is one of the reasons users might be sent into a panic spiral, and quickly contact the help desk.
It should be easy enough to recover the work if the user has been using Microsoft 365. The Autorecover feature saves work automatically, and this should be enabled by default.
Microsoft Office will periodically save a version of your work in the background every ten minutes, so all you need to do is reopen the application you were using and access the file on the left-hand sidebar.
If you can’t find a saved version of your work, you can search your computer for a temporary version of your file.
8. Slow internet connection
There are many reasons why the wifi connection might be slow for users, the first of which might be their distance from the router. Another reason could be that the user has many browser windows open at the same time which will slow down their internet connection.
Fixing these problems is relatively easy. First of all, you could move closer to the router. Secondly, you could try closing down some of your windows and see if the internet speeds up.
A slow internet connection is more of a problem if there is an issue with your internet service provider. You should check to see whether anyone else is experiencing problems. If it’s a service issue, the help desk may be able to contact the company about connectivity.
9. The computer just shut down!
Another reason that users contact the help desk is having their computer shut down on them, which can be alarming and cause loss of work.
If your computer shuts down unexpectedly the most likely cause is the hardware overheating. When the device gets too hot, it shuts down to prevent further damage to the machine. Make sure you are using your computer on a cool, flat surface and that it is free of dust.
In the case that overheating isn’t the reason, the computer may be afflicted with a virus. The user should contact the help desk straight away to get help with minimizing the risk and preventing cyber attacks in the future.
10. Losing access to the wireless network
It’s frustrating when the wireless network at your office boots you out for no apparent reason. Internet connectivity is essential for many jobs today and not being able to connect majorly disrupts productivity.
If a user is having trouble connecting to the network then this could be because the router is overloaded. In many cases, the same issues that lead to slow internet can result in losing wireless signal entirely.
To check whether this is an issue with the specific device, a user could be asked to try and connect with a different device in order to troubleshoot the problem. If it’s not device specific, the help desk could contact the broadband provider for assistance.
The reasons that businesses need help desk software
To make sure your business is able to handle these typical help desk issues, you not only need a highly skilled support team but also the right help desk software. A help desk solution like Keeping will allow you to handle all your incoming requests and keep on top of user conversations.
No matter whether your users are contacting you about internet speeds or connecting a USB device, help desk software keeps all your tickets in one place in a shared inbox. You’ll never lose track of a user conversation again and be able to work out if your tickets are open, pending or closed.
In help desk software, you can track agent performance with in-built analytics that tell you how swiftly agents are responding to user issues. You can also keep track of how many tickets are coming into the help desk so you can plan your staffing accordingly.
Alongside your help desk software, you can think about creating a self-service knowledge base that will help your users to troubleshoot their own problems. Every help desk agent knows only too well how many problems could be solved by users themselves, if only they knew where to look. Think about investing in a help center that deals with common user issues, and prevent many tickets from arriving in the help desk.
In summary
Troubleshooting user issues means the help desk plays a very important role in maintaining the productivity of every team. Without the assistance of the help desk, users may not have access to the software and hardware they need to do their jobs.
As any help desk team very well knows, there are a variety of user issues that can arrive on any given day. It’s clear, however, that certain issues crop up over and over again, and that’s what we’ve tried to list here in this article.
When most problems are known to the help desk, this can accelerate the help desk’s ability to solve user issues. If they belong to typical categories, the solutions are the same every time and support knows exactly what to do to help users. Users will appreciate this outstanding customer service and are able to continue on with their day.
A password is a standard way of authenticating access to digital services and systems. It is supposed to be secret to ensure that only the account owner or those granted rights can view or modify important data. Unfortunately, there are individuals who can be lazy in safekeeping passwords, making their accounts vulnerable to hacking and other attacks.
With the following password statistics, we can see how crucial it is to elect a strong password. Furthermore, there are figures that show how important it is to have proper IT security software for organizational and personal uses.
General Cybersecurity Statistics
Internet users trust enterprises to protect their accounts. Unfortunately, there remain security holes that can lead to breaches. For example, in May 2018, a bug on Twitter stored passwords in plain text.
