This yr has not been quiet for the cybersecurity discipline. Now we have seen record-breaking information breaches, big ransomware payouts, and illuminating research concerning the impression of the more and more advanced and ever-evolving risk panorama.
As we method the brand new yr, TechRepublic revisits the most important cybersecurity tales of 2024.
1. Midnight Blizzard’s assault on Microsoft
In January, Microsoft disclosed that it had been a sufferer of a nation-state-backed attack starting in November 2023. The Russian risk actor group Midnight Blizzard accessed some Microsoft company emails and paperwork by way of compromised electronic mail accounts. Later, Microsoft revealed they’d additionally accessed some source code repositories and internal systems.
Midnight Blizzard gained entry by way of a profitable password spray assault on a legacy check tenant account with out multi-factor authorisation. Password spraying is a brute power assault wherein risk actors spam or “spray” generally used passwords in opposition to many alternative accounts in a single organisation or utility. From there, they might use that account’s permissions to entry a small variety of Microsoft company electronic mail accounts—a few of these accounts have been for senior management group members.
Midnight Blizzard was notably lively this yr. In October, it launched focused spear-phishing assaults on over 100 organisations worldwide. Spear-phishing emails contained RDP configuration information, permitting the attackers to connect with and doubtlessly compromise the focused programs.
2. Document ransomware payouts and lively teams
In February, Chainalysis introduced that international ransomware funds exceeded $1 billion for the primary time in 2023. “Massive recreation searching,” the place teams go after massive organisations and demand ransoms of over $1 million, is on the rise, and affected organisations are sometimes tempted to pay.
Moreover, in October, it was introduced that the second quarter of this yr noticed the very best variety of lively ransomware teams on file. This means that regulation enforcement takedowns are proving efficient in opposition to the extra established gangs, opening up new alternatives for smaller teams. Certainly, synthetic intelligence could possibly be reducing the barrier to entry to stage ransomware assaults, widening the pool of people who would possibly accomplish that.
3. LockBit’s conflict with regulation enforcement
The infamous ransomware group LockBit was topic to a regulation enforcement takedown in February. The U.Okay. Nationwide Crime Company’s Cyber Division, the FBI, and worldwide companions cut off their website, which had been used as a big ransomware-as-a-service storefront. The LockBit ransomware was the most typical sort of ransomware deployed globally in 2023.
Nonetheless, just a few days later, the group resumed operations at a unique Darkish Net tackle and claimed accountability for ransomware assaults worldwide. That is regardless of Britain’s Nationwide Crime Company claiming the ransomware gang was “completely compromised,” in accordance with Reuters.
Whether or not it remained totally or partially operational, the takedown did have optimistic ripple results. NCC Group famous a year-over-year decline in ransomware attacks in each June and July this yr, which experts linked to the LockBit disruption.
A report from Cyberint additionally mentioned that the third quarter of this yr noticed the bottom variety of quarterly assaults from the group in a yr and a half. Analysis from Malwarebytes additionally discovered that the proportion of ransomware assaults LockBit claimed accountability for decreased from 26% to twenty% over the previous yr regardless of finishing up extra particular person assaults.
4. World’s largest compilation of passwords leaked
In July, the world’s largest compilation of leaked passwords, containing 9,948,575,739 distinctive plaintext entries, was posted on a hacking discussion board. The credentials have been found in a file named “rockyou2024.txt,” and most of the passwords had already been leaked in earlier information breaches.
RockYou is a defunct social utility web site. In 2009, greater than 32 million of its customers’ account particulars have been uncovered after a hacker accessed the plaintext file the place they’d been saved. In June 2021, one other textual content file named “rockyou2021.txt ” was posted. This 100GB file contained 8.4 billion passwords, making it the largest-ever password dump on the time.
5. Almost all AT&T telephone numbers uncovered
In July, AT&T revealed that information from “practically all” of shoppers from Could to October 2022 and on Jan. 2, 2023, was exfiltrated to a third-party platform in April this yr. Risk actors accessed telephone name and textual content message data however not their context or any personally identifiable info.
