Connect with us

Hi, what are you looking for?

Business

The largest 2024 cyberattacks: What business can learn from them

As companies collect and collate more data, both to improve internal efficiency and to offer more specialized services to their customers, this also increases the worth of the target for any would-be cyber criminals out there.

The IT Army of Ukraine is a group of volunteer hackers first set up in the wake of Russia's invasion which has since grown
The IT Army of Ukraine is a group of volunteer hackers first set up in the wake of Russia's invasion which has since grown - Copyright AFP/File Fabrice COFFRINI
The IT Army of Ukraine is a group of volunteer hackers first set up in the wake of Russia's invasion which has since grown - Copyright AFP/File Fabrice COFFRINI

The cybersecurity incidents of 2024 included attacks that endangered patients in the healthcare system to leaking the data of millions of people.

Looking over the past year in cyberattack news, one thought leader in the cybersecurity space, Christian Espinosa, has explained to Digital Journal about the most notable and concerning attacks in 2024.

“The role of data in modern society and business has expanded rapidly over the past few years,” says Espinosa. “As companies collect and collate more data, both to improve internal efficiency and to offer more specialized services to their customers, this also increases the worth of the target for any would-be cyber criminals out there.”

Espinosa, a cybersecurity expert with Blue Goat Cyber, has outlined five of the biggest cyberattacks over the past year, looking at how these incidents have been affecting different industries, as well as the emerging threats that they represent. He has also provided actionable advice that users and companies alike can take from each of the attacks.

The Ivanti VPN Breach

This attack targeted vulnerabilities in Ivanti Connect Secure VPNs, which affected, amongst other bodies, several US federal systems. As a result, agencies had to rush to disconnect the affected systems, which were found to be sourced to vulnerabilities in unpatched software.

“This attack represents a couple of rising trends in cybersecurity, one of which is the increased targeting of virtual private network providers,” says Espinosa. “However, the most pertinent is the targeting of exploits in unpatched software. Being slow to patch your apps and systems can leave your system open to attacks, so be sure to keep yours up-to-date.”

The NPD Breach

The National Public Data Breach of 2024 affected 2.9 billion people globally, according to Kiplinger. Sensitive data, including Social Security numbers, names, addresses, and family details, were leaked and put up for sale on dark web forums by the hacker group USDoD.

“One of the most concerning things about this attack was the lack of even basic cybersecurity measures to protect such vital data,” explains Espinosa. “The use of simple security measures, such as encrypting your storage and changing your password from the default could help you avoid a breach of this severity.”

The Change Healthcare Breach

In another case of outdated systems being targeted, healthcare operations were targeted this time, exposing the medical records of millions of people, with the potential costs reaching up to $2.457 billion.

“This attack highlighted, in particular, the weakness of the security infrastructure of the healthcare industry in the US”, Espinosa comments. “However, it’s also another example of extortion in the case of data breaches, with the stolen data winning the hackers a ransom of $22 million. In this case, the system was exploited using a piece of remote access software. It could have been avoided by Change simply having disconnected the software, as you should do with any software that could allow anyone else to access data remotely.”

The Trello Data Leak

According to CLOUDPro, 15 million users had their accounts exposed, causing estimated damages of up to $10 million, largely from phishing and fraud campaigns that were carried out using the stolen sensitive data.

“There are a couple of tips we can learn from the Trello leak,” Espinosa recollects. “Businesses should learn to be continuously mindful of their reliance on APIs, especially where sensitive data is concerned. For the average user, however, it’s important to stay up to date on high-profile hacks, as the hackers were able to use legitimate data gathered from these servers to carry out a wide campaign of fraud.”

The Ticketmaster Breach

Hackers, the ShinyHutners, exposed the payment details of 560 million customers and leaked tickets worth up to $80 million, many of which were resold through fraudulent transactions. The leak came with a ransom demand of $500,000.

“Cloud software was the culprit in this case,” Espinosa identifies. “Or more accurately, misconfigured Cloud software. Companies like Ticketmaster leave themselves open by relying on Cloud companies that don’t prioritize proactive security measures, as the hackers used malware to steal the login details of an employee of the Cloud company they used.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

US federal workers face another deadline Monday to accept a mass buyout from their government jobs as a judge holds a key hearing.

Tech & Science

World leaders were set to hold formal talks in Paris on Tuesday on artificial intelligence (AI.

Business

Image: — © GETTY IMAGES NORTH AMERICA/AFP Brandon BellUS President Donald Trump’s administration has informed staff at the country’s consumer protection agency that it...

Business

US President Trump's new tariffs on steel promise to further complicate a strategic industry already destabilised by Chinese overproduction.