IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

2022 Cyber Review: The Year the Ukraine War Shocked the World

This past year will be remembered as another year of ransomware attacks, data breaches impacting critical infrastructure and, most of all, global cybersecurity impacts from the Russian war with Ukraine.

2022 over a cityscape at night with lines connecting the idea of data points
Shutterstock/Fit Ztudio
When we look back at this past year’s cybersecurity stories a decade from now, what will we remember most? That is the question that I attempt to answer every December in this annual cyber review.

And, in my opinion, 2022 will be remembered as the year that the Russian invasion of Ukraine changed the narrative around cybersecurity in numerous ways. Here are some of my blogs from this year covering this ongoing theme:

January 2022: Will the Ukraine Conflict Lead to More Global Cyber Attacks? – “Recent cyber attacks against Ukrainian websites have focused global attention on the potential for wider online conflict. So what are the new cyber threats and potential scenarios to be prepared for?”

February 2022: Planning for a Nation-State Cyber Attack — Are You Ready? – “Some global experts are predicting a significant cyber attack against U.S. and U.K. critical infrastructure if Russia invades Ukraine. Whether it happens or not, is your organization prepared for this scenario?”

March 2022: Ukraine Situation Drives New Cyber Attack Reporting Mandates – “New mandated reporting of major cyber incidents for all owners and operators of U.S. critical infrastructure seems closer than ever, thanks to new bills that are supported by the White House.”

March 2022: Global Cybersecurity Ramifications from the War in Ukraine – “The article goes on to describe how cyber officials from allied nations have also offered remote assistance to help protect Ukrainian digital assets and investigate the origin of some cyber attacks. Also, China may be in the hacking mix, as a Twitter handle known for exposing Chinese hacking operations said they were conducting operations in Ukraine — but stopped short of linking the Chinese government.”

July 2022: Cyber Attacks Against Critical Infrastructure Quietly Increase – “Despite the lack of major headline-grabbing cyber attacks against U.S. critical infrastructure so far in 2022, our global cyber battles continue to increase.”

August 2022: Hacktivism and DDOS Attacks Rise Dramatically in 2022 – “2022 has brought a surge in distributed denial-of-service attacks as well as a dramatic rise in patriotic hacktivism. What’s ahead for these trends as the year continues?"

September 2022: NATO Countries Hit With Unprecedented Cyber Attacks – “Montenegro, Estonia and new NATO applicant Finland are just three of the countries being hit hard by sophisticated cyber attacks. What’s happening and who’s next?”


In case you're wondering, I am not the only one who thinks the Russia-Ukraine conflict led the cybersecurity news for 2022. For example:

CNET: War in Ukraine Dominated Cybersecurity in 2022 — “Russia's war against Ukraine and the worries about possible cyber attacks against the country's allies, like the U.S., dominated cybersecurity news throughout 2022.

“Even before Russia's February invasion, cybersecurity experts were gearing up for online attacks that some of them thought could potentially cross the line into cyber warfare. Russia did have some success early on, but Ukraine showed it could not only rebound and rebuild, but also control the message coming out of the war zones, neutralizing Russian disinformation campaigns.

“While the war continues to drag on, Western countries and their companies that do business in Ukraine seem to have, so far, escaped largely unscathed, though some experts say the potential for an attack remains.”

Yahoo: Cybersecurity Insurance Global Market Report 2022: Ukraine-Russia War Impact — “The global cybersecurity insurance market is expected to grow from $9.73 billion in 2021 to $11.75 billion in 2022 at a compound annual growth rate (CAGR) of 20.7 percent. The Russia-Ukraine war disrupted the chances of global economic recovery from the COVID-19 pandemic, at least in the short term. The war between these two countries has led to economic sanctions on multiple countries, surge in commodity prices, and supply chain disruptions, effecting many markets across the globe.” How the US has helped counter destructive Russian cyber attacks amid Ukraine war — “The U.S.’s increased efforts to assist Ukraine and other Eastern European countries in shoring up their cyber defenses amid Moscow’s war on Kyiv appear to have been successful in countering destructive Russian cyber attacks and mitigating their impact.

“The U.S. and its European allies provided significant cyber expertise to Ukraine and other Eastern European nations prior to the war, but experts said those efforts seem to have increased following the invasion of Ukraine in February as the countries all geared up for Russian cyber attacks.” Estonia Builds Ukraine Military Cyber Facility to Fend Off Russian Hackers

Carnegie Endowment: Cyber Operations in Ukraine: Russia’s Unmet Expectations — "Russia has achieved far less via cyber warfare in Ukraine than many Western observers expected. Many aspects of Moscow's approach to cyber operations have been misunderstood and overlooked."

Politico: NATO prepares for cyber war

The Economist: Lessons from Russia’s cyber war in Ukraine
Cybersecurity and Infrastructure Security Agency (CISA): Shields Up Website — “Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Every organization — large and small — must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack. CISA continues to encourage our stakeholders to voluntarily share information about cyber-related events that could help mitigate current or emerging cybersecurity threats to critical infrastructure.”


Ransomware: The volume and complexity of ransomware attacks increased again in 2022, with many stories about state and local governments, universities, hospitals and other being hit hard in 2023.

Here are a few of the ransomware stories I covered this year:

Data Breaches Abound: Forbes highlighted many of the top cybersecurity data breaches in this piece. Here’s an excerpt from that piece:

“In a stunning example of civic cyber attacks, the rogue cyber crime group, Conti, attacked the core of everyday life in the peaceful and beautiful country of Costa Rica. They demanded millions in ransomware, attacked health systems, and disrupted national businesses, forcing government officials to declare a national emergency. In time, as the attacks continued for months on end, the government declared the incidents acts of war and terrorism. These attacks were too numerous to outline in detail here, but in many cases, operations were forced offline, and the associated business costs were estimated to have cost the country $30 million dollars each day that they continued. After prolonged attacks, the country had to call on help from the United States, Microsoft, and other countries to help deal with the crisis.”

Security Magazine outlined the top 10 global data breaches in 2022 here. The top two items on this were:

"1. Medibank Data Breach
Medibank Private Ltd, one of the largest health insurance providers in Australia, confirmed that data belonging to 9.7 million past and present customers, including 1.8 million international customers, had been accessed by an unauthorized party.

"Medibank said it would not pay the ransom demands, saying, 'We believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.'

"2. LAUSD Data Breach
Russian-speaking hacking group Vice Society leaked 500GB of information from the Los Angeles Unified School District (LAUSD) after the U.S.’s second-largest school district failed to pay an unspecified ransom by October 4th. The data contains personal identifying information, including passport details, Social Security numbers and tax forms, contact and legal documents, financial reports with bank account details, health information, conviction reports and psychological assessments of students."


No doubt, there were many other big cybersecurity stories in 2022, ranging from new technologies emerging to the challenges with cryptocurrencies to big company mergers (like Mandiant being bought by Google). But the implications flowing from the Russia–Ukraine war will be with us for many decades ahead and will greatly influence cyber activities in the next few years.

Next week, I will bring you the top 23 security predictions for 2023, my annual report highlighting the top cybersecurity industry themes, trends, forecasts and much more.
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.