In 2024, hackers had a field day finding sneaky ways into systems, from convincing phishing scams that played on human curiosity to brutal software flaws that exposed gaps in tech upkeep. It was a year of clever breaches, showing just how wide the gap is between user habits and security practices.”While every year brings new types of attacks, it’s important to realize that hackers are always going to look for the easiest ways to get in, and that means areas where security teams lack the visibility or control, they need to mitigate risks,” said Melinda Marks, senior analyst at Enterprise Strategy Group.Let’s deep dive into the top ways attackers slipped past defenses this year. The year 2024 saw some of the most devastating zero-day and N-day exploits in recent memory, with a few of them even picked up by high-profile attackers to breach critical systems and launch nation-state level persistence.Quoting a ransomware study for the year, Dave Gruber, principal analyst at Enterprise Strategy Group said, “From our research, software and configuration vulnerabilities were a big initial point of compromise. For smaller organizations, initial points of compromise were more likely to be through a business partner vs. larger organizations where initial compromise was more likely related to a software vulnerability.”While patching efforts kept security teams busy, a few of these exploits stood out as particularly disruptive.1. Fortinet flaw Zero-day’ed by nation state actors: In October 2024, Fortinet warned about a critical (CVSS 9.8/10) RCE vulnerability, tracked as CVE-2024-47575, in its FortiManager platform, actively exploited by attackers to exfiltrate sensitive data like IP addresses, credentials, and configurations. No malware or backdoors were found. This flaw, exploited in the wild, has been linked to nation-state actors, such as China-backed Volt Typhoon, who have used similar Fortinet vulnerabilities for cyber espionage.2. Check Point bug enabled Iranian hacks: In August, CISA issued a warning about a critical flaw (CVE-2024-24919) in CheckPoint’s security gateway software. The vulnerability, which had a high CVSS score (8.6/10), allowed attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker groups, to exploit information disclosure weaknesses in the company’s security solutions. Active exploitation in the wild was reported, with attackers leveraging the flaw to access sensitive data from systems using VPN and mobile access blades. 3. Ivanti Connect flaws found Chinese abuse: In December 2023, researchers uncovered two chained zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, in Ivanti’s Connect Secure and Policy Secure gateways, exploited by Chinese state-sponsored actors. These flaws allowed unauthenticated remote code execution, enabling attackers to steal configurations, alter files, and set up reverse tunnels from compromised VPN appliances. Targeting critical sectors like healthcare and manufacturing, the attackers leveraged advanced lateral movement and persistence techniques to access intellectual property and sensitive data. The campaign highlighted the risks of unpatched enterprise software, with Ivanti scrambling to release mitigations while working on patches.4. Cleo’s crown fell to persistent hackers: In December, a flaw in Cleo’s LexiCom, VLTrader, and Harmony systems allowed hackers to exploit an incomplete patch, affecting over 10 businesses. Attackers used the vulnerability to upload and run malicious code, exposing sensitive data. Huntress detected the breach and advised disconnecting systems until a complete fix was released. 5. MOVEit impact bled well into 2024: The MOVEit vulnerability (CVE-2023-35708), exploited by the Clop ransomware group, caused widespread data breaches starting in 2023, with significant effects persisting into 2024. This SQL injection flaw in Progress Software’s MOVEit Transfer enabled attackers to exfiltrate sensitive data from over 2,600 organizations worldwide, targeting industries like government, healthcare, and education. Clop shifted tactics by foregoing ransomware and relying on data theft and public exposure to pressure victims. The attack underscored the critical need for timely patching and robust data security in the face of evolving cybercriminal methods.In 2024, both patched and unpatched vulnerabilities caused widespread issues, highlighting how software flaws remain a key entry point for hackers. However, a bit of good news came from a report suggesting that improved patching practices helped tip the scales, with zero-day exploits outnumbering and surpassing N-day attacks in impact and severity during the year.
