If you expected a Summer break in the attack trend you will be disappointed. In the first half of August 2022 I have recorded the second highest number of events, and the higher in absolute if we consider the events per day.

In reality the Summer also brought a new wave of ransomware attacks. 41 out of 149 events (27.5%) were characterized by this attack vector, meaning that we are back at values similar to the first timeline of July (25.2%.) On the other hand, 14 out of 149 events were characterized by the exploitation of vulnerabilities in line with the previous timeline.

The massive hacks against crypto platform continued also during the fist half of August, with a new record achieved by Nomad, which lost nearly $200M worth of cryptovalues after a vulnerability in a recent update was discovered and replicated by dozens of attackers. A number that overshadowed the losses suffered by Solana and Curved Finance (respectively roughly $5M and $800K).

And the Summer did not even stop mega breaches: millions of new records have been added to the pile of compromised accounts: a COVID-19 health app in China (48.5M records), an unknown credit agency (23M records), and the University of Kashmir (1M records) are the most notable examples.

The hybrid warfare in Ukraine confirmed the decreasing trend. This timeline saw multiple DDoS attacks carried out by the pro-Russian collective Killnet and their affiliates. Maybe the operations against Ukraine flew under the radar. The only ones deserved to be mentioned are the massive bot farm (1M bots) taken down by the Ukrainian cyber police (SSU) and a new campaign by the infamous Gamaredon group. Indirectly related to Ukraine is also the  operation linked to a Russian threat actor tracked as SEABORGIUM targeting people and organizations in NATO countries.

But the cyber espionage front is always rich of events, the timeline reports new campaigns by the usual suspects such as: Charming Kitten, Bitter APT, APT36, APT-C-35, APT27, and many other threat actors, some of which emerged for the first time, such as the Chinese group that created the Manjusaka exploitation framework, or the actor tracked as TAC-040, very busy in exploiting the Atlassian Confluence flaw CVE-2022-26134.

As usual the list is too long to be summarized in few words (this one in particular), so my suggestion is to enjoy the interactive timeline and the tabular format, and obviously thanks for sharing it, and supporting my work in spreading the risk awareness across the community. As always, don’t forget to follow @paulsparrows on Twitter, or even connect on Linkedin, for the latest updates.

Expand for details

Geo Map August H1 2022

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.