URL has been copied successfully!
7 biggest cybersecurity stories of 2024
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

7 biggest cybersecurity stories of 2024

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cybersecurity headlines were plenty this year, with several breaches, attacks, and mishaps drawing worldwide attention.But a few incidents in particular had far-reaching consequences, with the potential to reshape industry protections, shake up how vendors secure customers’ systems, or drive security leaders to reassess their strategies.Longer-term trends such as increased cybersecurity regulations and the impact of AI on the industry also had and will have a significant impact on IT security operations in 2024 and beyond.Here is a look at the cybersecurity stories of the year, along with perspective on how these happenings are reshaping CISOs’ strategies and tactics in defending the enterprise. A ransomware attack on UnitedHealth Groupowned Change Healthcare caused widespread disruption in February.Cybercriminals affiliated to the ALPHV/BlackCat ransomware gang broke into Change Healthcare’s systems using leaked credentials to access a Citrix portal account unprotected by multifactor authentication access controls. They siphoned off sensitive data, names, Social Security numbers, diagnoses, treatment plans, and financial data, later estimated to affect up to 112 million people, before deploying ransomware.The US Department of Health and Human Services (HHS) is investigating whether a breach of protected health information occurred in assessing whether either UHG or Change Healthcare violated strict healthcare sector privacy regulations.Change Healthcare, which operates the US’s biggest clearinghouse for medical insurance claims, took its systems offline in response to the attack, which paralyzed large parts of the US healthcare system for weeks. Thousands of pharmacies and healthcare providers experienced disruption because electronic payments and medical claims could not be processed.Patients were forced to pay for many of their medications out of pocket instead of relying on copays or coupons. The breach threatened many medical providers with insolvency.  UnitedHealth Group offered $2 billion in assistance to healthcare providers affected by the attack.The combined costs of accelerated payments and no-interest, no-fee loans to thousands of affected providers, as well as incident response efforts and a complete rebuild of Change Healthcare’s systems alongside revenue losses mean the total cost of the breach is expected to exceed $1 billion.It later emerged that Change Healthcare paid the equivalent of $22 million in Bitcoin to a cryptocurrency wallet associated with ALPHV in the wake of the attack. That didn’t stop the RansomHub group from attempting to extort UnitedHealth over the release of sensitive information stolen during the breach.The attack provoked calls to mandate baseline security standards for healthcare providers during Congressional hearings in April. Questions were also raised about how consolidation is making the healthcare sector more vulnerable to cyberattacks.Overall, the incident brought worldwide attention to the increasing cyber assault on the healthcare industry, with ransomware viewed as the sector’s central threat. CISOs in healthcare and other industries have been left with several critical lessons in the wake of the fiasco.

CrowdStrike meltdown

A faulty configuration update to CrowdStrike’s Falcon Sensor security software caused system crashes to Windows systems running the software in July. The content update to Channel File 291 caused an out-of-bounds memory read in the Windows sensor client, crashing affected Windows PCs and servers and sent them into a bootloop.An estimated 8.5 million Microsoft Windows systems were affected.Even though the faulty update was quickly withdrawn, the resulting outage affected organizations worldwide across multiple sectors, including airlines, banks, broadcasters, and hospitals.In the wake of the outage, CrowdStrike strengthened its pre-release testing processes and improved quality control. The incident highlighted the critical importance of robust testing and failsafe mechanisms for security software.In response to the outage, Microsoft began a process of evaluating whether security vendors needed kernel-level access to work effectively. By running in the kernel security software packages gain greater visability and the opportunity to thwart low-level malware but the approach means that if there’s a problem the whole systems will crash into the infamous blue screen of death.In addition to bringing worldwide attention to kernel-level and software testing issues, the incident highlighted for CISOs and CIOs IT’s overdependence on administrative software, the need to reassess cloud concentration risk, and the importance of having a robust business continuity plan, among other key strategic issues.

