It has become somewhat trite to comment on the fact that the threat landscape has become increasingly hostile in recent years, but 2024 served as a reminder that attackers continue to become more sophisticated and violent, with real consequences.
This year, we’ve seen hackers wreak havoc on organizations ranging from healthcare, telecommunications, technology, industry to the public sector. Below is a summary of the biggest cyber threats we’ve seen this year.
Change Healthcare attack causes chaos in US healthcare facilities
The year got off to a rocky start in February when Change Healthcare, a key provider of payment technology to the healthcare industry, suffered a cyber attack that crippled its services.
On Feb. 21, Change Healthcare, a subsidiary of UnitedHealth Group, the largest U.S. health insurer, issued a notice saying it had been hit by a ransomware attack that forced it to shut down its systems.
As a result of the breach, healthcare providers using Change Healthcare technologies were unable to process electronic payments, medical claims or drug prescriptions, causing chaos across the US.
The firms confirmed that a “significant amount of data” was stolen from their midst between 17 and 20 February.
In June this year we found out that the stolen information included confidential information related to patients’ health, insurance, financial records, and other personal information such as Social Security numbers, driver’s licenses, government identification numbers, and passport numbers.
The attack is believed to have been carried out by the notorious ALPHV/BlackCat ransomware collective after the group claimed responsibility for the hack and in April UnitedHealth Group admitted to paying a $22 million ransom to recover stolen data from the incident .
After receiving increased attention from global law enforcement agencies in response to the devastating attack, the group said it was shutting down shortly after the incident. Current rumors suggest that the company has since been rebranded under a new name to continue its operations.
Based on first-quarter 2024 results, UnitedHealth estimated the incident could cost the company $1.6 billion. That amount was the smallest since year-end disclosures in September showed the true cost of the attack had risen to $2.9 billion.
Shortly after initial rumors that UnitedHealth had paid ALPHV/BlackCat a $22 million ransom in March 2024, the Internet shied away from what could have been a catastrophic supply chain attack targeting a popular open source project.
In March 2024, Andres Foind, a Microsoft developer, discovered a backdoor in XZ Utils, a set of open-source data compression tools based on the LZMA compression algorithm that is used out of the box by many popular Linux distributions.
According to report Akamai added a backdoor to the SSH daemon on a vulnerable machine, allowing a remote attacker to execute arbitrary code on the system. The report concluded that “we’re lucky” and that if the backdoor had not been discovered, the consequences could have been catastrophic.
The XZ Utils project has been supported solely by its original developer Lasse Collin since its initial release. But in October 2021, a solo developer going by the name Jia Tang began opening pull requests to fix a number of bugs in the project.
Tang continued to submit fixes to the repository for the next three years, and as pressure mounted on Collin to fix bugs faster, he trusted Jia Tang to help.
After gaining release manager privileges with full access to the source code, Tan introduced a backdoor into XZ Utils.
“This backdoor has virtually become one of the most powerful intrusion tools ever—one that would eclipse the SolarWinds backdoor,” writes Akamai Security Intelligence Group. includes Fedora, Ubuntu and Debian. Almost.”
Snowflake attack leads to huge data breaches at major firms and war of words over culpability
In April 2024, a number of large businesses suffered a data breach after an attacker known as Shiny Hunters compromised a number of high-profile Snowflake cloud database accounts that stored huge amounts of personal data.
According to some reports, hackers used special tools to find vulnerable Snowflake instances and substitute credentials to gain access to the database. Once inside, they used Snowflake’s built-in features to steal large amounts of data.
Ticketmaster had personal data of 560 million of its customers was stolenincluding their names, addresses, phone numbers and partial credit card information, with the hackers listing a 1.3 TB database stolen from a firm on BreachForums for $500,000.
Santander identified 30 million customers, as well as all of its current and some former employees. bank details stolen during a campaign that included 28 million credit card numbers, 6 million account numbers and human resources information related to Santander employees.
After both firms publicly stated that the incident was the result of unauthorized access to a database hosted by a third-party provider, namely Snowflake, Brad Jones, Snowflake’s chief information security officer. retaliate against claims the violations were caused by a vulnerability or misconfiguration of the platform.
Instead, Jones said the campaign was specifically targeting accounts that weren’t using two-factor authentication (2FA), making them more susceptible to credential stuffing attacks.
The attackers used stolen credentials that were either purchased on the dark web or obtained through malware to steal information, Jones said. He acknowledged that Snowflake had evidence that an attacker had stolen personal credentials and gained access to demo accounts belonging to a former employee.
Seventeen-year-old boy crashes TfL online payment system
The next major cyber scare of 2024 occurred in September, when Transport for London (TfL) said it had been hit by a “sophisticated” and “aggressive” cyber attack.
The attack itself had a limited impact on the city’s actual transport system: buses and trains operated as expected, but it resulted in a number of TfL digital services being taken offline.
TfL was unable to process payments on Oyster and the contactless app, travelers were unable to register their Oyster cards to their customer accounts on the website or app, and TfL was unable to issue refunds for uncompleted pay-as-you-go journeys. using a contactless method.
TfL also said the incident exposed banking details associated with 5,000 customers, as well as staff passwords.
Shortly after the attack, the NCA confirmed it had arrested a 17-year-old in Walsall in connection with the incident.
The attack is estimated to have cost TfL more than $38 million (£30 million) after it was forced to suspend a number of its services, spending $6.3 million (£5 million) on incident response, investigation and enforcement cybersecurity issues in the last 3 months.
Salt Typhoon hacked US telecommunications companies to spy on political figures
The final security story we want to cover is perhaps the most alarming: attackers linked to the Chinese state have hacked a number of telecommunications networks around the world.
Rumors about a potential threat campaign targeting telecom companies in the US have been simmering since September, and the Wall Street Journal confirmed a number of well-known Internet providers were hacked in October
In November, the FBI and CISA issued a joint statement warning of a threat campaign believed to have originated in China and targeted commercial telecommunications infrastructure.
warning said U.S. agencies have identified Chinese-linked actors who hacked into the networks of several online companies in an effort to steal customer data and compromise the communications of individuals involved with the U.S. government.
The attack also reportedly gave attackers access to information systems used by the federal government for court-authorized wiretapping of network telephone conversations.
In December, the FBI and CISA recommended that all citizens use encrypted messaging platforms to protect themselves from potential attackers lurking online.
In a call with reporters, U.S. government officials including Jeff Green, executive assistant director for cybersecurity at CISA, said users should also try to use encrypted voice communications if they have the option.
The situation became even more serious when Anne Neuberger, deputy national security director in the Biden administration, warned that hackers known as the Salt Typhoon collective were able to record telephone conversations of “very senior” political figures in the US.
The group appears to have established consistency in communications channels used throughout the United States and is still gaining access to telecommunications networks throughout the region, putting individuals, businesses, and government agencies at risk.