People can have as many as 85 passwords for all their accounts. (Cnet, 2020)
336 million users were affected by a Twitter bug that saved passwords in plain text. (SecureLink, 2021)
70% of consumers are concerned about being a target of a cyberattack. (SecureLink, 2021)
Having eight characters in a string makes for a strong password though longer logins are much better. (Cnet, 2020)
A 12-character password is 62 trillion times more difficult to crack compared to a 6-character password. (Scientific American, 2019)
But a truly strong password would be a 16-character password derived from a set of 200 characters. (Scientific American, 2019)
One-third of malware breaches are caused by password dumper malware. (Verizon, 2020)
Multi-factor authentication blocks 99.9% of all attacks. (Microsoft, 2020)
Password Breach Statistics
The latest cybercrime statistics show that 1.67% of Android malware are password Trojans. The following password breach statistics also demonstrate that there are a variety of ways that cyberattackers can access accounts or obtain passwords.
Hackers have published as many as 555 million stolen passwords on the dark web since 2017. (Cnet, 2020)
27% have tried to guess other people’s passwords. (Google, 2019)
17% have managed correct guesses. (Google, 2019)
80% of hacking incidents are caused by stolen and reused login information. (Verizon, 2020)
81% of company data breaches are caused by poor passwords. (TraceSecurity)
Hacking attacks using scripts that try to guess usernames and passwords happen every 39 seconds, globally. (WebsiteBuilder.org, 2021)
Password Management Statistics
Most Popular Passwords
Passwords should be unique to prevent unauthorized access. However, there are exact passwords or password variations that are popular.
The second most-used year in passwords is the year 1987 with almost 8.4 million variations. (Cybernews, 2021)
1991 is the third most popular year used in passwords. It has nearly 8.3 million recorded use. (Cybernews, 2021)
Of the 2.2 billion passwords analyzed, 7% contained curse words. (Cybernews, 2021)
“Ass” is used in 27 million passwords, making it the most popular curse word in passwords. (Cybernews, 2021)
“Sex” only has over 5 million uses in passwords. (Cybernews, 2021)
The “F” word is present in below 5 million passwords. (Cybernews, 2021)
“Abu” is the most used city in passwords, with 2.3 million iterations. It most likely stands for UAE’s Abu Dhabi. (Cybernews, 2021)
Password-Making Habits
People have their own habits when making passwords. But surprisingly, there are habits that span the globe when it comes to creating passwords for online services.
Around 50% of Internet users still use the same password for all their accounts. (LastPass, 2021)
Older people aged 50+ are more likely to use unique passwords for each online service. (Comparitech, 2020)
60% of people say they get lazy when creating passwords so they use the same passwords often. (MSN, 2021)
Disturbingly, 19% of adults in France use one or two passwords for all or almost all of their online accounts. (Proofpoint, 2020)
But the case is worse in Japan, as 21% of respondents from the country have the same habit or attitude in password management. (Proofpoint, 2020)
Admirably, 40% of respondents from Germany manually enter a different password for every account they have. (Proofpoint, 2020)
44% of US respondents use a password manager to take care of their accounts. (Proofpoint, 2020)
33% of respondents from Spain and Germany rotate the use of 5 to 10 passwords. (Proofpoint, 2020)
Two-thirds of people make new passwords that are similar to the ones they already have. (MSN, 2021)
35% of respondents choose convenience over security when electing a password. (SecureLink, 2021)
Common Passwords
Twenty-four percent of Americans have used the following common passwords or another form:
abc123
Password
123456
Iloveyou
111111
Qwerty
Admin
Welcome
Password Practice at Work
Work and personal accounts should be kept separate for security purposes. However, there are still a large number of people who use the same passwords for work and personal logins. On top of that, some workers and even organizations can be lax with regard to password sharing in the workplace. A few password reuse statistics also show that people can fall into the bad habit of reusing passwords across many accounts.
