When it comes to tech fears, the boogeyman comes in the shape of a hack. These malicious attacks perpetrated often from hundreds of miles away have the ability to bring tech giants to their knees in a matter of minutes. These malicious attacks can completely decimate public trust in a company, while simultaneously exposing thousands–and even millions–of devices and people to identity theft, leaking of sensitive images or information, loss of income, and even permanent damage to hardware. When you consider this, it’s no wonder that most companies with any sensitive data sitting on their servers shudder at the thought of a full-scale, unstoppable hacking into their systems.
But what’s a good horror story without a few hapless victims to underscore the real danger? To show you just how bad it could be (and to welcome you into a new year), here are the 5 most fearsome hacks in 2022.
Starting the new year off with a bang, Log4Shell has been described as “a design failure of catastrophic proportions”, Log4Shell is a vulnerability in the Apache Log4j2 Java-based logging library, and it has security experts really really worried.
Log4Shell is a huge threat to the majority of Internet companies since hackers could take advantage of it to execute code inside these companies’ systems. While companies have started to deploy fixes, each separate entity will have to handle it on their own, based on their own servers and systems. This means the fix won’t deploy at once, leaving more people at risk.
In May of 2021, a major oil pipeline in the US was held for ransom by hackers. Sound like a new Bruce Willis movie? The owners of Colonial Pipeline only wish that was the case
The ransomware attack effectively held the company hostage and disrupted fuel to millions of people by impacting the pipeline’s computerized equipment managing system.
In a panic, Colonial Pipeline paid $5 million in ranson to the organization responsible for the hack. While the government was able to recoup about half of that money, the hack showed just how vulnerable many major corporations are to attacks–and how severely affected the public can be.
The Accellion breach started as a few vulnerabilities before it became what Wired described as a “global extortion spree”. Starting in late December of 2021, the Accellion breach was a financially motivated attack that targeted organizations. The hackers threatened to sell encrypted data unless they were paid.
While Accellion initially claimed that the vulnerabilities were patched within 72 hours, they later had to recant and explain that new vulnerabilities have been discovered. Impacting massive organizations like The Reserve Bank of New Zealand, Kroger, Trillium, Harvard Business School, CSX, and more, the Accellion breach served to jack up ranson demands in similar attacks.
Hacking With NSO Group Tools
For years, the Israeli spyware developer NSO Group has rolled out highly effective and aggressive hacking tools that target both Android and iOS devices. While the NSO Group is a lucrative and above board technological firm, its developments and their abuses continue to worry and astound the cyber security world. In fact, the companies products have been so abused by their customers that NSO Group now faces sanctions, lawsuits, and maybe even an uncertain future.
What hacking with NSO Group tools demonstrated to the world was that private businesses can–and will–produce hacking tools that have the technological ingenuity and sophistication to rival governments–and take down any dissenters.
The massive meat supplier JBS USA shelled out about $11 million USD in 2021 to ransomware hackers. The attack, led by REvil, a Russian-speaking hacker gang, resulted in meat plants across the US and Australia shut down for a day to try to control the leak. Cyber security Sydney and other cyber security firms throughout Australia were on the lookout for further attacks, considering that this hack came on the heels of the massive ransom payout Colonial Pipeline had just completed.
The hack resulted in delays in meat deliveries and shortages. While governments have long recommended that businesses not pay their attackers, the CEO of JBS defended his decision, saying they were doing it to protect their customers.