Cybersecurity News Round-Up 2024: Top 10 Biggest Stories

This year has been anything but quiet for the cybersecurity world. We’ve witnessed record-breaking data breaches, huge ransomware payouts, and illuminating research into the impact of the incident. An increasingly complex and evolving threat landscape.

As the new year approaches, TechRepublic looks back at the biggest cybersecurity stories of 2024.

1. Midnight Blizzard Attack on Microsoft

In January, Microsoft revealed that it was the victim of a cyberattack. Nation-state sponsored attacks Starting in November 2023. Midnight Blizzard accessed some Microsoft emails and documents Through a compromised email account. Later, Microsoft revealed that they also visited Some source code repositories and internal systems.

Midnight Blizzard gained access through a successful password spray attack on a legacy test tenant account without multi-factor authorization. Password spraying is a brute force attack in which threat actors spam or “spray” commonly used passwords to many different accounts within an organization or application. From there, they can use that account’s permissions to access a handful of Microsoft corporate email accounts – some of which are for senior leadership team members.

This year’s midnight snowstorm was particularly active. in october it Launched targeted spear phishing attacks against over 100 organizations worldwide. Spear phishing emails contain RDP configuration files that allow attackers to connect to and potentially compromise target systems.

2. Record ransomware payment amount and active groups

In February, Chainaanalysis announced global ransomware payments Breaking through $1 billion for the first time 2023 has seen an increase in “big game hunting” activity, in which organizations hunt down large organizations and demand ransoms in excess of $1 million, with affected organizations often willing to pay the ransom.

In addition, it was announced in October that in the second quarter of this year Number of active ransomware gangs hits record high. This suggests that law enforcement crackdowns are proving effective against more established gangs, opening up new opportunities for smaller gangs. indeed, Artificial intelligence may lower barriers to entry Launch a ransomware attack and expand the pool of people who may carry out a ransomware attack.

3. LockBit’s conflict with law enforcement

Notorious ransomware group LockBit has been hit by law enforcement February. UK National Crime Agency cyber unit, FBI and international partners cut off their websitewhich was used as a large-scale ransomware-as-a-service storefront. LockBit ransomware is the most common type of ransomware in the world in 2023.

However, a few days later, the group Resume operations at another darknet address and claimed responsibility for global ransomware attacks. Despite claims from the UK’s National Crime Agency that ransomware gangs are “complete compromise”, according to Reuters.

Whether it’s still fully or partially operational, the demolition did have a positive ripple effect. NCC Group notes Ransomware attacks decrease year-on-year In June and July this year, Experts on LockBit Interruptions.

A Cyberint report also said that in the third quarter of this year The organization has the fewest quarterly attacks In a year and a half. Malwarebytes research also found that LockBit claimed responsibility for the proportion of ransomware attacks dropped from 26% to 20% That’s despite more personal attacks over the past year.

4. The world’s largest password compilation leaked

July, The world’s largest compilation of leaked passwordsContains 9,948,575,739 unique plaintext entries posted on hacker forums. The credentials were found in a file called “rockyou2024.txt” and many of the passwords had been exposed in previous data breaches.

RockYou is a closed social application website. In 2009, the account details of more than 32 million users were compromised after hackers accessed a clear text file storing user account details. In June 2021, another text file named “rockyou2021.txt” was released. The 100GB archive contained 8.4 billion passwords and was the largest password dump at the time.

5. Almost all AT&T phone numbers leaked

In July, AT&T revealed Data from “almost all” customers The data from May to October 2022 and January 2, 2023 was leaked to a third-party platform in April this year. The threat actor gained access to call and text message records, but was unable to access their context or any personally identifiable information.

AT&T Paid 5.7 Bitcoins According to Wired, threat actors have to pay approximately $374,000 to delete stolen data. The threat actor is said to be a member of the ShinyHunters group, which compromised the data warehousing platform snowflake Get data. The access point has been secured after law enforcement arrested one person in connection with the cyber attack, AT&T says.

6. CrowdStrike outage leads to global chaos

July, Approximately 8.5 million Windows devices have been disabled Globally, causing massive disruption to emergency services, airports, law enforcement and other critical organizations. This is due to an error when cloud security company CrowdStrike released an update to the Falcon sensor.

look: What is CrowdStrike? Everything you need to know

Affected organizations saw the infamous “blue screen of death,” a Windows system crash alert. The incident resulted in CrowdStrike being Won the “Epic Failure” Award Attend Black Hat USA 2024 in August.

look: Study finds most ransomware attacks happen while security personnel sleep

7. One of the largest national public data leaks in history

In August, 2.7 billion data records, including Social Security numbers, were posted on dark web forums. One of the biggest breaches in history. National Public Data, the background check company that owns the data, acknowledged the incident and blamed “third-party bad actors” for hacking the company in December 2023.

Troy Hunt, a security expert and creator of the “Have I Been Pwned” vulnerability checking service, investigated the leaked data set and found that it only contained 134 million unique email addresses and 70 million lines of information from the U.S. Criminal Records Database. The email address is not associated with the SSN.

According to the class-action complaint, National Public Data obtained the personally identifiable information of billions of people from non-public sources to create profiles for its background check services. The data is also believed to have been stored in a text-only file on one of its sister sites.

8. CISOs are experiencing burnout

A wealth of evidence has been released this year that CISOs and security professionals are experiencing burnout. A study published by BlackFog in October found Nearly a quarter are considering leaving their jobs93% of whom said it was due to stress or work demands.

also, 66% of global cybersecurity professionals say their role is more stressful According to a survey by global professional association ISACA, the threat landscape is more complex now than five years ago, with 81% saying it is more sophisticated. 46% of respondents believe that network professionals have resigned due to excessive work pressure, an increase of 3 percentage points from the previous year.

look: Australian cyber security professionals admit increasing workplace stress

At the same time, this year’s study raises recruitment issues, coupled with The number of cyber attacks continues to increaseis putting pressure on existing security teams. According to ISC2, 90% of organizations Facing a cybersecurity skills shortage. The global deficit will reach More than 85 million skilled professionals By 2030.

9. More than 31 million online archive user accounts were compromised

In October, the Web Archive, the nonprofit digital library known as the Wayback Machine, experienced a Major data leakage and a series of distributed denial-of-service attacks.

According to Bleeping Computer, attackers compromised a 6.4 GB SQL database containing authentication information for more than 31 million registered Archive members, including email addresses, screen names, password change timestamps and bcrypt hashed passwords. However, 54% of compromised data has been Previous breaches have been exposed.

Around the same time, the website suffered three DDoS attacks, with hacker group BlackMeta claiming responsibility.

10. The largest health data breach in U.S. history

The U.S. Office for Civil Rights revealed in October that threat actors Breached Change Healthcare’s systems In February, the private health information of more than 100 million people was obtained as part of a ransomware attack. This marks the largest healthcare data breach ever reported to U.S. federal regulators.

group ALPHVsometimes called BlackCat, claimed responsibility for the leak. in a The Senate will hold a hearing on the matter in MayThe CEO of UnitedHealth Group, the parent company of Change Healthcare, said that a $22 million Bitcoin ransom was paid to release the stolen data. The attack delayed the delivery of prescription medications and resulted in Business disruption impact reaches $705 million.