A cyber attack is always scary, but 2022 saw the severity of cyber crimes reach all-new heights. The average cost of a data breach in the U.S. hit $9.44 million, and healthcare – for the 12th consecutive year was the biggest sufferer. Which were some of the most terrifying and debilitating cyber attacks this year? Here is our Halloween special roundup.

1. Russian hacker group Conti cripples Costa Rica

In April, the Russian-affiliated cybergang known as Conti successfully disrupted the banking operations of Costa Rica. They successfully assaulted the Finance Ministry and crippled Costa Rica’s import/export industry. The declaration of a national crisis was unprecedented for a ransomware assault.

Late in May, there was a second attempt that attack the Social Security Fund. This has also been connected to Conti due to the usage of the Hive ransomware, whose creation he/she is associated with. As Halloween comes around, it is a good time to remind ourselves of the truly scary and severe impacts that concerted cyber-attacks may have.

2. Clop brings Windows systems to a halt

Ransomware is malicious software that encrypts your data until you pay the hackers a ransom. “Clop” is among the most recent and dangerous ransomware attacks. It is a variation of the notorious CryptoMix ransomware, which attacks Windows users often.

Before encrypting your data, the Clop ransomware stops over 600 Windows processes and various Windows 10 programs, notably Windows Defender and Microsoft Security Essentials, leaving users with little hope of preserving their data.

Since its debut, the Clop ransomware has progressed towards attacking large networks rather than simply individual machines. Even Maastricht University in the Netherlands fell prey to the Clop ransomware, which encrypted almost all Windows PCs on the university’s network and demanded payment. Halloween is when we should remember the scary effects of cybercrime on regular users who may not always pay the necessary attention to device security.

3. Ransomware group Lapsus$ threatens to leak Nvidia data

In February of 2022, the biggest semiconductor chip manufacturer in the world was hacked by a ransomware outbreak. The organization verified that the malicious actors had begun exposing employee credentials and sensitive data online.

Lapsus$, a ransomware organization, claimed credit for the assault and stated they had possession of 1 terabyte of exfiltrated organizational data that they would release online. In addition, it requested a million dollars and a portion of an undetermined sum from Nvidia. Nvidia promptly reacted to the ransomware assault by bolstering its security and instantly enlisting cyber incident response professionals to limit the problem.

Halloween reminds us that not even the biggest companies are immune to the fear caused by cyber attacks, and it is important to have a tactical response always in place, like Nvidia.

4. Portal misconfigurations lead to a data breach and cause a scare

Just days after a significant US Supreme Court ruling on concealed-carry permit legislation at the end of June, an unrelated data breach may have exposed the personal information of everyone who registered for a concealed-carry permit in California between 2011 and 2021.

The breach compromised information, including names, ages, residences, and license types. A malfunctioning in the Dashboard Portal of the California Department of Justice 2022 Firearms disclosed information that should not have been available to the public. Private and public sector organizations should take this time between Halloween and quarter-end to shore up security systems and prevent such incidents from happening in 2022.

5. Uber suffers a scary hack with purely malicious intent

Uber, one of the world’s top companies, realized they had been hacked in mid-September 2022. In the company’s Slack channel, the hacker said, “I am a hacker, and Uber has experienced a data breach,” followed by multiple emojis. This prompted the corporation to disable its internal communications and technical equipment in order to investigate the situation.

The hacker also claimed to be capable of breaking into many corporate databases, including message data. Uber notified the authorities after discovering that a hacker had infiltrated an employee’s account. Uber has previously experienced cyber attacks and failed to notify it, resulting in a legal dispute and a fine of thousands of dollars. This time, they were forthright and took efforts to prevent a similar issue from occurring again.

To avoid such scares during Halloween, the holiday season, and around the year, companies need threat intelligence and root cause analysis capabilities that work in tandem with legal teams.

6. Drones attack an (unnamed) financial firm in the U.S.

In 2022, a financial institution on the East Coast of the United States that specialized in private investments spotted some strange activity on its internal Atlassian Confluence site. Security personnel determined that the activity came from their own network. The incident responders subsequently conducted integrated Wi-Fi tracing to determine the source of the copycat signal.

Wi-Fi tracking took the crew to the top of the building, where they discovered two different DJI drones. One of these was carrying a customized Wi-Fi Pineapple (a device used by security for penetration testing) that impersonated the Wi-Fi network to which employees normally connected. In one instance, an employee’s device connected to the Wi-Fi Pineapple-powered counterfeit Wi-Fi network, and attackers were able to capture the data, which also included user login information and Wi-Fi details.

The fear factor associated with Halloween also recalls how new technology can bring unexpected risks, like the use of drones to physically breach corporate networks.

7. Metaverse game, Axie Infinity Ronin Bridge, gets hacked to the tune of $ 625 million

In March of 2022, the greatest crypto hack ever measured in fiat currency occurred. The bulk of the crypto keys safeguarding the play-to-win game’s cross-chain bridge was compromised by hackers. 4 of the 9 keys were taken after an Axie developer opened a PDF containing a bogus employment offer. The Ronin Bridge was subsequently restored with more validators, but the game is losing users at an alarming rate.

On the occasion of Halloween 2022, let us remember that no technology – even crypto – is fully immune to cyber criminals, and without constant vigilance, it may cost us precious business.

8. Hackers commit cybercrime and expose financial data to condemn Freedom Convoy protests

The hijacking of the Christian fundraising website GiveSendGo in February occurred in relation to the Ottawa truckers’ demonstrations. It jeopardized the personal information of anyone who contributed to their finances.

As part of a Distributed Denial of Service (DDoS) assault, the hackers changed the donation website to a page condemning the Freedom Convoy demonstrations. The private details of the 90,000 contributors who had donated to the campaign through the GiveSendGo website was subsequently made public. This Halloween special cyber crime example reminds us that activists may commit cyber attacks often without a financial motive, and consumer payment systems must be made doubly secure.

These eight scary events are telling: cyber attacks will become increasingly more common in a digital, hyperconnected world, and it is important not to get caught off guard. Halloween means that we are nearing the end of the year and must start preparing our defenses for 2023. To learn how make sure to check out our guide on Ransomware: The Path Ahead.