Top

Cybersecurity in 2024: a terrifying reality

As Halloween approaches, the world of cybersecurity has never been scarier. The numbers speak for themselves: a 60% rise in phishing attacks, 43% of ransomware victims losing data permanently, and 93% of organisations suffering identity-related breaches. Cybercriminals are more creative, utilising AI tools to enhance attacks, while businesses struggle to keep up. With 34% of organisations lacking cloud security skills, the landscape is ripe for exploitation. It doesn’t stop here… Let’s take a look at the most frightening data breaches and cyberattacks that have defined 2024 so far:

Ivanti VPN attacks

Kicking off the year with a shockwave, the Ivanti Connect Secure VPN attacks exposed the vulnerability of VPN infrastructure in modern businesses. Two zero-day vulnerabilities discovered in January led to widespread exploitation by the China-linked group UNC5221. Thousands of VPN devices were compromised, affecting critical organisations such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitre.

The Ivanti breaches exposed VPNs’ critical role in securing remote work and how they can be a prime target for state-sponsored cyber espionage. Though patches were released within weeks, the damage lingered, particularly as hackers could intercept sensitive communications. This attack highlighted the persistent threat of zero-day vulnerabilities, especially in systems connected to critical infrastructure.

Microsoft executive accounts breach

In one of the most sophisticated breaches of 2024, a Russia-aligned group infiltrated Microsoft’s executive email accounts, exposing sensitive communications between Microsoft and federal agencies. The group, known as Midnight Blizzard, gained access by exploiting the absence of multifactor authentication (MFA) on a legacy account. This breach wasn’t just about emails—it opened a window into critical government and corporate decision-making processes.

The attack underscored the importance of basic security practices, such as MFA, even for large corporations with robust security frameworks. It also exemplified the growing role of state-sponsored cyber espionage in disrupting national security. Microsoft’s response, which included notifications to impacted customers, further illustrated the far-reaching effects of this breach.

SOHO routers attacks

Cybercriminals exploited vulnerabilities in small office/home office (SOHO) routers in February as part of a campaign by the China-linked Volt Typhoon group. The routers were hijacked to create a botnet capable of launching attacks on U.S. critical infrastructure, including communications, energy, and water sectors.

This attack showcased how even smaller, seemingly inconspicuous devices like routers can become part of a larger cyber-attack ecosystem. By exploiting vulnerabilities in these devices, threat actors can build botnets capable of devastating infrastructure attacks. The attack highlighted the importance of securing IoT devices and ensuring that even home office equipment is updated and patched regularly.

Change healthcare ransomware attack

In February, the U.S. healthcare system was rocked by a ransomware attack on Change Healthcare. The attack, claimed by the Russian-speaking BlackCat group, disrupted claims processing for weeks. Hospitals and pharmacies struggled as they were unable to process claims or receive payments. UnitedHealth, the parent company, eventually paid a $22 million ransom.

This attack affected nearly a third of Americans, potentially compromising sensitive medical data. The ripple effect across the healthcare industry exposed vulnerabilities in health IT infrastructure and brought to light the growing threat of ransomware attacks on critical services. Healthcare systems, which often struggle with outdated IT infrastructure, remain a prime target for cybercriminals looking to exploit vulnerabilities in essential services.

ConnectWise ScreenConnect attacks

In February, ConnectWise, a popular remote monitoring and management tool provider, was targeted in widespread attacks. Cybercriminals quickly exploited vulnerabilities in their ScreenConnect tool, leading to ransomware attacks and multifaceted extortion schemes. ConnectWise partners and customers faced a choice: either update immediately or disconnect entirely from their servers.

This breach emphasised how essential remote management tools are to businesses and how vulnerable they can be when not adequately secured. The attack on ConnectWise further illustrated how quickly cybercriminals can exploit vulnerabilities in widely used systems, creating cascading effects across industries reliant on these tools.

XZ Utils compromise

In March, the compromise of XZ Utils, a vital set of data compression tools used across many Linux distributions, shook the open-source community. Malicious code was inserted by a contributor, but the attack was detected by a vigilant Microsoft engineer before it could be widely distributed.

This incident was a textbook example of the dangers of supply chain attacks, where malicious actors insert vulnerabilities into commonly used software before it is distributed. If left undetected, the attack could have compromised countless systems globally, showcasing the importance of careful vetting and oversight in open-source projects.

AT&T Breach

March also saw the exposure of personal data from over 70 million AT&T customers. Hackers posted the data on the dark web, compromising sensitive information such as Social Security numbers. The breach, affecting current and former customers, was a reminder of the ongoing risks within the telecommunications sector, where vast amounts of personal data are stored and remain attractive targets for cybercriminals.

This attack was another in a long list of breaches within the telecom sector, highlighting the constant risk faced by companies that hold vast stores of customer information. It underscored the need for better data encryption and breach response protocols to protect sensitive information.

Ascension ransomware attack

In May, Ascension, one of the largest healthcare systems in the U.S., was forced to divert emergency care after a ransomware attack. The malware, downloaded inadvertently by an employee, affected over 140 hospitals, compromising sensitive patient data in the process. The attack disrupted clinical operations for weeks, further underscoring the vulnerability of the healthcare sector.

Healthcare organizations that hold massive amounts of personal health information (PHI) are especially attractive to cybercriminals. The Ascension attack revealed how even a single malware download can result in widespread operational disruption and the potential exposure of critical patient data.

Snowflake customers targeted

In June, widespread attacks on Snowflake customers resulted in the theft of sensitive data. More than 100 companies were impacted, including Neiman Marcus and Santander Bank. Hackers used stolen passwords to access Snowflake environments, with many accounts lacking MFA.

This breach underscored the importance of proper security configuration, especially in cloud environments. The absence of MFA allowed hackers to easily infiltrate systems, once again demonstrating that even the most sophisticated cloud platforms are vulnerable when basic security measures are neglected. 2024 has proven to be a year of significant cybersecurity challenges, with a series of high-profile attacks impacting industries from healthcare to telecommunications.

As Halloween approaches, these chilling statistics and stories remind us that the world of cybersecurity is more terrifying than ever. Whether state-sponsored espionage or cybercriminals exploiting common vulnerabilities, the need for more robust defences and smarter security practices has never been more urgent.

Kristi Shehu is a Cyber Security Engineer (Application Security) and Cyber Journalist based in Albania. She lives and breathes technology, specializing in crafting content on cyber news and the latest security trends, all through the eyes of a cyber professional. Kristi is passionate about sharing her thoughts and opinions on the exciting world of cyber security, from breakthrough emerging technologies to dynamic startups across the globe.