31% of workers use their child’s name or birthday for their passwords. (Keeper Security, 2021)
44% of workers reuse passwords across personal and work-related accounts. (TechRepublic, 2021)
14% of professionals have shared their work passwords with a partner. (TechRepublic, 2021)
11% have done the same with a family member. (TechRepublic, 2021)
34% have shared passwords with colleagues in the same group. (TechRepublic, 2021)
46% of workers said that their company disseminates login information for accounts being used by several individuals. (TechRepublic, 2021)
57% of workers write down passwords on sticky notes. (Keeper Security, 2021)
62% share passwords via SMS and email. (Keeper Security, 2021)
49% note passwords in unprotected plain-text documents. (Keeper Security, 2021)
A report shows that employees reuse passwords 13 times on average. (LastPass, 2019)
59% of companies have more than 500 passwords that do not expire. (Varonis, 2021)
Password Requirements
Online services require users to create unique and strong passwords. In the process, organizations present certain password requirements that users must meet. Apart from that, they necessitate users to change their passwords frequently.
Organizations in the finance sector require users to change passwords 7.17 times per year. However, the frequency of actual password changes is 7.33. (MobileIron & EMA, 2019)
High technology is another sector where the actual frequency of password changes is higher compared to the required frequency (7.62 times vs. 5.07 times). (MobileIron & EMA, 2019)
Professional services require password change at least 7.03 times per year but people only do it 4.6 times in a year. (MobileIron & EMA, 2019)
Changing Passwords
37% of EU respondents changed their email passwords in the last 12 months. (European Commission, 2020)
For mobile banking, 30% of EU residents made changes to their passwords in the same period. (European Commission, 2020)
Online games get the least attention for password security, with only 7% changing passwords in the past 12 months. (European Commission, 2020)
Concerningly, 31% have not changed passwords for any online service they use during the time. (European Commission, 2020)
Only 1 in 5 Americans would change their passwords even after finding out about a bug or a security incident. (SecureLink, 2021)
57% of individuals share their passwords with a significant other but only 11% change their passwords after a breakup. (Google, 2019)
34% of Americans change their passwords regularly. (Google, 2019)
78% of people had to reset their password in the last three months. Among those, 57% had to do it for work while 78% had to do it for their personal accounts. (Comparitech, 2020)
Will passwords die?
Passwords are a major security problem. Despite that, and the numerous authentication models that have been developed, they continue to be ubiquitous. A report once predicted that there would be over 300 billion passwords in use by 2020. That forecast may have come to pass. And that means there are now more than 300 billion passwords at risk.
As the password statistics above showed, even strong passwords can fail. Fortunately, there are safeguards such as multi-factor authentication. Nevertheless, even that is not completely foolproof as cyber attackers have ways to go around or intercept one-time passwords. That is why it is best to always have unique sets of characters for each online service for high security. This means to say people should not reuse passwords or use ones that can be easily guessed by others like birthdays and children’s names.
Moreover, individuals and organizations have to be on guard against cybercrime trends. While new types of cyberthreats do not surface often, various cybercrimes can be popular at any point depending on the situation. Case in point, phishing has become more common because of the COVID-19 pandemic. Thus, everyone must be on guard and take steps to improve cybersecurity.
References:
Colby, C., & Profis, S. (2020, August 6). 9 rules for strong passwords: How to create and remember your login credentials. Cnet.
Neveux, E. (2021, January 20). Consumer password habits: Concerning, not surprising. SecureLink.
Delahaye, J. (2019, April 12). The mathematics of (hacking) passwords. Scientific American.
Ponemon Institute. (2020). The 2020 state of passwords and authentication security behaviors report. Businesswire.
Google, & Harris Poll. (2019, October 6). The United States of P@ssw0rd$. Google.
Verizon. (2020, May 19). SMB data breach statistics. Verizon.
TraceSecurity. (2018, August 14). 81% of company data breaches due to poor passwords. TraceSecurity.
WebsiteBuilder.org. (2021, March 20). 30 key cybersecurity statistics to be aware of in 2021. WebsiteBuilder.org.
Weinert, A. (2020, August 3). Your Pa$$word doesn’t matter. Microsoft.
Crafford, L. (2021, January 25). 7 bad password habits to break now. LastPass.
Varonis. (2021, 1). 2021 data risk report: Financial services. Varonis.
O’Driscoll, A. (2020, August 28). 25+ password statistics that may change your password habits. Comparitech.
Meyer, B. (2021, April 9). Most common passwords: Latest 2021 statistics. Cybernews.
Proofpoint. (2020, January). State of the Phish 2020. Proofpoint.
The Wake Up. (2021, April 10). Your habits on passwords. MSN.
Whitney, L. (2021, April 6). How poor password habits put your organization at risk. TechRepublic.
Jenny Chang is a senior writer specializing in SaaS and B2B software solutions. Her decision to focus on these two industries was spurred by their explosive growth in the last decade, much of it she attributes to the emergence of disruptive technologies and the quick adoption by businesses that were quick to recognize their values to their organizations. She has covered all the major developments in SaaS and B2B software solutions, from the introduction of massive ERPs to small business platforms to help startups on their way to success.
Microsoft moves ahead with a plan to sunset basic authentication, and other providers are moving — or have moved — to requiring more secure authentication as well. Is your company ready?
Microsoft and major cloud providers are starting to take steps to move their business customers toward more secure forms of authentication and the elimination of basic security weaknesses — such as using usernames and passwords over unencrypted channels to access cloud services.
Microsoft, for example, will remove the ability to use basic authentication for its Exchange Online service starting Oct. 1, requiring that its customers use token-based authentication instead. Google meanwhile has auto-enrolled 150 million people in its two-step verification process, and online cloud provider Rackspace plans to turn off cleartext email protocols by the end of the year.
The deadlines are a warning to companies that efforts to secure their access to cloud services can no longer be put off, says Pieter Arntz, malware intelligence researcher at Malwarebytes, who penned a recent blog post highlighting the coming deadline for Microsoft Exchange Online users.
“I think the balance is shifting to the point where they feel they can convince users that the extra security is in their best interest, while trying to offer solutions that are still relatively easy to use,” he says. “Microsoft is often a trendsetter and announced these plans years ago, but you will still find organizations straggling and struggling to take the appropriate measures.”
Identity-Related Breaches on the Rise
While some security-conscious companies have taken the initiative to secure access to cloud services, others have to be prodded — something that cloud providers, such as Microsoft, are increasingly willing to do, especially as companies struggle with more identity-related breaches. In 2022, 84% of companies suffered an identity-related breach, up from 79% in the previous two years, according to the Identity Defined Security Alliance‘s “2022 Trends in Securing Digital Identities” report.
Turning off basic forms of authentication is a simple way to block attackers, which are increasingly using credential stuffing and other mass access attempts as a first step to compromising victims. Companies with weak authentication leave themselves open to brute-force attacks, abuse of reused passwords, credentials stolen through phishing, and hijacked sessions.
And once attackers have gained access to corporate email services, they can exfiltrate sensitive information or conduct damaging attacks, such as business email compromise (BEC) and ransomware attacks, says Igal Gofman, head of research for Ermetic, a provider of identity security for cloud services.
“The use of weak authentication protocols, especially in the cloud, can be very dangerous and lead to major data leaks,” he says. “Nation-states and cybercriminals are constantly abusing weak authentication protocols by executing a variety of different brute-force attacks against cloud services.”
The benefits of shoring up the security of authentication can have immediate benefits. Google found that auto-enrolling people in its two-step verification process resulted in a 50% decrease in account compromises. A significant portion of companies that suffered a breach (43%) believe that having multifactor authentication could have stopped the attackers, according to the IDSA’s “2022 Trends in Securing Digital Identities” report.
Edging Toward Zero-Trust Architectures
In addition, cloud and zero-trust initiatives have driven the pursuit of more secure identities, with more than half of companies investing in identity security as part of those initiatives, according to the IDSA’s Technical Working Group, in an email to Dark Reading.
