Published on 22 Dec 2022
CyberSense is a monthly bulletin by CSA that spotlights salient cybersecurity topics, trends and technologies, based on curated articles and commentaries. CSA provides periodic updates to these bulletins when there are new developments.
As 2022 comes to a close, this issue of CyberSense provides a summary of the key cybersecurity threats and trends observed over the past 12 months, and a taste of what to expect in 2023.
THE RUSSIA-UKRAINE CONFLICT: THE HACKTIVISM REVIVIAL & SPILLOVER EFFECTS
As the Russia-Ukraine conflict progressed, hacktivism emerged as the dominant malicious cyber activity with the indiscriminate targeting of critical infrastructure and assets, expanding to impact countries and entities that are not directly involved in the conflict. As the latter approaches the ten-month mark, several trends stand out:
Key Targets of Hacktivist Groups:
What to expect in 2023: Continued risk of collateral damage. Apart from a few isolated incidents (e.g. Viasat [1] ), most multi-national organisations or transnational infrastructure have been spared from cyber-attacks. However, a potential expansion of the conflict could see the deployment of worm-able malware, which carries the likelihood of spreading beyond the conflict and out of control, as seen in the 2017 NotPetya cryto-worm outbreak. Attacks can also escalate against operational technology (OT) systems, which play an integral role in managing and monitoring critical industrial processes, greatly increasing the risk of collateral damage.
Takeaways:
CRYPTOCRIME: HACKERS UNFAZED BY THE CRYPTO WINTER
Fuelled by the growing adoption of cryptocurrency and emergence of Decentralised Finance (DeFi), 2022 saw several major cyber-attacks targeting crypto-currency platforms. The fact that most cryptocurrencies have plunged in value since May 2022 notwithstanding, hacking and theft from crypto platforms continued unabated, with US$1.9 billion worth of cryptocurrency pilfered as of mid-2022 [2] .
Key Incidents:
Binance, the world’s largest cryptocurrency exchange, lost approximately US$570 million worth of Binance coins (BNB), when attackers exploited a vulnerability in the cross-chain bridge used by the exchange, allowing them to forge transactions and siphon off the BNBs. The exchange claimed it managed to freeze most of the funds, but with approximately US$100 million of BNB reportedly unrecoverable.
What to expect in 2023: Targeting of crypto-currency platforms to persist.Crypto-assets are likely to remain attractive targets, regardless of fluctuations in value. Coupled with their growing adoption for transactions, the trend of crypto-currency platforms being targeted by threat actors is very likely to continue.
Takeaways:
DATA BREACHES: BRAZENNESS OF CYBER EXTORTION & RANSOMWARE GANGS
Throughout 2022, cyber extortion gangs and ransomware groups like Lapsus$ and LockBit were actively targeting high-profile targets, from critical infrastructure to entire government systems, either stealing massive databases or disrupting operations. While data breaches are not new, this increased audacity and viciousness could spell a further upswing in the already-brutal cyber extortion/ ransomware trend.
Key Targets Observed:
What to expect in 2023: The Rise of Ransom for Reputation. With threat actors becoming more brazen, observers forecast a rise in “ransom for reputation”, where a target is extorted by the threat of publicising a fictional breach, preying on human gullibility of believing a claim based on possibly old, open-source data.
Takeaways:
For further details and mitigation measures, please refer to SingCERT's advisory on further tips for cybersecurity measures to be undertaken by an individual or businesses to manage your devices and online presence.
SOURCES INCLUDE:
Chainalysis, Crypto.com, Cyber Security Hub, Darkreading, Digital Shadows, Dragos, Flashpoint, Forbes, Infosecurity Media Group, ITP.net, Kaspersky, Malwarebytes, Mandiant, MIT Technology Review, Security Affairs, Thales group, Wired, ZDNET
[1] A cyber-attack against Viasat’s KA-SAT telecommunications satellite disrupted satellite internet services for subscribers not only in Ukraine, but across Europe.
[2] According to Chainalysis, as of mid-2022, US$1.9 billion worth of cryptocurrency has been stolen in hacks of services, compared to just under US$1.2 billion at the same point in 2021.
[3] On 12 December 2022, the U.S. Department of Health and Human Services Sector Cybersecurity Coordination Center issued a threat brief warning that cybercriminals wielding LockBit 3.0 have been targeting the healthcare sector since June.
[4] In November 2022, LockBit 3.0 claimed responsibility for a ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec.