As we enter into 2023, cybercriminals are continuing to evolve their tactics and techniques to carry out phishing attacks. With the rise of remote working, the attack surface for phishing attacks has broadened significantly, which means it’s more important than ever for organizations to stay ahead of the curve.
In this blog post, we’ll look at the top phishing attacks of 2022 that can help you better prepare for your protection from phishing in 2023.
Valley View Hospital (January 2022)
In January 2022, Valley View Hospital was a sophisticated phishing attack victim and one of the top phishing attacks of 2022. This attack utilized a technique known as “spear phishing,” in which individuals are targeted with malicious emails designed to appear legitimate to gain access to sensitive data.
In this case, the attackers sent emails to members of the hospital’s staff that appeared to be from a trusted source, asking them to provide login credentials.
Once these credentials were provided, the attackers could access the hospital’s computer networks and sensitive patient data. On March 29, 2022, an investigation concluded that the security of 21,000 individuals’ patient and employee information was compromised in Valley View Hospital’s email accounts. Valley View Hospital has stated that it does not have evidence indicating any data has been removed from its system.
Charleston Area Medical Center (January 2022)
In January 2022, the Charleston Area Medical Center (CAMC) fell victim to a phishing attack. This cyberattack utilized deceptive emails, text messages, and other online platforms to acquire sensitive information from the institution or its employees.
This attack was particularly nefarious in its ability to mimic the look and feel of legitimate CAMC communications, thus tricking employees into divulging their login credentials.
The attackers could then access the institution’s computers and wreak havoc. Upon further investigation, it was discovered that the attackers had used various techniques to gain access to the CAMC’s networks, such as spear-phishing, malware, and social engineering affecting 54,000 records.
Charleston Area Medical Center, in collaboration with a cybersecurity forensics firm, recently concluded an investigation on March 16th. The investigation results revealed that an unauthorized individual attempted to acquire login information belonging to hospital employees rather than personal information belonging to patients.
Mailchimp (March 2022)
In March 2022, MailChimp’s online marketing service provider suffered a significant phishing attack. Malicious emails were sent to customers to steal their personal information.
Once the attackers were successful, they could gain access to the customer’s MailChimp accounts and make changes to their settings, including changing their passwords and redirecting emails. The attack was partially successful due to MailChimp’s lack of adequate security measures, such as two-factor authentication.
A total of 319 MailChimp customer accounts were accessed, resulting in the export of mailing lists from 102 accounts. The attackers then utilized these accounts to launch phishing attacks, which appeared genuine as they were sent from a MailChimp email address. Attackers have obtained access to application programming interface keys, which could be utilized to initiate additional email-based phishing attacks in an automated manner.
Florida Springs Surgery Center (June 2022)
Florida Springs Surgery Center, a surgical center based in Spring Hill, Florida, was the victim of a phishing attack that affected the data of 2,203 patients.
Florida Springs Surgery Center has reported that an unauthorized third party was able to gain access to patient information by conducting a phishing attack on an employee’s Microsoft Outlook email account between May 25 and June 2.
Allegheny Health Network (July 2022)
In July 2022, Allegheny Health Network, a health system headquartered in Pittsburgh, was informed that an employee’s email account had been compromised between May 31 and June 1 after the account owner clicked on a phishing link.
Once the link was accessed, the perpetrator could gain access to files containing sensitive patient data. It includes but is not limited to names, dates of birth, dates of service, medical records, ID numbers, prior medical history, conditions, treatments, diagnoses, addresses, contact information, driver’s license numbers, email addresses, and more.
Re-evaluation of the digital risk detection and removal process could have aided in quickly identifying the phishing campaign and preventing further harm. The medical history of the over 8,000 affected patients is permanent, making it imperative to protect their data and maintain its integrity.
Acorn Financial Services (August 2022)
In August of 2022, Acorn Financial Services was the target of a devastating phishing attack that compromised their customer’s financial data security. This attack was one of the most sophisticated and effective of its kind ever seen, and it caused significant disruption to Acorn’s operations.
An Acorn employee has likely been the target of a phishing attack resulting in the theft of their email credentials.
Upon gaining access to the employee’s email account, the attackers could access confidential internal information. Acorn discovered an unauthorized party had gained access to its systems, resulting in the potential exposure of customers’ personal information. This included names of staff and customers, their address details and other personal information.
In response, Acorn has launched a full investigation and sent breach notifications to those customers possibly impacted.
Twilio (August 2022)
Twilio experienced a security breach in which employee credentials were compromised due to an SMS phishing attack. The attack enticed employees and redirected them to a fraudulent website designed to look like Twilio’s legitimate authentication page.
Once opened, these malicious links installed malicious software that allowed the attackers to access confidential information. This attack was especially concerning due to the wide-reaching nature of Twilio, as it is used by many organizations worldwide. Furthermore, the attack was difficult to detect and mitigate due to the sophisticated nature of the malicious actors.
The security of approximately 75 million Authy users was compromised when hackers utilized their Twilio access to breach 93 Authy accounts and authorized additional attacker-controlled devices. This incident compounded with the Twilio breach, potentially exposing 1,900 accounts on the Signal encrypted communication app.
Living Innovations (August 2022)
The Living Innovations Phishing Attack of August 2022, one of the top phishing attacks of 2022, was a sophisticated cyberattack that occurred on the 8th August, targeting the computer systems of Living Innovations, a global technology firm. The attack successfully compromised the security of the company’s networks, allowing malicious actors to gain access to sensitive data and intellectual property.
The attack employed various social engineering methods to trick employees into revealing their passwords and other login information and using malware to further exploit the company’s systems.
An investigation led by a cybersecurity team concluded that an unknown entity gained access to multiple employee email accounts between June 6-14, 2022. Living Innovations believes the attack was designed to deceive users into paying an illegitimate invoice.
To conclude, phishing attacks are continually changing and evolving to become more sophisticated and harder to detect.
Therefore, organizations must keep up-to-date with the latest trends in cyber security. They must start using anti-phishing tactics such as user awareness training, data encryption, and two-factor authentication and deploy a robust threat intelligence system to protect themselves from phishing attacks in 2023. The most successful defense systems will be those that stay one step ahead of the cybercriminals.