Phishing hooks grew tighter
Phishing remained a top hook in 2024, with miscreants using AI to whip up super-convincing scams that even top-notch detection tools couldn’t always catch. This year’s phishing hall of shame had a few significant campaigns.6. Microsoft users duped by Russian phishers: One of the most impersonated brands, thanks to its dominance in corporate environments, Microsoft became a prime target in major phishing campaigns like the one spearheaded by Russia’s Midnight Blizzard. The APT group targeted over 100 organizations, using fake emails to lure victims into downloading malicious RDP files. These files granted attackers access to sensitive corporate data, highlighting the increasing sophistication of phishing tactics and the pressing need for defenses like MFA and better endpoint security.7. New phish enters the fray: In November, a clever phishing campaign was seen exploiting DocuSign’s Envelopes API to send fake invoices that appeared legitimate, tricking recipients into approving unauthorized payments. Attackers used paid DocuSign accounts to bypass security filters, crafting documents mimicking brands like PayPal and Norton. Victims unknowingly signed off transactions, leading to major financial losses and highlighting the need for stronger verification and multi-factor authentication to counter such creative exploits.8. Alibaba and Adobe users tricked into coughing up credentials: Other significant campaigns in 2024 targeted two phishing debutants, Alibaba and Adobe, employing somewhat similar tactics. The Alibaba scam tricked businesses with fake emails about order disputes to steal credentials, while Adobe users faced phishing emails mimicking document-sharing requests, leading to credential theft. In 2024, phishing ended up driving a whopping 36% of all breaches worldwide, proving yet again why it’s the classic go-to move for hackers looking to stir up chaos.
Supply chains went off the rails
The year saw several large supply chain attacks that caused significant and lasting damage, some of which will likely be felt into 2025. Hackers got more inventive, targeting trusted platforms and third-party suppliers, disrupting industries globally. Here’s a quick look at two of the most impactful hacks of the year, which have created ongoing cybersecurity challenges.9. Vetted bots hit Discord users: In March, the Top.gg bot community with over 170,000 Discord members was hit by a supply chain attack when Colorama, a third-party bot verification tool, was compromised. Attackers injected malicious code into the tool’s update, gaining access to bot permissions. This allowed them to scrape user data, hijack tokens, and spread phishing links across verified bots, causing rapid disruptions and eroding trust within the community.10. Massive PyPi hack uncurled: In November, attackers were found targeting PyPI, the popular Python package repository, using typosquatting and dependency confusion tricks. They uploaded malicious packages disguised as trusted libraries, fooling developers into downloading them. Once installed, these packages unleashed keyloggers, backdoors, and tools for stealing data, putting thousands of developers and their projects at risk. The breach spread quickly, affecting both enterprise and open-source applications. In addition to these attacks, the year also saw continued fallout from the SolarWinds and MOVEit supply chain breaches, with both incidents affecting over hundreds of organizations.”Attackers are looking into areas that are scaling, such as APIs, and the software supply chain with the increase in usage of third-party and open-source code with potential for tampering,” Marks said. “These are not easy for security teams to manage without the right tools and processes in place to help them work efficiently.”
2024 Cyber “Oops” that let hackers in
In 2024, insider risks and app misconfigurations opened the door for some serious cyber mayhem. Whether it was leaked employee data or cloud setups gone wrong, these gaps gave hackers an easy entry. Here’s a rundown of the biggest letdowns from the year.11. Fake jobs, real data heists: Fourteen North Korean operatives posed as IT workers, using stolen identities and fake setups to land remote jobs. Over six years, they pulled in $88 million, stealing sensitive data and extorting employers. In another twist, fake North Korean freelancers helped bypass sanctions and leaked business info, proving how insider risks can be a goldmine for the DPRK regime. 12. Customers’ AWS blunder for data spill: In December, misconfigured AWS instances left sensitive data like customer credentials and proprietary code exposed. Hackers targeted millions of public-facing sites, exfiltrating data from thousands of misconfigured setups. The breach underscored the critical need for robust cloud configuration practices. Aside from the main entry points above, the year also saw hackers target compromised human and machine credentials for secondary infections, leading to breaches like the New York Times source code hack and the Internet Archive incident.”Non-human identities are a rapidly growing piece of the attack surface that got more attention in 2024,” said Todd Thiemann, senior analyst, at Enterprise Strategy Group. “Our research in this area showed that even as organizations said they lack visibility into their non-human identities, 72% either know or suspect that they have had non-human accounts or credentials compromised.”While 2023 saw Okta and Cloudflare encounter high-profile incidents, 2024 saw incidents relating to non-human identity compromises like the Internet Archive and the Sisense customer data breach, he added.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3629418/top-12-ways-hackers-broke-into-your-systems-in-2024.html