For many companies, the move away from simple authentication mechanisms that rely on merely a user’s credentials has been spurred by ransomware and other threats, which have caused companies to look to minimizing their attack surface area and hardening defenses where they can, the IDSA’s Technical Working Group wrote.
“As the majority of companies accelerate their zero-trust initiatives, they are also implementing stronger authentication where feasible — although, it is surprising that there are still some companies struggling with the basics, or [that] haven’t yet embraced zero trust, leaving them exposed,” researchers there wrote.
Obstacles to Secure Identities Remain
Every major cloud provider offers multifactor authentication over secure channels and using secure tokens, such as OAuth 2.0. While turning on the feature may be simple, managing secure access can lead to an increase in work for the IT department — something for which businesses need to be ready, says Malwarebytes’ Arntz.
Companies “sometimes fail when it comes to managing who has access to the service and which permissions they require,” he says. “It is the extra amount of work for IT staff that comes with a higher authentication level — that is the bottleneck.”
Researchers at the IDSA’s Technical Working Group explained that legacy infrastructure is also a hurdle.
“While Microsoft has been in the process of moving their authentication protocols forward for some time, the challenge of migrating and backward compatibility for legacy apps, protocols, and devices has delayed their adoption,” they noted. “It’s good news that the end is in sight for basic auth.”
Consumer-focused services are also slow to adopt more secure approaches to authentication. While Google’s move has improved security for many consumers, and Apple has enabled two-factor authentication for more than 95% of its users, for the most part consumers continue to only use multifactor authentication for a few services.
While almost two-thirds of companies (64%) have identified initiatives to secure digital identities as one of their top three priorities in 2022, only 12% of organizations have implemented multifactor authentication for their users, according to the IDSA’s report. However, firms are looking to provide the option, with 29% of consumer-focused cloud providers currently implementing better authentication and 21% planning on it for the future.
Lily Hay Newman
From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.
Whether the first six months of 2022 have felt interminable or fleeting—or both—massive hacks, data breaches, digital scams, and ransomware attacks continued apace throughout the first half of this complicated year. With the Covid-19 pandemic, economic instability, geopolitical unrest, and bitter human rights disputes grinding on around the world, cybersecurity vulnerabilities and digital attacks have proved to be thoroughly enmeshed in all aspects of life.
With another six months left in the year, though, there’s more still to come. Here are the biggest digital security debacles that have played out so far.
For years, Russia has aggressively and recklessly mounted digital attacks against Ukraine, causing blackouts, attempting to skew elections, stealing data, and releasing destructive malware to rampage across the country—and the world. After invading Ukraine in February, though, the digital dynamic between the two countries has changed as Russia struggles to support a massive and costly kinetic war and Ukraine mounts resistance on every front it can think of. This has meant that while Russia has continued to pummel Ukrainian institutionsandinfrastructure with cyberattacks, Ukraine has also been hacking back with surprising success. Ukraine formed a volunteer “IT Army” at the beginning of the war, which has focused on mounting DDoS attacks and disruptive hacks against Russian institutions and services to cause as much chaos as possible. Hacktivists from around the world have also turned their attention—and digital firepower—toward the conflict. And as Ukraine launches other types of hacks against Russia, including attacks utilizing custom malware, Russia has suffered data breaches and service disruptions at an unprecedented scale.
The digital extortion gang Lapsus$ went on an extreme hacking bender in the first months of 2022. The group emerged in December and began stealing source code and other valuable data from increasingly prominent and sensitive companies—including Nvidia, Samsung, and Ubisoft—before leaking it in apparent extortion attempts. The spree reached its zenith in March when the group announced that it had breached and leaked portions of Microsoft Bing and Cortana source code and compromised a contractor with access to the internal systems of the ubiquitous authentication service Okta. The attackers, who appeared to be based in the United Kingdom and South America, largely relied on phishing attacks to gain access to targets’ systems. At the end of March, British police arrested seven people believed to have associations with the group and charged two at the beginning of April. Lapsus$ seemed to briefly continue to operate following the arrests but then became dormant.
