1. LockBit Taken Down (February 20)
The LockBit ransomware gang, one of the most notorious in recent years, was severely disrupted through an international law enforcement operation called Operation Cronos. The effort, led by the U.K.’s National Crime Agency and involving countries like the U.S., Canada, and Australia, resulted in the seizure of 28 servers, the takedown of LockBit's leak site, and the arrest of several collaborators. Additionally, more than 1,000 decryption keys and the LockBit source code were obtained. The operation significantly damaged LockBit’s reputation, making its attempts to regroup largely unsuccessful.
2. Change Healthcare Suffers Massive Ransomware Attack (February 21)
Healthcare technology provider Change Healthcare was targeted by the Alphv/BlackCat ransomware group, causing widespread disruptions in U.S. healthcare operations, including at major pharmacies like CVS and Walgreens. The breach, attributed to a Citrix remote access portal without multi-factor authentication (MFA), affected critical healthcare services such as medication prescriptions and billing systems. It is estimated that the impact of the breach affected approximately one-third of Americans.
3. CISA Breached via Ivanti Zero-Day Vulnerabilities (March 8)
The Cybersecurity and Infrastructure Security Agency (CISA) was among the victims of a breach tied to two zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure products. These vulnerabilities were exploited by a Chinese nation-state actor. While CISA confirmed the breach, the impact was limited to just two systems, which were quickly taken offline. This event underscored the importance of having effective incident response plans in place, even for cybersecurity agencies.
4. Cisco Closes $28 Billion Acquisition of Splunk (March 18)
In one of the largest cybersecurity acquisitions of the year, Cisco completed its purchase of Splunk, a leading observability and security vendor, for $28 billion. This acquisition marked Cisco’s major push into the security and observability space, with the integration of Talos’ threat intelligence and XDR technology into Splunk’s products. This move solidified Cisco’s position in the cybersecurity market and was one of the largest tech deals of 2024.
5. Cyber Safety Review Board Calls Out Microsoft (April 2)
The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) published a scathing report criticizing Microsoft for security missteps that allowed Storm-0558, a Chinese state-sponsored actor, to breach email accounts of 25 organizations. The CSRB’s findings pointed to deficiencies in Microsoft’s security culture and highlighted its failure to implement proper security measures like multi-factor authentication (MFA). In response, Microsoft overhauled its security protocols and expanded its Secure Future Initiative (SFI) to make security its top priority.
6. Microsoft Recall Feature Raises Privacy Concerns (May 20)
On May 20, Microsoft announced the introduction of a new feature called Recall in its Copilot+ PCs, which allowed the periodic capture of screenshots to be “recalled” via natural language prompts. This raised significant privacy concerns, as the feature was seen as potentially resembling keylogging software. Following backlash from the security community, Microsoft delayed the feature multiple times and, when reintroduced in September, added security enhancements to address these concerns. However, doubts about its security still remain.
7. CrowdStrike Causes Massive IT Outage (July 19)
A faulty update from CrowdStrike’s Falcon threat detection platform triggered a massive IT outage on July 19, affecting millions of Windows systems globally. The outage caused widespread issues in critical industries, including airlines and healthcare. It was estimated that 8.5 million Windows devices were affected. Delta Airlines sued CrowdStrike for $500 million in damages, although the security vendor disputed these claims. The incident sparked debates over the need for better validation of software updates.
8. Dark Angels Gang Receives Record $75 Million Ransom Payment (Summer)
The Dark Angels ransomware group made headlines when it received a record $75 million ransom payment from a Fortune 50 company, later identified as Cencora, a pharmaceutical giant. This payment, the largest known ransom ever, raised alarm over the increasing size and audacity of ransomware demands. The breach compromised sensitive personal and health data, further emphasizing the growing risks of ransomware attacks on major corporations.
9. Iran Hacks Trump Presidential Campaign (August 19)
In August, U.S. intelligence officials, including CISA, the FBI, and the Office of the Director of National Intelligence, attributed a cyberattack against President-elect Donald Trump’s 2024 campaign to Iranian state-sponsored actors. The attack aimed to stoke political discord and undermine confidence in U.S. democratic institutions. This breach marked a significant escalation in the cyber tactics of foreign governments attempting to influence the U.S. electoral process.
10. China Breaches Several Major Telecom Companies (November 13)
In November, CISA and the FBI confirmed that Chinese nation-state actors had breached several major U.S. telecommunications companies, including AT&T, Verizon, and T-Mobile. The breaches allowed attackers to steal customer data, intercept private communications, and exfiltrate sensitive information related to law enforcement requests. This breach underscored the vulnerability of critical U.S. telecom infrastructure to state-sponsored espionage and raised concerns about the security of mobile communications.
Conclusion
The cybersecurity landscape in 2024 has been marked by high-profile breaches, significant ransomware incidents, and nation-state attacks targeting critical infrastructure. As these events continue to evolve, they underscore the importance of robust security practices and a proactive approach to cybersecurity in both the private and public sectors.
Comments
Post a Comment