The year 2024 was pivotal in cybersecurity, marked by numerous cyberattacks, data breaches, the emergence of new hacker groups, and the discovery of various zero-day vulnerabilities. Among the many incidents, several stand out as particularly significant.
Hackers Target Internet Archive: Data of 33 Million Users Stolen
On October 9, 2024, the Internet Archive, the world’s largest online library, fell victim to two simultaneous attacks. The first resulted in a data breach affecting 33 million users, enabled by an exposed GitLab configuration file containing an authentication token. Attackers gained access to the site’s source code, additional credentials, and the user database. The second attack, a DDoS operation, was reportedly carried out by the pro-Palestinian group SN_BlackMeta. The dual attacks caused significant harm to the organization.
Faulty CrowdStrike Falcon Update Cripples Millions of Windows Devices
On July 19, a flawed update to the CrowdStrike Falcon security software caused crashes on 8.5 million Windows devices globally. An erroneous driver led to system restarts and rendered devices inaccessible without Safe Mode. This incident disrupted operations for financial institutions, hospitals, and airlines. Exploiting the chaos, cybercriminals distributed fake recovery tools laden with malware. Although Microsoft provided a fix, recovery took weeks, prompting a reassessment of policies related to system drivers.
Kaspersky Replaced by UltraAV in the U.S.
In June, the U.S. banned Kaspersky software, giving users until September to replace it. The company ceased updates and handed over its user base to UltraAV. However, approximately one million users experienced an unexpected shift as Kaspersky was automatically uninstalled and replaced without notice, sparking public outrage. Despite the sanctions, some Americans found ways to continue using Kaspersky products.
Midnight Blizzard Targets Microsoft
In January, Microsoft disclosed that the hacker group Midnight Blizzard had accessed corporate email accounts in November 2023 by exploiting vulnerabilities in old test accounts. The attackers stole data related to investigations at Microsoft. In March, they struck again, stealing source code and accessing U.S. federal agency email accounts.
Massive Data Breach at National Public Data
In August, a hacker forum published personal data for 272 million Americans, including Social Security numbers, addresses, and emails, stolen from the National Public Data (NPD) database. Initially offered for $3.5 million, the records were later released for free. Experts called it one of the largest data breaches in U.S. history. In October, the company declared bankruptcy amidst numerous lawsuits demanding compensation from its parent company, Jerico Pictures.
Surge in Network Device Attacks
Massive attacks targeted devices from Fortinet, TP-Link, and Cisco in 2024. These network-edge devices provided hackers with easy access to internal systems. Notable cases included Chinese hackers compromising 20,000 FortiGate systems and the use of the Quad7 botnet to “zombify” network devices for subsequent cyberattacks. In response, the U.S. considered banning Chinese-made TP-Link devices.
Change Healthcare Attack Disrupts U.S. Healthcare Systems
In February, a cyberattack on Change Healthcare caused widespread disruptions in U.S. healthcare. Patients couldn’t access medication discounts, and doctors couldn’t process insurance claims. Hackers stole 6 TB of data, leading the company to pay a $22 million ransom. The stolen data was later reused for further threats, extracting additional payments.
Snowflake Attack Through Stolen Credentials
In spring, hackers began selling Snowflake customer data using compromised accounts. Companies like AT&T and Ticketmaster were among those affected. The stolen databases were exploited for extortion and further attacks.
Operation Cronos Targets LockBit
In February, international authorities launched Operation Cronos, dismantling LockBit’s infrastructure, including servers, cryptocurrency wallets, and control panels. However, five days later, the hackers resumed operations, threatening intensified attacks on government systems.
Salt Typhoon Targets U.S. Telecoms
Chinese hackers, known as Salt Typhoon, attacked telecom companies like AT&T and Verizon to steal call and message data, raising national security concerns. Lawmakers proposed stricter cybersecurity regulations for telecom providers.
The Rising Threat of Info-Stealers
Info-stealers, designed to extract browser and cryptocurrency wallet data, became a preferred tool for hackers in 2024. Experts advised using two-factor authentication for enhanced protection.
Ransomware Attack on CDK Global
Black Suit ransomware group targeted CDK Global, a leading SaaS provider for auto dealerships. The attack caused severe disruptions, making platforms for CRM, inventory management, and payroll inaccessible. Many dealers couldn’t complete sales, process loans, or order parts. CDK Global had to shut down its systems, paralyzing numerous businesses.
Controversy Over Windows 11 Recall Feature
Microsoft introduced the Windows 11 Recall feature as a revolutionary data recovery tool. However, cybersecurity experts highlighted privacy risks, noting vulnerabilities that could enable data leaks, including credit card numbers. Despite improvements, such as sensitive information filtering and mandatory Windows Hello authentication, Microsoft delayed its release due to unresolved issues.
Charges Against North Korean IT Specialists
In 2024, North Korean operatives increasingly infiltrated U.S. IT companies using fake identities. They leveraged their positions for cyber espionage and to fund North Korea’s nuclear program. In one case, the U.S. Department of Justice indicted 14 North Korean nationals who had illegally secured jobs in American companies using stolen identities.
