The cybersecurity realm in the current year has been anything but placid. It has witnessed unparalleled data breaches, substantial ransomware settlements, and insightful research shedding light on the effects of the constantly evolving and intricate threat environment.
As we draw closer to the upcoming year, let’s recap the most significant cybersecurity events of 2024 as covered by TechRepublic.
1. Midnight Blizzard’s Strike on Microsoft
In the opening month, Microsoft made public that it was targeted in a cyberattack backed by a nation-state group named Midnight Blizzard, which commenced in November 2023. This Russian threat actor squad managed to infiltrate certain Microsoft corporate communications and documentation by compromising email accounts. Further revelations by Microsoft indicated unauthorized access to source code repositories and internal platforms.
The breach by Midnight Blizzard was facilitated through a successful password spray strategy on an outdated test tenant account lacking multi-factor authentication. Password spraying involves bombarding multiple accounts within a single entity or application with frequently used passwords. This initial access allowed intrusion into a limited set of Microsoft corporate email accounts, including those belonging to senior leaders.
Throughout the year, Midnight Blizzard exhibited increased activity. By October, they initiated focused spear-phishing campaigns on over 100 entities globally. These emails contained RDP configuration files, enabling attackers to establish connections and potentially compromise targeted systems.
2. Unprecedented Ransomware Payments and Proliferation of Threat Groups
In February, Chainalysis reported that global ransom payments surpassed $1 billion for the first time in 2023. The trend of “big game hunting,” where groups go after large entities demanding ransoms exceeding $1 million, is on the upswing, tempting many impacted organizations to comply.
Moreover, revelations in October indicated a surge in the number of active ransomware groups during the second quarter of the year, marking the highest count on record. This trend suggests that law enforcement crackdowns have been effective against well-established syndicates, creating opportunities for smaller groups to emerge. Notably, artificial intelligence might be lowering barriers for conducting ransomware attacks, broadening the spectrum of potential perpetrators.
3. LockBit’s Confrontation with Law Enforcement
LockBit, a notorious ransomware faction, encountered a law enforcement crackdown in February. The Cyber Division of the U.K. National Crime Agency, in collaboration with the FBI and international allies, disabled their online platform, which served as a prominent ransomware-as-a-service portal. In 2023, LockBit ransomware emerged as the most prevalent ransomware strain globally.
Despite the takedown, the group restarted operations from a different Dark Web location shortly after and took credit for ransomware assaults on a global scale. This move occurred despite assertions by the British National Crime Agency that the ransomware outfit had been “fully compromised,” according to reports by Reuters.
While the extent of their operational capacity post-takedown remains uncertain, the enforcement action triggered positive repercussions. NCC Group reported a decrease in ransomware incidents year-over-year in both June and July, with analysts attributing this decline to the disruption caused by LockBit’s operational halt.
According to Cyberint’s findings, the third quarter of the year witnessed the least quarterly attacks by the group in the past 18 months. Research by Malwarebytes further revealed a reduction in the percentage of ransomware attacks LockBit took credit for, declining from 26% to 20% over the preceding year despite an increase in individual attacks.
4. Massive Password Leak in History
July witnessed the disclosure of the most extensive collection of compromised passwords to date, encompassing 9,948,575,739 distinct plaintext entries, shared on a hacking forum. These credentials were part of a file named “rockyou2024.txt,” with many passwords having been previously exposed in other data breaches.
Notably, RockYou, a defunct social application platform, experienced a major security incident in 2009 when the account details of over 32 million users were compromised after a hacker gained access to the unencrypted file storing this information. In June 2021, another file named “rockyou2021.txt” was circulated, containing 8.4 billion passwords, marking the largest password dump at that time.
5. Exposure of Vast Number of AT&T Phone Numbers
During July, AT&T disclosed that data belonging to virtually all customers from May to October 2022, as well as January 2, 2023, was illicitly transferred to an external platform in April of the ongoing year. Threat actors managed to access records of phone calls and text messages while not retrieving their content or any identifiable personal data.
AT&T reportedly remunerated 5.7 Bitcoin—equivalent to about $374,000—to a threat actor to erase the exfiltrated information, as reported by Wired. The individual allegedly belonged to the ShinyHunters group, a faction that breached the data warehousing platform.Snowflake in order to procure the data. A single individual was detained by the authorities in relation to the cyberattack, and the point of entry has subsequently been secured, as stated by AT&T.
6. CrowdStrike outage causing global disruption
During July, approximately 8.5 million Windows devices were rendered inoperative around the world, resulting in substantial disruption to emergency services, airports, law enforcement, and other critical institutions. This disruption occurred due to an error that arose when the cloud security company CrowdStrike issued an update to the Falcon Sensor.
SEE: Comprehensive Guide to CrowdStrike
The affected organizations encountered the well-known “Blue Screen of Death,” which signaled a crash in the Windows system. Following the incident, CrowdStrike was bestowed with the “Epic Fail” accolade at Black Hat U.S.A. 2024 in August.
SEE: Insights on Ransomware Attacks When Security Personnel Are Inactive, Research Reveals
7. National Public Data breach ranks amongst the largest ever
August witnessed the exposure of 2.7 billion data records, including Social Security numbers, on a dark web forum in what is classified as one of the most massive breaches in history. National Public Data, a firm specializing in background checks and ownership of the data, acknowledged the occurrence and attributed it to a “third-party malicious actor” who breached the company in December 2023.
Troy Hunt, a security specialist and creator of the “Have I Been Pwned” breach monitoring service, scrutinized the leaked dataset and discovered that it contained only 134 million unique email addresses and 70 million rows from a U.S. criminal records database. The email addresses were not linked with the SSNs.
According to a class-action lawsuit, National Public Data mines the personally identifiable information of billions of individuals from non-public sources to generate profiles for their background-checking service. It was also believed that this data was stored in a plain text file on one of their affiliated websites.
8. Chief Information Security Officers facing burnout
The abundance of evidence revealed this year indicates that Chief Information Security Officers (CISOs) and security experts are grappling with burnout. A report by BlackFog released in October indicated that nearly a quarter of them are contemplating leaving their positions, with 93% citing stress or job requirements as the primary reasons.
In addition, 66% of global cybersecurity professionals assert that their roles are more taxing now than they were five years ago, with 81% attributing it to the increasingly complex threat landscape, according to a survey conducted by global professional association ISACA. Forty-six percent of those surveyed believe that cybersecurity professionals are exiting their roles due to excessive work stress, representing a three-percentage point increase from the prior year.
SEE: Revelations on Growing Job Stress Among Australian Cybersecurity Professionals
Moreover, research from this year suggests challenges in recruitment, which, along with the escalating number of cyber attacks, are straining existing security teams. According to ISC2, 90% of organizations confront shortages in cybersecurity skills. The global shortage is projected to surpass 85 million skilled professionals by 2030.
9. Revelation of Over 31 million Internet Archive user accounts
In October, The Internet Archive, a non-profit digital library renowned for its Wayback Machine, encountered a significant breach of data accompanied by a series of distributed denial-of-service assaults.
As per Bleeping Computer, malefactors breached a 6.4 GB SQL database containing the authentication information of over 31 million registered members of the Archive, encompassing email addresses, screen names, password-change timestamps, and bcrypt-hashed passwords. However, 54% of the compromised data had previously been divulged in previous breaches.
Concurrently, the site was targeted by three DDoS attacks, purportedly orchestrated by the hacktivist group BlackMeta.
10. Largest-ever health data breach in the U.S.
The U.S. Office for Civil Rights disclosed in October that malevolent entities penetrated Change Healthcare’s system in February through a ransomware attack, acquiring access to the private health data of over 100 million individuals. This incident marked the most substantial health data breach ever reported to U.S. federal regulators.
The group known as ALPHV, also referred to as BlackCat, claimed responsibility for the breach. During a Senate hearing held in May, the CEO of UnitedHealth Group, the parent company of Change Healthcare, disclosed a ransom payout of $22 million in Bitcoin to unlock the stolen data. The attack caused delays in prescription deliveries and resulted in a business disruption loss of $705 million.
About Author
