There is, unfortunately, no shortage of cyberattacks and breaches. With countless nefarious actors looking to exploit threats in cybersecurity, it can be difficult to keep track of the latest in cybersecurity news. While a breach or attack is never a good thing, much can be learned from the major cyberattacks of 2022 that can help you improve your own cybersecurity.
The Ronin NFT Game Attack
The Ronin network is a blockchain gaming platform that utilizes cryptocurrency. One of their games, Axie Infinity, which allows users to earn crypto and NFTs, was the target of a major attack confirmed by the Ronin network in March 2022.
According to CPO Magazine, Axie Infinity identified signs of social engineering as the source of the attack rather than vulnerability in the code. The attack resulted in the theft of 173,600 Ethereum and 25.5 million USD Coin.
Worse yet, signs indicate that the NFT game was breached long before the Ronin network. It’s believed that the breach began in November 2021 before the Ronin network confirmed the breach in March 2022, Techradar.pro writes.
The lesson to take away from the Ronin attack is a simple one. When the network overflowed with new players, the company dialed back their cybersecurity protocols so the servers could better handle the quickly growing audience.
However, reduced protocols become a major threat in cybersecurity. As a result, the vulnerabilities were exploited and millions of dollars worth of cryptocurrency were stolen. It’s never a good time to scale back on security protocols. A company’s aim should always be to improve their cybersecurity measures, without reducing efforts elsewhere.
The Crypto.com Wallet Breach
Crypto.com is one of the leading cryptocurrency exchanges that enables users to buy, sell or trade their cryptocurrency. Each user’s cryptocurrency is housed in a wallet protected by Crypto.com. However, in January 2022, $18 million of Bitcoin and $15 million of Ethereum were stolen from users’ crypto wallets.
According to Techradar.pro, thieves managed to steal millions worth of cryptocurrency by circumventing Crypto.com’s two-factor authentication. While Crypto.com initially downplayed the hack, the company reimbursed affected users days later.
Crypto.com has not explained exactly how the two-factor authentication was circumvented. In response to the hack, they revoked customer two-factor authentication tokens and put additional security hardening measures in place.
Now, Crypto.com requires owners to wait 24 hours before using a new withdrawal address to prevent future attacks and improve their cybersecurity. The company also shifted away from two-factor authentication in favor of true multi-factor authentication; however, they have not expanded further on their plans.
The Red Cross Data Breach
The International Committee of the Red Cross (ICRC) works across the globe, providing assistance and support to those affected by conflict and armed violence.
In January 2022, a third-party contractor for the Swiss-based ICRC was hit by a major supply chain attack. Hackers were able to walk away with the data of over half a million people, including vulnerable people the Red Cross serves, as well as its staff, volunteers and first responders. It is considered one of the largest data breaches of all humanitarian organizations to date, Techradar.pro writes. According to ICRC itself, the hackers exploited their unpatched critical vulnerability in an authentication module. This breach allowed hackers to deploy offensive security tools, disguising them as users or administrators.
In response to the major breach, the Red Cross worked with ICRC delegations and Red Cross and Red Crescent societies on the ground to identify those affected and to inform them of the compromised data, protective measures and potential risks they may face.
Software supply chains can be safeguarded against malware attacks and reduce software vulnerabilities.
According to Microsoft, it’s essential to set a high standard of software assurance, manage security risks in third-party components and screen software suppliers to identify whether they provide malware protection, detection and determine the cyber and physical access controls.
How to Prevent Cyber Attacks at Work
These major breaches were all avoidable, and there’s a lot you can do in the workplace to avoid similar problems. Fortunately, you aren’t alone in figuring out how to prevent a hack. The best place to start is hiring proven cybersecurity experts.
Consider TAG Solutions for your Albany, NY IT and cybersecurity needs. We take a proactive, individualized approach to each client’s specific cybersecurity needs. That way, we can address your most significant vulnerabilities at an affordable cost. Contact us today for more information!