PhishNet

2022: Hacks, Attacks, and Fightbacks

2022 was a year to remember in the cybersecurity world!

Every year, we see more and more cybersecurity incidents around the world. It might even be exciting if we weren’t seeing people’s lives and well-being at stake. However, for every cyber fail, we also see cyber successes. And this has been a year that Australia has started fighting back against attacks in the digital world.

Security breaches

We saw some very high-profile security breaches occur in 2022. Most memorable for many people – because most Australians know someone affected – were the Optus and Medibank breaches. The perpetrators stole data that included customers’ date of birth and driver’s licence numbers. This was significant because these are details used to confirm proof of identity. In other words, cyber-criminals can use the information to steal people’s identities.

Hacked info for sale online

The ABC reported in November that login details for myGov accounts and personal medical information stolen from an NDIS provider were available for sale on the black market. In some situations, the people whose data was available online hadn’t been informed that their data was even at risk. This year, with increased security breaches across Australia, we saw a lot more hacked information for sale on the dark web.

Cyber operations increasingly used in geopolitical strategy

Nations have been using information against each other for millennia. Intelligence and counterintelligence operations are commonplace. In 2022, we saw more use of cyber attacks and defences in these sorts of operations. Countries worldwide are hardening their security to protect their military secrets and intellectual property against theft. However, there are less apparent attacks on the rise as well. Countries like Russia, with a reputation for cybersecurity attacks, have been implicated in security breaches like Optus and Medibank. While it might seem petty for a country to attack a corporation, this can be a tactic used to destabilise another country’s economy.

What’s coming in 2023

The Attorney-General announced that the AFP and ASD are directing a joint operation. This will “investigate, target and disrupt cybercriminal syndicates with a priority on ransomware threat groups.” The idea is to stop criminal networks running disruptive cyber attacks – and protect regular Australians. Ransomware, in particular, has been increasing as a threat throughout the last few years. The business and personal losses are often significant, even if people don’t pay the ransom amount. The federal government aims to combat this.

Winding down safely at the end of the year

Security measures can get relaxed during the holiday season as everyone focuses on finishing all their work. Longer holidays at the end of the year can also cause the IT department’s favourite January headache – forgotten passwords! 

Some measures that can help keep your systems safe are:

  • Treat everyone to a password manager that will remember passwords for them.
  • Check your backup and recovery process before the holidays.
  • If you’re a smaller business, run a full, complete backup and take it off-premises and offline while everyone’s out of the office.
  • Organise cybersecurity awareness training for early 2023 to get everyone back at the top of their game.

Have a wonderful holiday period

From everyone at PhishNet – we wish you a happy holiday season and a joyful and safe new year!