Widespread Snowflake breaches linked to MFA shortcomings

Account hacks involving cloud-based data warehousing firm Snowflake led to multiple high-profile data breaches, affecting organizations, including AT&T, Ticketmaster, Neiman Marcus Group, and Advance Auto Parts.Cybercrime group UNC5537 systematically compromised Snowflake customer instances using stolen customer credentials before exfiltrating sensitive data. This compromised data was used in attempts to extort money from many of its victims or offered for sale through cybercrime forums, according to an investigation by Mandiant, the threat intel division of Google.In a regulatory filling, AT&T admitted in July that cybercriminals had stolen the phone and text message metadata of 110 million people. The compromised information included records of calls or texts but not the contents of any text messages or customer’s personally identifiable information. The US telco reportedly paid criminals $377,000 to throw away these stolen phone records.The issue was first uncovered in April after Mandiant tracked a data breach back to a Snowflake instance compromised using credentials previously stolen through infostealer malware. Subsequent work revealed this pattern repeated in multiple cases, many of which could be traced back to historic malware infections dating back to 2020.Mandiant and Google notified 165 potentially affected organizations. Compromised credentials of Snowflake customer accounts in instances where multifactor authentication was not enabled rather than any breach of Snowflake’s environment was blamed for the hacking spree.In response, Snowflake offered customers detection and hardening guidance.Two suspects, Connor Riley Moucka from Kitchener, Ontario, and John Binns, an American man based in Turkey, were indicted by US prosecutors in October over their alleged involvement in the Snowflake data breaches.The widespread attacks underscored why cloud security has become a top CISO priority and highlighted that, in today’s enterprise, MFA use is significantly behind where it should be, with new MFA mandates from vendors such as Microsoft and AWS now in the offing.

LockBit takedown fails to curtail ransomware threats

In other cybercrime-related news, the LockBit ransomware gang was disrupted in a major international police operation in February. Servers and web domains linked to the gang were seized, rogue account were closed, and suspects arrested in Poland and Ukraine as part of Operation Cronos.Despite the takedown, attacks with LockBit ransomware or variants thereof were later reported, and reports that elements of the group intended to revive their operations began to surface as well. As before, these scams typically involve attempts to extort victims over the threatened release of stolen data alongside demanding payments for decryption keys.LockBit, a major ransomware-as-a-service operation, made an estimated $90 million from attacking US victims alone between January 2020 and June 2023.Once again, despite significant activity from policing authorities, ransomware continues to get faster, smarter, and meaner, with new groups continuing to emerge in the wake of takedowns and enterprises left to add new chapters to their ransomware negotiation playbooks and debate whether to pay the extortion price.

Deepfakes become a bigger threat

The year saw accelerating use of artificial intelligence for both beneficial and malicious purposes.Attackers can use AI to scale and refine their techniques, making ransomware and phishing attacks more effective. For example, AI technologies can be abused to generate fake audio and video, so-called deepfakes.London-based multinational design and engineering company Arup fell victim to a deepfake scam that cost it HK$200 million ($25.6 million). A finance worker at its Hong Kong office was tricked into authorizing the transaction after attending a videoconference call during which fraudsters used deepfake technology to impersonate its UK-based chief financial officer.Deepfakes are also starting to feature as an element in North Korean fake IT worker scams. North Korean operatives posing as legitimate IT professionals in attempts to gain employment at Western firms. If hired, these “remote workers” exploit their insider access to steal sensitive or proprietary information while collecting a salary that is funnelled back to the North Korean regime.More than 300 businesses are believed to have fallen victim to the fake worker IT scam that is estimated to have generated millions in revenue for the North Korean government, allowing it to evade international sanction while funding its weapons programs.

NPD breach fallout

A breach of US background checking firm National Public Data exposed the data of hundreds of millions of people in exposing 2.9 billion records. The hack took place in December 2023 but only became general knowledge after a 4TB dump of stolen data onto a cybercrime forum July 2024.The breach exposed the Social Security numbers, names, mailing addresses, emails, and phone numbers of an estimated 170 million people, in the US, UK, and Canada.In October 2024, National Public Data, which faced several lawsuits in the wake of the breach, filed for bankruptcy.

Regulatory pressures on the rise

The Salt Typhoon cyber-espionage attacks on telecom providers, blamed on China, prompted plans to oblige telecom carriers to tighten up their security.Tougher cybersecurity regulations were also on the menu in Europe with the expansion of the EU’s Network and Information Security directive. NIS2 covers more industries and sectors, introducing stronger cybersecurity risk management measures and incident reporting.Revised breach disclosure rules from the US Securities and Exchange Commission (SEC) have placed increased responsibility on the CISOs, particularly those in publicly traded firms. Security leaders are exposed to personal liability for either cybersecurity failures or misleading disclosures.Increasing regulatory complexity and personal liability are just a few of the factors creating a challenging balancing act for CISOs, and contributing to rising CISO job dissatisfaction and thoughts of defection, as they reflect on their key takeaways from 2024 with an eye toward the new year.

First seen on csoonline.com

Jump to article: www.csoonline.com/article/3629818/7-biggest-cybersecurity-stories-of-2024.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: Study Raises Open Source Security Red Flags, as Cyber Agencies Offer Prevention Tips Against Telecom Spying Attacks
  2. 8 biggest cybersecurity threats manufacturers face
  3. Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
  4. Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight