This year has not been quiet for the cybersecurity field. We have seen record-breaking data breaches, huge ransomware payouts, and illuminating studies about the impact of the increasingly complex and ever-evolving threat landscape.
As we approach the new year, TechRepublic revisits the biggest cybersecurity stories of 2024.
1. Midnight Blizzard’s attack on Microsoft
In January, Microsoft disclosed that it had been a victim of a nation-state-backed attack beginning in November 2023. The Russian threat actor group Midnight Blizzard accessed some Microsoft corporate emails and documents through compromised email accounts. Later, Microsoft revealed they had also accessed some source code repositories and internal systems.
Midnight Blizzard gained access through a successful password spray attack on a legacy test tenant account without multi-factor authorisation. Password spraying is a brute force attack in which threat actors spam or “spray” commonly used passwords against many different accounts in one organisation or application. From there, they could use that account’s permissions to access a small number of Microsoft corporate email accounts—some of those accounts were for senior leadership team members.
Midnight Blizzard was particularly active this year. In October, it launched targeted spear-phishing attacks on over 100 organisations worldwide. Spear-phishing emails contained RDP configuration files, allowing the attackers to connect to and potentially compromise the targeted systems.
2. Record ransomware payouts and active groups
In February, Chainalysis announced that global ransomware payments exceeded $1 billion for the first time in 2023. “Big game hunting,” where groups go after large organisations and demand ransoms of over $1 million, is on the rise, and affected organisations are often tempted to pay.
Furthermore, in October, it was announced that the second quarter of this year saw the highest number of active ransomware groups on record. This suggests that law enforcement takedowns are proving effective against the more established gangs, opening up new opportunities for smaller groups. Indeed, artificial intelligence could be lowering the barrier to entry to stage ransomware attacks, widening the pool of individuals who might do so.
3. LockBit’s clash with law enforcement
The notorious ransomware group LockBit was subject to a law enforcement takedown in February. The U.K. National Crime Agency’s Cyber Division, the FBI, and international partners cut off their website, which had been used as a large ransomware-as-a-service storefront. The LockBit ransomware was the most common type of ransomware deployed globally in 2023.
However, a few days later, the group resumed operations at a different Dark Web address and claimed responsibility for ransomware attacks worldwide. This is despite Britain’s National Crime Agency claiming the ransomware gang was “completely compromised,” according to Reuters.
Whether it remained fully or partially operational, the takedown did have positive ripple effects. NCC Group noted a year-over-year decline in ransomware attacks in both June and July this year, which experts linked to the LockBit disruption.
A report from Cyberint also said that the third quarter of this year saw the lowest number of quarterly attacks from the group in a year and a half. Research from Malwarebytes also found that the proportion of ransomware attacks LockBit claimed responsibility for decreased from 26% to 20% over the past year despite carrying out more individual attacks.
4. World’s largest compilation of passwords leaked
In July, the world’s largest compilation of leaked passwords, containing 9,948,575,739 unique plaintext entries, was posted on a hacking forum. The credentials were discovered in a file named “rockyou2024.txt,” and many of the passwords had already been leaked in previous data breaches.
RockYou is a defunct social application site. In 2009, more than 32 million of its users’ account details were exposed after a hacker accessed the plaintext file where they had been stored. In June 2021, another text file named “rockyou2021.txt ” was posted. This 100GB file contained 8.4 billion passwords, making it the largest-ever password dump at the time.
5. Nearly all AT&T phone numbers exposed
In July, AT&T revealed that data from “nearly all” of customers from May to October 2022 and on Jan. 2, 2023, was exfiltrated to a third-party platform in April this year. Threat actors accessed phone call and text message records but not their context or any personally identifiable information.
AT&T paid 5.7 Bitcoin — about $374,000 — to a threat actor to delete the stolen data, according to Wired. The threat actor was allegedly part of the ShinyHunters group, which broke into the data warehousing platform Snowflake to get the data. One person was apprehended by law enforcement in connection with the cyberattack, and the access point has since been secured, AT&T said.
6. CrowdStrike outage caused global disruption
In July, about 8.5 million Windows devices were disabled worldwide, causing huge disruption to emergency services, airports, law enforcement, and other critical organisations. This was because an error occurred when cloud security firm CrowdStrike issued an update to the Falcon Sensor.
SEE: What is CrowdStrike? Everything You Need to Know
Affected organisations saw the infamous “Blue Screen of Death,” the Windows system crash alert. The incident led to CrowdStrike being presented with the “Epic Fail” award at Black Hat U.S.A. 2024 in August.
SEE: Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds
7. National Public Data breach one of the biggest in history
August saw the 2.7 billion data records, including Social Security numbers, posted on a dark web forum in one of the biggest breaches in history. National Public Data, a background-checking company that owns the data, acknowledged the incident and blamed a “third-party bad actor” who hacked the company in December 2023.
Troy Hunt, security expert and creator of the “Have I Been Pwned” breach checking service, investigated the leaked dataset and found it only contained 134 million unique email addresses and 70 million rows from a database of U.S. criminal records. The email addresses were not associated with the SSNs.
According to a class-action complaint, National Public Data scrapes the personally identifying information of billions of individuals from non-public sources to create their profiles for its background-checking service. It was also thought to have stored this data in a plaintext file on one of its sister sites.
8. CISOs are experiencing burnout
Ample evidence published this year suggests that CISOs and security professionals are experiencing burnout. A study from BlackFog published in October found that nearly a quarter of them are considering leaving their jobs, and 93% of them said it was due to stress or job demands.
Furthermore, 66% of global cybersecurity professionals say their role is more stressful now than it was five years ago, with 81% citing the more complex threat landscape, according to a global professional association ISACA survey. Forty-six percent of those surveyed thought cyber professionals were leaving their roles due to high levels of stress at work, marking a three percentage point increase over the previous year.
SEE: Australian Cybersecurity Professionals Confess To Growing Job Stress
At the same time, research from this year has suggested recruitment issues, which, coupled with the rising number of cyber attacks, are putting pressure on existing security teams. According to the ISC2, 90% of organisations face cyber security skills shortages. The global deficit will reach over 85 million skilled professionals by 2030.
9. Over 31 million Internet Archive user accounts exposed
In October, The Internet Archive, a non-profit digital library best known for its Wayback Machine, experienced a significant data breach and a series of distributed denial-of-service attacks.
According to Bleeping Computer, attackers compromised a 6.4 GB SQL database containing the authentication information of over 31 million of the Archive’s registered members, including email addresses, screen names, password-change timestamps, and bcrypt-hashed passwords. However, 54% of the compromised data had already been exposed in previous breaches.
Around the same time, the site experienced three DDoS attacks, which were claimed by hacktivist group BlackMeta.
10. Largest ever health data breach in the U.S.
The U.S. Office for Civil Rights revealed in October that threat actors breached Change Healthcare’s system in February as part of a ransomware attack, gaining access to the private health information of more than 100 million people. This marked the largest-ever health care data breach reported to U.S. federal regulators.
The group ALPHV, sometimes called BlackCat, claimed responsibility for the breach. In a Senate hearing on the matter in May, the CEO UnitedHealth Group, Change Healthcare’s parent company, said a ransom of $22 million in Bitcoin had been paid to release the stolen data. The attack delayed prescription deliveries and led to a business disruption impact of $705 million.
Read the full article here