2022 was most certainly a challenging year for everyone within the cybersecurity sector. The digital space was highly affected by the war between Russia and Ukraine; whether we'd ever find a post-COVID normal; and the global financial (and energy) crisis.

Many organizations around the world started to question if digital is safe anymore.

At AMATAS, we believe that we all, as a global community, should take the necessary steps and precautions to ensure cybersecurity standards are upheld and met. It's up to every single one of us to safeguard the digital space with healthier online habits.

Throughout 2022, ransomware attacks continued to be one of the biggest threats worldwide. They even started to gain a political nature: with Eastern European hacktivists taking sides in the conflict. 

Here are four more key trends, which should be noted throughout the year.

  1. One of the most targeted sectors in the world was Industrial Goods & Services. 
  2. The highest global data breach costs were experienced by the Healthcare sector ($10.10 million) according to IBM’s "Cost of Data Breach" 2022 Report.
  3. Some of the most exploited vulnerabilities included remote code and privilege escalation.
  4. There was also an abundance of phishing campaigns and scams, exploring political conflicts (the war between Russia and Ukraine), events (the World Cup), and the holiday seasons.

Within the AMATAS industry recap, discover some of the biggest cyberattacks that took place in 2022.


Russia invaded Ukraine at the end of February 2022, using both military and cyber warfare. Russia infiltrated Ukrainian crucial infrastructures (energy, financial, etc.) using destructive wiper attacks - DDoS (distributed denial of services). Here's a timeline of a couple of the biggest cyberattacks that happened

  • On February 23, a day before the Russian military entered the country, HermeticWiper (a malware) targeted financial, IT, and other key organizations in Ukraine. 
  • On February 25, IsaacWiper took down more than a dozen of Ukraine's government websites, also targeting a border checkpoint.
  • Phishing schemes around Europe started to appear, claiming to be supposed Ukrainian relief charities. At the time, there was a resurface of hacktivism, where hackers started to take government sides in the conflict. 
  • On March 14, CaddyWipper - a data wiper variant - once again targeted Ukrainian organizations. 
  • A major cybersecurity attack disturbed Ukraine's national telecommunications operator, Ukrtelecom, on March 28.

Data Breaches

Lapsus$, the ransomware group, resurfaced in March 2022. They are believed to have been behind the Okta breach, where 366 clients' "data may have been viewed or acted upon". Lapsus$ also targeted Microsoft, compromising a single account and gaining limited access. An official Microsoft statement notes that the customer codes and data weren’t breached. Other companies that the Lapsus$ group targeted include Globant, NVIDIA, Samsung, Vodafone, and Ubisoft.

Compromised Accounts

March saw the biggest DeFi hack in history. About $620 million in cryptocurrency were stolen from the Ronin Network's blockchain gaming platform Axie Infinity.  The US Treasury Department linked the attack to Lazarus Group, a North Korean cybercriminal gang. The hackers used compromised private keys to fabricate fake withdrawals - draining the bridge in just two transactions. Blockchain intelligence company, Chainalysis, labeled 2022 as “the biggest year for hacking on record.”

Zero-Day Vulnerability

A cyber actor used a Twitter zero-day vulnerability to put together a +5 million user database; the platform confirmed in August. An official Twitter statement noted that the vulnerability was fixed back in January. Nevertheless, the breached non-public information was leaked in a data marketplace forum at the end of November. The publication claims that the hackers created another database, consisting of 17 million compromised records.


A phishing campaign, "0ktapus", potentially compromised 130 organizations, including Twilio, Cloudflare, and Mailchimp, stealing 10,000 user login credentials. The attacks were spread via text messages to employees, whose companies used Okta IAM services. The messages prompted the users to enter their identity credentials and two-factor authentication (2FA) codes.


At the end of the year, massive attacks infiltrated some of Australia's largest businesses. The importance of cybersecurity was hence raised on the country's agenda. In chronological order, Australia's second-largest telecommunications provider, Optus, was hacked. As a result, about 10 million customers' personal data was stolen. That is roughly 40% of the population of Australia! Unfortunately, Australia's largest health insurer, Medibank, also fell victim to a ransomware attack. The criminals threatened to release data they obtained, consisting of the medical records of over 9.7 million current and previous Medibank customers. The hackers posted about 480 000 health claims on the dark web. The Australian government is now discussing new sanctions against hackers and also banning ransomware payments.

Stricter outlook and a more serious approach to cybersecurity should be what the future holds for 2023 for organizations across the globe. 

Keep in mind that prevention starts with taking those simple steps to ensure that everyone on your team is on the same page. As noted in a Microsoft report, "basic cybersecurity hygiene", like anti-malware and multifactor authentication, can "still protect against 98% of the attacks". 

Where, also, zero trust principles should become the norm for every organization. Thus, limiting how far the attacks can travel through the systems to obtain valuable data. 

For some good news, more international organizations are now deploying zero trust in comparison with 2021. The “Cost of Data Breach”, IBM report, notes that the percentage grew from 35% to 41%.

Cyber resilience can only happen once we integrate strategy and involve everyone on our teams. As we've seen in many key sectors (like fintech and manufacturing) this year, attack prevention is only possible once you start thinking two steps ahead of the cybercriminals.

Ralitsa Kosturska in AMATAS