Top 10 cyber security stories of 2022 – ComputerWeekly.com

sdecoret – stock.adobe.com
In a year in which the mainstream news agenda was dominated by the return of war to Europe, the destructive cyber war against the West that some had imagined never really materialised, although the cyber dimension to the Ukraine conflict still loomed large over the technology news agenda
Beyond Ukraine, and beside the usual round of high-profile vulnerabilities, some of the key themes of the year included open source security, which came to widespread attention this year after the Log4Shell Adobe Log4j disclosures at the end of 2021 highlighted the risks of using open source tools.
Indeed, risk management was high on the c-suite’s list of priorities in 2022, with gathering interest in new strategies for mitigating the threat from ransomware, and new approaches to cyber security insurance both key topics of conversation.
Here are Computer Weekly’s top 10 cyber security stories of 2022.
In February, a report from Venafi piqued the interest of readers, as its data revealed how given the growth of double and triple extortion ransomware attacks in which data is stolen as an alternative extortion method, effective data backup strategies may be becoming less effective at mitigating and containing ransomware.
The past 12 months brought us no shortage of zero-day disclosures. Two of the most impactful for Computer Weekly readers were clearly a pair of vulnerabilities disclosed in August by Apple. The issues affected the supplier’s macOS Monterey desktop OS, the iOS and iPad OSes, and the Safari web browser, and left unaddressed could have led to arbitrary code execution.
Even though the UK has left the European Union (EU), as a major regional power, British organisations must continue to pay attention to what is happening in Brussels. In March, the European Commission proposed new regulations establishing common cyber and information security measures for EU bodies.
Also in March, researchers at Check Point revealed how citizens of both Ukraine and Russia were turning to the encrypted, cloud-based Telegram communications platform to share news (including disinformation and propaganda), to organise, and to solicit charity donations. The platform proved particularly popular among Ukrainian hacktivists organising attacks against Russian targets.
Shortly after the war began, Kaspersky, the antivirus specialist founded in Russia in the 1990s, became the subject of criticism from western governments, and action by hacktivists. One such group, possibly with links to the Anonymous collective, said it had compromised the company’s source code, prompting a swift denial from Kaspersky.
Shortly after the usual Patch Tuesday update, Microsoft was forced to issue a rare out-of-bound patch that fixed an issue causing server or client authentication failures that arose among users who had installed the first update. The issue related to how domain controllers handle the mapping of certificates to machine accounts.
In August, insurance market Lloyd’s of London indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023, saying their impact posed a systemic risk. Lloyds remains generally supportive of cyber insurance, but believes its members need to better manage their policies.
In September, threat researchers at Trellix revealed that a 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain cyber attacks. Exploited, it allows a user-assisted remote attacker to overwrite arbitrary files via a specific sequence in filenames in a TAR archive, ultimately achieving arbitrary code execution or control of the target device.
Cozy Bear or APT29, the Russian-intelligence linked threat actor, was highly active in 2022 in the service of Russia’s war in Ukraine. In August, Mandiant warned the operation was switching up its tactics as it targeted organisations in Nato countries, including messing with elements of its victims’ Microsoft 365 licences.
At the end of October, the OpenSSL open source cryptography library trailed a critical vulnerability patch, only the second such flaw ever found in the open source encryption project (the first being Heartbleed). In the event, it turned out to be much less serious than most had feared.
Major antitrust cases are expected to play out in 2023 while federal regulators consider new interpretations of existing …
Research shows organizations are still struggling to bring in IT talent. We identify the reasons why there’s a shortage and what …
The threat of a recession coupled with the ongoing need for transformation and growth means CIOs must make force multiplying …
CrowdStrike is urging organizations to apply the latest Microsoft Exchange updates after investigations revealed attackers …
This Risk & Repeat podcast episode discusses the current state of OT security, including the convergence with IT environments and…
Looking to advance your cybersecurity career? Here are the skills you’ll need to win that CISO job, land a gig as a threat hunter…
Arista’s new switches provide more options for enterprises and higher speeds for bandwidth-hungry hyperscalers. The latest …
Telecom operators have committed to sustainability plans to reduce carbon emissions and energy use. But they also face challenges…
Nmap might be more common for security tasks, but it’s also useful for network documentation and inventory. Follow these best …
Data lakes and data warehouses both store big data. When choosing a lake or warehouse, consider factors such as cost and what …
Classical and quantum computers have many differences in their compute capabilities and operational traits. Know their …
Colocation companies offer a wide range of facilities and services that can help organizations reduce or eliminate the costs …
Expect more organizations to optimize data usage to drive decision intelligence and operations in 2023, as the new year will be …
These 10 roles, with different responsibilities, are commonly a part of the data management teams that organizations rely on to …
These eight challenges complicate efforts to integrate data for operational and analytics uses. Here’s why, plus advice on how to…
All Rights Reserved, Copyright 2000 – 2022, TechTarget

source

Related Articles