The biggest cybersecurity and cyberattack stories of 2024 - BleepingComputer

Biggest Cybersecurity Stories of 2024

1. Internet Archive Hacked

In October 2024, the Internet Archive suffered a significant data breach and DDoS attack. The breach exposed user data for 33 million users, while the DDoS attack was conducted by an alleged pro-Palestinian group named SN_BlackMeta1. The threat actors exploited an exposed GitLab configuration file containing an authentication token, which allowed them to download the Internet Archive's source code and access additional credentials and authentication tokens. This led to the theft of user data and modification of the site. The US Department of Justice unsealed an indictment against two individuals accused of being behind the attacks, who allegedly extorted $2.5 million1.

2. UnitedHealth Change Healthcare Ransomware Attack

In February 2024, UnitedHealth subsidiary Change Healthcare experienced a massive ransomware attack linked to the BlackCat ransomware gang (ALPHV). The attack disrupted the US healthcare industry by preventing doctors and pharmacies from filing claims and accepting discount prescription cards, causing patients to pay full price for medications. The threat actors stole 6 TB of data and encrypted computers on the network, prompting UnitedHealth Group to pay a ransom demand of $22 million to receive a decryptor and have the stolen data deleted1.

3. LockBit Disrupted

On February 19, 2024, authorities took down LockBit's infrastructure as part of Operation Cronos, a global law enforcement operation. This included 34 servers hosting the data leak website, stolen data, cryptocurrency addresses, decryption keys, and the affiliate panel. Despite this disruption, LockBit relaunched with new infrastructure and threatened to focus more on government sector attacks. However, its affiliates moved to other ransomware operations, and law enforcement continued to target LockBit members, charging seven individuals including its primary operator, Dmitry Yuryevich Khoroshev1.

4. Telecom Attacks by Salt Typhoon

A Chinese state-sponsored hacking group known as "Salt Typhoon" was linked to a series of cyberattacks targeting telecommunications firms globally. These breaches compromised at least nine major telecom providers, including AT&T, Verizon, and T-Mobile. The group focused on infiltrating telecom infrastructure to steal text messages, phone call information, and voicemails from targeted individuals. These attacks raised serious national security concerns and prompted US lawmakers to propose legislation addressing vulnerabilities in telecom infrastructure2.

Major Cyberattacks Analysis 2024

1. Rising Costs of Data Breaches

The year 2024 saw a significant increase in the costs of data breaches, with the average global cost rising by 10% to $4.88 million. This surge reflects the growing sophistication of cyberattacks, amplified by the use of artificial intelligence. Incidents like the CrowdStrike Falcon Update Outage and the Change Healthcare Ransomware attack highlighted the financial devastation that poorly managed cybersecurity can unleash4.

2. Notable Cyberattacks

Several notable cyberattacks in 2024 underscored the fragility of digital infrastructure and prompted urgent reevaluation of security strategies. The "world's biggest IT outage" drew attention to vulnerabilities inherent in robust IT infrastructures, causing massive disruptions and financial losses. The automotive industry also experienced significant setbacks due to a ransomware attack that halted auto sales, demonstrating how cyber threats can paralyze critical sectors4.

Cybersecurity Trends 2024

1. Advancements in AI and ML

Cybersecurity improved significantly in 2024 due to advancements in AI and ML technologies, enabling real-time threat identification and mitigation. Global collaboration reduced large-scale cyberattacks, and public awareness about cybersecurity increased. New laws and regulations were enacted to protect critical infrastructure, and quantum cryptography is expected to revolutionize data security in the future2.

2. Ransomware Ecosystem Evolution

The ransomware ecosystem continued to evolve in 2024, with a dominant trend being the growth of ransomware-as-a-service (RaaS). Cross-collaboration among threat actors will likely continue, amplifying the scale, sophistication, and impact of cyberattacks. The use of legitimate tooling for illegitimate tasks, such as known cloud services used as nodes in attacks, will be a key theme for network defenders in 20255.

3. Non-Technical Attack Techniques

Less technical attacks targeting high-value individuals via social engineering will continue to dominate. Cybercriminals are advancing their technical prowess, especially nation-state actors, but non-technical attacks remain a significant threat5.

Conclusion

2024 was marked by significant cybersecurity incidents, including major data breaches, ransomware attacks, and sophisticated cyberattacks. The year saw advancements in AI and ML technologies improving cybersecurity but also witnessed the evolution of ransomware ecosystems and the continued threat of non-technical attacks. These trends highlight the need for robust cybersecurity protocols, continuous adaptation to the evolving threat landscape, and increased investment in AI-based defensive measures to counteract sophisticated cyber threats.