AT&T paid 5.7 Bitcoin — about $374,000 — to a risk actor to delete the stolen information, in accordance with Wired. The risk actor was allegedly a part of the ShinyHunters group, which broke into the info warehousing platform Snowflake to get the info. One individual was apprehended by regulation enforcement in reference to the cyberattack, and the entry level has since been secured, AT&T said.
6. CrowdStrike outage prompted international disruption
In July, about 8.5 million Home windows gadgets have been disabled worldwide, inflicting big disruption to emergency providers, airports, regulation enforcement, and different crucial organisations. This was as a result of an error occurred when cloud safety agency CrowdStrike issued an replace to the Falcon Sensor.
SEE: What’s CrowdStrike? Every part You Have to Know
Affected organisations noticed the notorious “Blue Display of Loss of life,” the Home windows system crash alert. The incident led to CrowdStrike being offered with the “Epic Fail” award at Black Hat U.S.A. 2024 in August.
SEE: Most Ransomware Assaults Happen When Safety Workers Are Asleep, Examine Finds
7. Nationwide Public Knowledge breach one of many largest in historical past
August noticed the two.7 billion information data, together with Social Safety numbers, posted on a darkish net discussion board in one of many largest breaches in historical past. Nationwide Public Knowledge, a background-checking firm that owns the info, acknowledged the incident and blamed a “third-party unhealthy actor” who hacked the corporate in December 2023.
Troy Hunt, safety skilled and creator of the “Have I Been Pwned” breach checking service, investigated the leaked dataset and located it solely contained 134 million unique email addresses and 70 million rows from a database of U.S. prison data. The e-mail addresses weren’t related to the SSNs.
Based on a class-action criticism, Nationwide Public Knowledge scrapes the personally figuring out info of billions of people from private sources to create their profiles for its background-checking service. It was additionally thought to have saved this information in a plaintext file on considered one of its sister websites.
8. CISOs are experiencing burnout
Ample proof revealed this yr means that CISOs and safety professionals are experiencing burnout. A examine from BlackFog revealed in October discovered that nearly a quarter of them are considering leaving their jobs, and 93% of them mentioned it was as a consequence of stress or job calls for.
Moreover, 66% of global cybersecurity professionals say their role is more stressful now than it was 5 years in the past, with 81% citing the extra advanced risk panorama, in accordance with a worldwide skilled affiliation ISACA survey. Forty-six p.c of these surveyed thought cyber professionals have been leaving their roles as a consequence of excessive ranges of stress at work, marking a 3 share level improve over the earlier yr.
SEE: Australian Cybersecurity Professionals Confess To Rising Job Stress
On the similar time, analysis from this yr has prompt recruitment points, which, coupled with the rising variety of cyber assaults, are placing stress on present safety groups. Based on the ISC2, 90% of organisations face cyber safety abilities shortages. The worldwide deficit will attain over 85 million skilled professionals by 2030.
9. Over 31 million Web Archive person accounts uncovered
In October, The Web Archive, a non-profit digital library finest recognized for its Wayback Machine, skilled a big information breach and a collection of distributed denial-of-service assaults.
Based on Bleeping Laptop, attackers compromised a 6.4 GB SQL database containing the authentication info of over 31 million of the Archive’s registered members, together with electronic mail addresses, display screen names, password-change timestamps, and bcrypt-hashed passwords. Nonetheless, 54% of the compromised information had already been exposed in previous breaches.
Across the similar time, the positioning skilled three DDoS assaults, which have been claimed by hacktivist group BlackMeta.
10. Largest ever well being information breach within the U.S.
The U.S. Workplace for Civil Rights revealed in October that risk actors breached Change Healthcare’s system in February as a part of a ransomware assault, getting access to the personal well being info of greater than 100 million individuals. This marked the largest-ever well being care information breach reported to U.S. federal regulators.
The group ALPHV, generally known as BlackCat, claimed accountability for the breach. In a Senate hearing on the matter in May, the CEO UnitedHealth Group, Change Healthcare’s father or mother firm, mentioned a ransom of $22 million in Bitcoin had been paid to launch the stolen information. The assault delayed prescription deliveries and led to a business disruption impact of $705 million.