• 31 March 2022
  • 5 min read

Cyber spotlight - Events in March 2022

This is a monthly feature which will summarise cyber attacks and data breaches which occurred during the month, in this instance March 2022 During March...

Cyber Spotlight Events in March 2022 580x250 acf cropped

This is a monthly feature which will summarise cyber attacks and data breaches which occurred during the month, in this instance March 2022

During March there have been continued prolific information and cyber attacks affecting a full range of sectors. This month’s news roundup highlights some of these, from ransomware attacks on mental health charities and car manufacturers, to data breaches affecting the healthcare sector and a microchip company. There are also two notable authentication hacks and a range of research to consider. We will conclude today's spotlight with the UK and Australian governments introducing some preventative measures.


A ‘sophisticated and criminal’ ransomware attack targeted a mental health charity and impacted its IT systems and phone lines. The Scottish Association for Mental Health (SAMH) said the incident affected its national phone lines and left local and national service employees unable to receive and respond to emails.

SAMH works with young people and adults across Scotland and provides mental health and social care support in primary care, schools, and further education.

In a statement, Billy Watson, Chief Executive at SAMH, said: “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable”.

Another high profile ransomware attack targeted one of the world’s largest car manufacturers. Toyota was forced to halt operations at all its plants in Japan after a key supplier suffered a suspected ransomware attack.

Data breaches

Personal information belonging to more than one million patients was compromised after cybercriminals targeted a large dental care provider.

The security incident impacted data held at Dallas-based JDC Healthcare Management LLC (JDC) which operates 72 Jefferson Dental and Orthodontics offices across the state.

Personal information that may have been exposed includes dates of birth, Social Security numbers, driving license numbers, health insurance details, clinical information, and financial information.

Microchip company Nvidia has confirmed that employee credentials and proprietary information were stolen after a cyber attack impacted its IT systems.

South American hacking group LAPSU$ said it was responsible for the attack and claimed to have stolen one terabyte of data that included employee details.

Authentication hacks

Cybercriminals exploited a known vulnerability to disable multi-factor authentication (MFA) and compromise networks and user accounts at a non-governmental organisation.

The FBI advisory detailed that, as early as May 2021, cybercriminals exploited a misconfigured account at a non-governmental organisation (NGO) that used default MFA protocols. In this case, attackers used a brute force attack to crack a weak password and acquire credentials to access systems.

The misconfiguration allowed threat actors to enrol a new device for the compromised account, set up MFA for it, and gain access to the targeted network.

In another authentication hack, a malicious Android app designed to steal Facebook login credentials was installed over 100,000 times from the Google Play Store.

Researchers at mobile security firm Pradeo found that the 'Craftsart Cartoon Photo Tools' app was able to harvest Facebook credentials from smartphone users by embedding trojan malware known as ‘Facestealer’.

The app uses social engineering to trick victims into entering their login details on a web page that then sends the information to a server controlled by the attackers.

The cybercriminals behind the app can then gain full access to victims’ Facebook accounts including any linked payment card details, conversations, and searches, Pradeo reported.


Password research

More than two thirds of passwords compromised by past breaches are still in use despite cybercriminals using increasingly sophisticated cyber attack methods. SpyCloud researchers found that 70 percent of breached passwords are still being used and that 64 percent of consumers also reuse passwords across multiple accounts.

The researchers added that consumers continue to practice poor cybersecurity for passwords including using similar passwords for multiple accounts, easily guessed words or phrases, and weak or common passwords.

Digital passports research

Around two thirds of digital passport applications used by people to prove their Covid-19 vaccine status may put users’ privacy at risk. Symantec researchers tested 40 digital vaccine password applications and ten scanner applications and found that 27 suffered from security and privacy risks.

Digital passport applications are known to store proof of Covid-19 vaccination statuses, full names, dates of birth, ID numbers, and other personally identifiable information encoded as a QR code or displayed in the app.

Users can show the vaccination information or the QR code for entering venues, restaurants, places of work, or when traveling.

Zero-day vulnerabilities research

Nearly one-third of known zero-day vulnerabilities targeted mobile devices in 2021, a new report by Zimperium researchers found.

According to data compiled by the mobile security firm, more than two million new malware samples were detected last year with threats affecting over 10 million devices in 214 countries.

The researchers also discovered a 466% increase in exploited zero-day vulnerabilities used in attacks against mobile endpoints in the same year.

Zimperium’s 2022 Global Mobile Threat Report combines data from global surveys and insights collected by its security research team.

Other scams

  1. Malicious emails that claim unusual account activity have been detected targeting Microsoft users in order to steal credentials and personal information. The phishing scam claims that ‘unusual sign-on activity’ from Russia was identified as it urges victims to ‘report the user’.
  2. Cybercriminals are impersonating government officials and law enforcement agencies in attempts to steal personal information and extort money from victims, the Federal Bureau of Investigation (FBI) warned. Scammers are using spoofed authentic phone numbers and fake credentials of well-known government agencies to trick victims into handing over payments.

Preventative government measures

In the UK

Social media platforms will need to provide users in the United Kingdom with more control over who can interact with them and what they see online, the government announced.

Two new duties will be added to the UK government’s Online Safety Bill ‘to strengthen the law against anonymous online abuse’ by giving users the ability to tailor their online experiences.

Under the first duty, ‘category one’ companies with the largest number of users will be required to allow users to verify their identities and control who can interact with them.

Proposed verification options include cross-referencing profile pictures with government-issued IDs, two-factor authentication for mobile prompts, or using issued IDs to create or update accounts.

In Australia

A new AU$89 million centre has been launched as part of a ‘national plan’ to combat cybercrime in Australia.

The Joint Policing Cybercrime Coordination Centre (JPC3) was launched by Australia’s Department of Home Affairs alongside the Australian Federal Police (AFP) to boost the country’s fight against cybercrime.

Australian Home Affairs Minister Karen Andrews said the centre would bring together the experience, powers, capabilities, and intelligence to build a strong response to online crimes.

She said: “During the pandemic, cybercrime became one of the fastest growing and most prolific forms of crime committed against Australians."

Every month in The Insider, TSC will be providing a snapshot of the most up to date information and cybersecurity attacks.

See how we can help you protect your organisation today?