War in Ukraine Dominated Cybersecurity in 2022

Though some experts worried that Russia would lash out against Ukraine's allies, that hasn't happened, at least not yet.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
4 min read

As the war in Ukraine drags on, cyberwarfare could become a reality.

Getty Images

Russia's war against Ukraine and the worries about possible cyberattacks against the country's allies, like the US, dominated cybersecurity news throughout 2022.

Even before Russia's February invasion, cybersecurity experts were gearing up for online attacks that some of them thought could potentially cross the line into cyberwarfare. Russia did have some success early on, but Ukraine showed it could not only rebound and rebuild, but also control the message coming out of the war zones, neutralizing Russian disinformation campaigns.

While the war continues to drag on, Western countries and their companies that do business in Ukraine seem to have, so far, escaped largely unscathed, though some experts say the potential for an attack remains. 

Meanwhile, defenders of all kinds of computer systems continued to deal with the threat of ransomware, which increasingly hit American schools in addition to more traditional targets like critical infrastructure. And they wrestled with lingering issues stemming from a vulnerability in widely used open-source software and cyberattacks aimed at stealing data for profit.

Here's a quick look at the most important cybersecurity news of 2022:

War breaks out, then drags on

Nearly 10 months after it started, the war in Ukraine shows no sign of ending. Observers say Ukraine has fought back admirably, both digitally and physically.

Before the invasion, analysts had warned that cyberwarfare would be among Russia's preferred tactics. Among the potential targets: Ukraine's power grid and critical infrastructure. And such attacks could target allies and other countries too, they'd said.

After all, Russia has done it before. The NotPetya attack, attributed to Russia, crippled computers across Ukraine in 2017. The malware, which also spread to unintended targets far outside Ukraine, locked up files in a manner similar to ransomware. When experts took a closer look, however, they realized that its true purpose was to destroy data rather than make money.

That's not to say cyberattacks haven't been deployed. For example, Russian-launched data-wiping malware crippled the Ukrainian military's ability to communicate during the first days of the invasion. But the Ukranians recovered fairly quickly. 

Cyber Armageddon, however, hasn't been unleashed. Russia has, instead, opted for a kinetic war, recently attacking critical infrastructure and leaving millions of Ukrainians without regular access to heat, electricity and water. As the one-year anniversary of the invasion approaches, it remains to be seen if that will change.

Ransomware threat continues, moves to schools

The federal government made boosting the cybersecurity of critical infrastructure a priority this year, In the wake of the 2021 ransomware attacks against Colonial Pipeline and JBS USA.

Those attacks, which resulted in shutdowns and sparked panic-buying among consumers, showed exactly what kind of widespread chaos a well-targeted ransomware attack can cause.

Despite the increased awareness, the attacks haven't let up. According the cybersecurity company Kaspersky, the proportion of its users attacked by targeted ransomware almost doubled in the first 10 months of this year, compared with the same period in 2021.

The organized gangs and other cybercriminals have also moved on to new, smaller and less obvious targets, including school districts both big and small.

The Los Angeles Unified School District was hit with ransomware over the Labor Day weekend. It wasn't forced to cancel school, but it later revealed that the cybercriminals had made off with unspecified district data and released it.

Ransomware attacks also shut down schools in Albuquerque, New Mexico, in January and two different counties in Michigan in November.

Software supply chain worries

Though technically it was discovered in the last weeks of 2021, the Log4j software bug had security professionals scrambling for much of this past year. It also brought to light just how much software is built from open-source components. 

If left unpatched or otherwise unfixed the major security flaw found in the Java-logging library Apache Log4j and posed risks for huge swaths of the internet. The vulnerability in the widely used software could be exploited by cyberattackers to take over computer servers, potentially putting everything from consumer electronics to government and corporate systems at risk of a cyberattack.

At the time of its discovery, Cybersecurity and Infrastructure Security Agency Director Jen Easterly said the sheer scope of the vulnerability, which affected tens of millions of internet-connected devices, made it the worst she'd seen in her career.

Most companies have patched the issue, but experts say attackers continue to try to exploit the vulnerability.

Data breaches keep coming

Cybercriminals looking to break in to systems and steal corporate or consumer data didn't let up this year. There was no shortage of data breaches.

Breaches at companies including Uber, Microsoft, News Corp. and LastPass all grabbed headlines this year.  

According to the Identity Theft Resource Center's third-quarter report, in the first nine months of this year there were 1,291 recorded data compromises, affecting about 166.8 million people. While that may seem like a lot, the numbers track well behind 2021's full-year totals of 1,862 compromises and 298.2 million people.

As in past years, the majority of the compromises with known causes stemmed from cyberattacks involving some kind of phishing or business email compromise, the center said.