In one of the most disruptive ransomware attacks to date, Russia-linked cybercrime gang Conti brought Costa Rica to a screeching halt in April—and the disruptions would last for months. The group’s attack on the country’s Ministry of Finance paralyzed Costa Rica’s import/export businesses, causing losses of tens of millions of dollars a day. So serious was the attack that Costa Rica’s president declared a “national emergency”—the first country to do so because of a ransomware attack—and one security expert described Conti’s campaign as “unprecedented.” A second attack in late May, this one on the Costa Rican Social Security Fund, was attributed to the Conti-linked HIVE ransomware and caused widespread disruptions to the country’s health care system. While Conti’s attack on Costa Rica is historic, some believe that it was meant as a diversion while the gang attempts to rebrand to evade sanctions against Russia over its war with Ukraine.
As the cryptocurrency ecosystem has evolved, tools and utilities for storing, converting, and otherwise managing it have developed at breakneck speed. Such rapid expansion has come with its share of oversights and missteps, though. And cybercriminals have been eager to capitalize on these mistakes, frequently stealing vast troves of cryptocurrency worth tens or hundreds of millions of dollars. At the end of March, for example, North Korea’s Lazarus Group memorably stole what at the time was $540 million worth of Ethereum and USDC stablecoin from the popular Ronin blockchain “bridge.” Meanwhile, in February, attackers exploited a flaw in the Wormhole bridge to grab what was then about $321 million worth of Wormhole’s Ethereum variant. And in April, attackers targeted the stablecoin protocol Beanstalk, granting themselves a “flash loan” to steal about $182 million worth of cryptocurrency at the time.
Health care providers and hospitals have long been a favorite target of ransomware actors, who look to create maximum urgency to entice victims to pay up in the hopes of restoring their digital systems. But health care data breaches have also continued in 2022 as criminals pool data they can monetize through identity theft and other types of financial fraud. In June, the Massachusetts-based service provider Shields Health Care Group disclosed that it suffered a data breach throughout much of March impacting roughly 2 million people in the United States. The stolen data included names, Social Security numbers, birth dates, addresses, and billing information, as well as medical information like diagnoses and medical record indicators. In Texas, patients of Baptist Health System and Resolute Health Hospital announced a similar breach in June that exposed similar data, including Social Security numbers and sensitive patient medical information. Both Kaiser Permanente and Yuma Regional Medical Center in Arizona also disclosed data breaches in June.
At the beginning of June, the US Cybersecurity and Infrastructure Security Agency warned that Chinese government-backed hackers had breached a number of sensitive victims worldwide, including “major telecommunications companies.” They did so, according to CISA, by targeting known router vulnerabilities and bugs in other network equipment, including those made by Cisco and Fortinet among other vendors. The warning did not identify any specific victims, but it hinted at alarm over the findings and a need for organizations to step up their digital defenses, especially when handling massive quantities of sensitive user data. “The advisory details the targeting and compromise of major telecommunications companies and network service providers,” CISA wrote. “Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked.”
Separately, hackers likely conducting Chinese espionage breached News Corp in an intrusion that was discovered by the company on January 20. Attackers accessed journalists’ emails and other documents as part of the breach. News Corp owns a number of high-profile news outlets, including The Wall Street Journal and its parent, Dow Jones, the New York Post, and several publications in Australia.
Just days after a consequential US Supreme Court decision at the end of June pertaining to concealed-carry permit laws, an unrelated data breach potentially exposed the information of everyone who applied for a concealed-carry permit in California between 2011 and 2021. The incident impacted data including names, ages, addresses, and license types. The breach occurred after a misconfiguration in the California Department of Justice 2022 Firearms Dashboard Portal exposed data that should not have been publicly accessible. “This unauthorized release of personal information is unacceptable and falls far short of my expectations for this department,” state attorney general Rob Bonta said in a statement. “The California Department of Justice is entrusted to protect Californians and their data. We acknowledge the stress this may cause those individuals whose information was exposed. I am deeply disturbed and angered.”
Wired, July 4, 2022
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Catherine Heath, Guest Contributor 
By Jenny Chang
