Politics & Profit Drive Cybercrimes in 2022

The profit motive has long been a primary driver of cybercrime around the globe. However, when we reviewed some of the most significant cybercrimes of 2022 year-to-date, another pattern emerged quite clearly. Many of the cyberattacks have been politically motivated, with suspected Russian hackers bringing the war on Ukraine—and on Ukrainian sympathizers—to the Internet. In this post, we examine several of this year’s notable security breaches and what motivated them.

Russian Hackers Take War on Ukraine to the Web

Red Cross Hacked. The Red Cross has been actively aiding Ukrainians inside the country and in neighboring areas since shortly after Russia invaded Ukraine in February 2022. Unfortunately, the organization has managed to reach just 1 in 10 people affected by the current crisis, according to the Red Cross website. Teams from the International Committee of the Red Cross (ICRC) have helped enable the safe passage of more than 10,000 civilians from Sumy and Mariupol to other locations in Ukraine. The Red Cross and other groups have also been providing various humanitarian assistance to these victims of Russian aggression.

Earlier this year, a cyberattack on a Red Cross third-party contractor compromised more than half a million records maintained by the relief organization. Upon discovering the breach, the Red Cross took its servers offline to thwart the attack and minimize damages. No hacker or hacking group has been identified, although it’s easy to imagine Russian hackers are behind the attack.

Media Access Blocked. One of the largest online media content distributors in the world was hacked in another politically-driven attack earlier this year. The cyberattack occurred just days after the company deleted many Russian titles from its offerings, according to an article in Infosecurity Magazine, and publicly stated that it would help Ukrainians access up-to-date news following Russia’s invasion of their country by providing content without charge until further

notice. 

PressReader is a massive online media distributor that offers access to more than 7,000 newspapers and magazines on a subscription basis. The company’s offerings range from marquee newspapers like the New York Times and Los Angeles Times to magazines such as Newsweek, Forbes, Bloomberg Businessweek, Bazaar, and Rolling Stone, as well as regional and local offerings.

Although PressReader was able to restore its full publishing capability in a few days, the attack blocked subscriber access to content for a three-day period. As with the attack against the Red Cross, it is not a great leap to suspect Russian hackers of this malicious mischief.

Controversial Cause Attacked. GiveSendGo is a Christian crowdfunding website that recently was used to support a coalition of Canadian truckers in their drive across Canada to protest COVID vaccine mandates and promote the lifting of restrictive ongoing COVID 19 rules. According to a Newsweek article, the Freedom Convoy raised $8 million in funds from contributors sympathetic to their message, but also caught the attention of political hackers not supportive of their cause. The hackers stole and published the online data of 90,000 individuals who donated, and in a classic DDOS attack, redirected the GiveSendGo fundraising page to a different website that openly criticized the Freedom Convoy, its message, and its methods.

200 Gas Stations Offline. Finally, the escalating price of oil and gas has become a political hot potato in recent months, with much of the blame placed on Russia and its war on Ukraine. In February of this year an energy company in Germany, Marquard & Bahls, suffered an attack on its IT infrastructure that forced it to temporarily close more than 200 gas stations across the country. Cybersecurity experts suspect the Russian BlackHat gang, who are known to have previously targeted oil pipelines and supply depots.

Politically-motivated cybercrime in 2022 has affected organizations from non-profits and fundraisers to media and energy. No doubt additional targets will arise as organizations continue to sympathize with and support the Ukrainian people.

Crypto Companies Targeted for Financial Gain

The profit motive traditionally has been a primary driver of cybercrime around the world. Ransomware crimes have proven highly successful in lining the pockets of various hacker groups. LockBit 2.0 and Conti continue to dominate the current ransomware landscape and were responsible for 58% of all ransomware attacks in the first quarter of 2022, according to an article on ZDNet. Hive, Vice Society, and Blackbyte are also active ransomware gangs.

In addition to ransomware, cybercriminals also profit by stealing online data for resale on the dark web, including the personally identifiable information (PII) and protected health information (PHI) of hundreds of thousands of individuals.

Cryptocurrency Bank Robbed. This year, cryptocurrency businesses have become lucrative targets for cybercrime. Crypto.com operates essentially as a cryptocurrency bank that maintains its individual users’ cryptocurrency wallets. In January, more than 480 crypto.com accounts were hacked and $18 million in Bitcoin, as well as $15 million in Ethereum currency, was stolen from those accounts. The hackers apparently bypassed crypto.com’s security measures, which the company is now taking steps to harden. In the meantime, they claim to have reimbursed the users whose balances were stolen.

Relaxed Security a Mistake. Ronin is a cryptocurrency-based gaming platform that was hacked in March 2022. Because its Axie Infinity game allows players to earn cryptocurrency and non-fungible tokens, its popularity had exploded to the point that the company relaxed its online security indefinitely in order to accommodate the increased usage. Never a good idea, although the profit motive is strong on both the right and wrong sides of the law. The security breach resulted in the theft of over $600 million in cryptocurrencies. The platform was closed, and deposits and withdrawals stopped until the breach investigation can be completed.

Developers behind the game have raised some $150 million to help reimburse affected users. They are also working with various cryptocurrency exchanges to attempt to track and recover the stolen funds, according to an April article on cointelegraph.com.

Cash App Mobile Payment Tool Compromised

Block Inc., formerly known as Square, announced in April that their popular mobile payment tool known as Cash App was hacked by a former employee in December. Cash App enables mobile businesses and other small businesses to easily accept payment cards. The security breach compromised an undisclosed number of U.S. customer names, account numbers and values, and a limited amount of other financial information. The employee evidently retained online access even after leaving the company, a big no-no in terms of active identity management and effective information security.

Although Block declined to share how many customers were affected, the company was contacting some 8.2 million former and current customers to advise them of the incident, according to a TechCrunch article. It is unknown whether the former employee intended to embarrass Block or profit from the stolen account information or both.

Summary

While the profit motive continued to drive most cybercrimes in 2022, worldwide support of the Ukrainian people has increased the volume and visibility of politically motivated attacks, with suspected Russian hackers bringing the war on Ukraine—and on Ukrainian sympathizers—to the Internet. The Red Cross and PressReader are two notable organizations who suffered such politically-driven cybercrimes in the early months of 2022. Can Russian hackers succeed in deterring altruistic organizations from standing with Ukraine? We think not.

Meanwhile, as cryptocurrency continues its rise in popular use, organizations who leverage this digital payment medium have also come under attack. More than $625 million was stolen from two such companies earlier this year as cybercriminals seem to be targeting this low-hanging fruit. Companies who deal in cryptocurrency should act now to harden their security protocols to discourage further cyber theft.

Cybersecurity is vital in virtually every organization today. We hope that the stories of these cybercrimes of 2022 will encourage all to assess their current security measures and address security vulnerabilities promptly.