In a year in which the mainstream news agenda was dominated by the return of war to Europe, the destructive cyber war against the West that some had imagined never really materialised, although the cyber dimension to the Ukraine conflict still loomed large over the technology news agenda
Beyond Ukraine, and beside the usual round of high-profile vulnerabilities, some of the key themes of the year included open source security, which came to widespread attention this year after the Log4Shell Adobe Log4j disclosures at the end of 2021 highlighted the risks of using open source tools.
Indeed, risk management was high on the c-suite’s list of priorities in 2022, with gathering interest in new strategies for mitigating the threat from ransomware, and new approaches to cyber security insurance both key topics of conversation.
Here are Computer Weekly’s top 10 cyber security stories of 2022.
1. Backups ‘no longer effective’ for stopping ransomware attacks
In February, a report from Venafi piqued the interest of readers, as its data revealed how given the growth of double and triple extortion ransomware attacks in which data is stolen as an alternative extortion method, effective data backup strategies may be becoming less effective at mitigating and containing ransomware.
2. Apple patches two zero days in macOS, iOS
The past 12 months brought us no shortage of zero-day disclosures. Two of the most impactful for Computer Weekly readers were clearly a pair of vulnerabilities disclosed in August by Apple. The issues affected the supplier’s macOS Monterey desktop OS, the iOS and iPad OSes, and the Safari web browser, and left unaddressed could have led to arbitrary code execution.
3. European Commission proposes new cyber security regulations
Even though the UK has left the European Union (EU), as a major regional power, British organisations must continue to pay attention to what is happening in Brussels. In March, the European Commission proposed new regulations establishing common cyber and information security measures for EU bodies.
4. Use of encrypted Telegram platform soars in Ukraine, Russia
Also in March, researchers at Check Point revealed how citizens of both Ukraine and Russia were turning to the encrypted, cloud-based Telegram communications platform to share news (including disinformation and propaganda), to organise, and to solicit charity donations. The platform proved particularly popular among Ukrainian hacktivists organising attacks against Russian targets.
5. Kaspersky forced to deny source code leak
Shortly after the war began, Kaspersky, the antivirus specialist founded in Russia in the 1990s, became the subject of criticism from western governments, and action by hacktivists. One such group, possibly with links to the Anonymous collective, said it had compromised the company’s source code, prompting a swift denial from Kaspersky.
6. Microsoft drops emergency patch after Patch Tuesday screw up
Shortly after the usual Patch Tuesday update, Microsoft was forced to issue a rare out-of-bound patch that fixed an issue causing server or client authentication failures that arose among users who had installed the first update. The issue related to how domain controllers handle the mapping of certificates to machine accounts.
7. Lloyds to end insurance coverage for state cyber attacks
In August, insurance market Lloyd’s of London indicated that it will move to require its insurance groups to exclude “catastrophic” nation state cyber attacks from cyber insurance policies from 31 March 2023, saying their impact posed a systemic risk. Lloyds remains generally supportive of cyber insurance, but believes its members need to better manage their policies.
8. 15-year-old Python bug present in 350,000 open source projects
In September, threat researchers at Trellix revealed that a 15-year-old vulnerability in the open source Python programming language is still finding its way into live code, with the result that over 350,000 projects are at risk of potential supply chain cyber attacks. Exploited, it allows a user-assisted remote attacker to overwrite arbitrary files via a specific sequence in filenames in a TAR archive, ultimately achieving arbitrary code execution or control of the target device.
9. Cozy Bear targets MS 365 environments with new tactics
Cozy Bear or APT29, the Russian-intelligence linked threat actor, was highly active in 2022 in the service of Russia’s war in Ukraine. In August, Mandiant warned the operation was switching up its tactics as it targeted organisations in Nato countries, including messing with elements of its victims’ Microsoft 365 licences.
10. Prepare today for potentially high-impact OpenSSL bug
At the end of October, the OpenSSL open source cryptography library trailed a critical vulnerability patch, only the second such flaw ever found in the open source encryption project (the first being Heartbleed). In the event, it turned out to be much less serious than most had feared.