Cybersecurity: new threats, war and struggles, our 2022 report

Alexandre Fiannaca

December 27, 2022 at 6:18 p.m.


Cybersecurity 2022 © Shutterstock x

© Shutterstock / Clubic

The year 2022 is coming to an end, and it’s time to look back a bit. Returning to the highlights in terms of online security, it is clear that the last 365 days have not been easy!

Has there been a single day without at least one security or privacy post on Clubic this year? To tell the truth, there have been. But very little. Threats, there have been many. Attacks? More and more… And these have new targets: individuals, companies, and even recently public and health establishments. Let’s take stock together of this year full of twists and turns.

New malware has emerged…

Malware proliferated as the months passed. Indeed, 2022 is far from being an exception on the… viral level. A new Trojan horse infested the iPhone in January while SysJoker tried the treble by attacking Windows, MacOS and Linux at the same time. Followed by RedLine Stealer, Xenomorph, ChromeLoader, CloudMensis…

It is impossible to name them all or to dwell on their misdeeds in detail. But one thing is certain: in 2022, no type of equipment or operating system has been able to enjoy an hour of serenity.

… and old enemies have made their (re)appearance

Ten years. This is the record duration during which the powerful spyware Daxin has raged with impunity, revealed in broad daylight in 2022 by a team of researchers from Symantec. Also very long-lasting, a “zombie” fault on Safari was rediscovered after being exploited for… more than 5 years, before its use was definitively undermined by an Apple patch.

This year also saw yet another return of the now famous Sharkbot banking virus, cleverly concealed in applications from the Google Play Store. Not to mention the reappearance of a large number of ransomware that we thought was simply… buried.

computer malware threat © © Michael Geiger/Unsplash

The threats are sudden and exclude nothing and no one © Michael Geiger / Unsplash

Strategic cyberattacks have exploded

It would take hackers several lifetimes to design, perfect and deploy their programs on a large scale, but they are not discouraged. Evidenced by this year which was no exception in terms of their productivity.

But 2022 has above all marked the democratization of attacks against administrations and their means of defence. Thus, due to Russian-Ukrainian tensions, Ukrainian government websites suffered from the first cyberattacks in January, a sad harbinger of the future. Later, we considered the specter of an unprecedented cyberwar and the fate of France in this context. These questions seem legitimate, knowing that the number of attacks of all kinds has only increased in recent months.

Multinationals, SMEs and official organizations have been very hot…

No respite for companies around the world either. PrestaShop, NVIDIA, then Samsung and LastPass twice… The biggest names in tech have been hit by more or less large-scale attacks, or have seen flaws in their systems exploited.

Same thing on the side of airlines, hospitals or small and medium-sized businesses. All of them were the targets of much-talked-about ransomware at the end of the year. Finally, in France, Assurance Maladie, La Poste, Thales Group and Leboncoin also had scares in 2022. In essence, no one was spared.

… our phones too, by the way

They followed us every day, went through the strongest moments of the last 12 months with us. Our phones, those that contain so many photos, sensitive applications (finances, health, etc.) and confidential data have confirmed their invaluable nature in the eyes of hackers. And the latter have redoubled their means to monopolize such a windfall.

Some have tried to use the GPS function of smartphones to determine the position of their user. Others have used Apple’s beta testing feature to infect devices. Hundreds of pockmarked apps have also tried (and sometimes succeeded) to force their way through the cracks… In short, there was something for everyone in 2022. So much so that the first quarter of the year was already enough for attempts to spread mobile malware to explode by… 500%. Never seen.

But the struggle has intensified!

All of these cybersecurity breaches have come with (almost) as many attempts to foil them. Among them, there are many successes. Thus, in 2022, Google and Apple fixed various flaws, including several critical ones, to further secure their Android, iOS and MacOS operating systems. Same for Microsoft which deployed a summer patch in response to more than 100 flaws in Windows and Office. In the midst of the Russian-Ukrainian conflict, the American giant also indicated that it had disarmed malware targeting Ukraine in just a few hours. A feat.

By working together, authorities in more than 10 countries have managed to put an end to the actions of FluBot, one of the most widespread banking Trojans on Android. For its part, the National Information Systems Security Agency (ANSSI) has announced the creation of 7 cyber incident response centers in France. Located in different French regions, these CSIRTs (Computer Security Incident Response Team) are positioned as local support in the face of digital risks. A year placed under the sign of mutual aid, therefore.

The French Information Systems Security Agency is involved in a long-term fight © ANSSI

New threats are emerging: the circle is complete

Meanwhile, hackers continued to work without taking a single day off. By doing everything to stay one step ahead, they have perfected their methods and refined their discretion. In the game of cat and mouse, the creator of the threat is always, or almost, one step ahead.

As 2023 approaches, we realize that we are far from having seen everything. This new year should see the multiplication of social engineering, scams by SMS or telephone as well as threats on crypto-currencies… It is emerging as the association of archaic practices exploiting the inattention of users with advanced methods which will give the most seasoned researchers heat shots.

Source link -99