When it comes to tech scares, boogeyman comes in the form of a hack. These malicious attacks, often carried out from hundreds of miles away, have the ability to bring the tech giant to its knees in a matter of minutes. These malicious attacks can completely destroy public trust in companies, while exposing thousands and even millions of devices and people to identity theft, leaking of sensitive images or information, loss of revenue, and even permanent damage to hardware. When you consider this, it is not surprising that most companies with any sensitive data stored on their servers shudder at the thought of a full-scale and unstoppable hack into their systems.
But what’s a good horror story without a few unfortunate victims to underscore the real danger? To show you just how bad it is (and to welcome you in the new year), here are the 5 scariest hacks of 2022.
Log4Shell
Starting the new year with a bang, Log4Shell has been described as “design failure of catastrophic proportions”, Log4Shell is a vulnerability in the Java-based logging library Apache Log4j2, and has security experts really really worried.
Log4Shell is a major threat to most Internet companies because hackers can take advantage of it to execute code inside these enterprise systems. While the company has started implementing the fix, each separate entity will have to handle it on their own, based on their own servers and systems. This means fixes won’t be applied all at once, putting more people at risk.
Colonial Pipeline
In May 2021, a major oil pipeline in the US was held for ransom by hackers. Sound like a new Bruce Willis movie? Colonial Pipeline owners just hope that’s the case
The ransomware attack effectively took the company hostage and fueled millions of people by affecting the pipeline’s computerized equipment management system.
In a panic, Colonial Pipeline paid a ransom of $5 million to the organization responsible for the hack. While the government is able to close about half of that money, hacks show how vulnerable many large companies are to attacks–and how badly they affect the public.
acceleration
The Accellion breach started out as multiple vulnerabilities before becoming what Wired describes as “global blackmail“. Starting in late December 2021, Accellion breaches are financially motivated attacks targeting organizations. Hackers threaten to sell encrypted data unless they are paid.
While Accellion initially claimed that the vulnerability was patched within 72 hours, they later had to retract and explain that a new vulnerability had been discovered. Impact on large organizations such as The Reserve Bank of New Zealand, Kroger, Trillium, Harvard Business School, CSX, and much more, Accellion’s breach served to boost ransom demands in similar attacks.
Hacking With NSO Group Tools
Over the years, Israeli spyware developer NSO Group has launched highly effective and aggressive hacking tools that target Android and iOS devices. While the NSO Group is a lucrative and top-of-the-line technology company, its development and abuse continues to worry and shock the cybersecurity world. In fact, the company’s products have been abused by their customers so that NSO Group is now face sanctions, lawsuits, and perhaps even an uncertain future.
What hacking with NSO Group’s tools has shown to the world is that private businesses can—and will—produce hacking tools that have the ingenuity and technological sophistication to rival governments—and wipe out dissidents.
JBS USA
Big meat supplier JBS USA spends around $11 million USD in 2021 on ransomware hackers. The attack, led by REvil, a Russian-speaking hacking gang, resulted in meat factories across the US and Australia shutting down for a day to try to control the leak. Cybersecurity Sydney and other cybersecurity firms across Australia are on high alert for further attacks, given this hack comes after the massive ransom payment Colonial Pipeline recently completed.
The hack resulted in delivery delays and meat shortages. While the government has long recommended that businesses not pay their attackers, the CEO of JBS defended his decision, saying they did to protect their customers.