Skip to main content

"2024 Recap of Cybersecurity, with Insights for the Future"

Even though the cybersecurity field is already very dynamic, with attackers and defenders constantly in a game of cat-and-mouse with ever-evolving technology, this was an incredibly tumultuous year in the cyber realm! This year saw several record-breaking breaches, the incredible boom of AI, novel techniques and attack chains, and highly sophisticated cybercrime and cyberwarfare operations. Cybersecurity was flung into the public purview due to the cascading effects of cyber incidents that affected millions, if not billions, of people around the world.

Dec 21, 2024 ~ 11 min read

Original Infophreak Blog: https://infophreak.com/2024-recap-of-cybersecurity-with-insights-for-the-future/

2024-personification.png

SECTION 0 - ACTIONABLE TAKEAWAYS FROM THE YEAR, FOR DEFENDERS

In many breaches observed this year, core security concepts and practices essential for preventing cyberattacks were not being followed. Organizations should be implementing strong asset and patch management, credential hardening and two-factor authentication, and the principle of least privilege in addition to managing technical debt and old or forgotten infrastructure.

Phishing continued to be a major initial access vector this year, and quality phishing awareness programs need to be made a priority, with realistic simulations and education on the latest phishing tactics and cyber threats performed. This is even more important with the fact that the personal data of millions of citizens worldwide has been leaked on the internet, giving adversaries more information to use in social engineering campaigns.

A common theme among some of the most damaging cyberattacks of the year included the preliminary compromise of a third-party partner, who's elevated access was abused to compromise the main target. Third-party/supply-chain risk management needs to be a priority for organizations.

SECTION 1 - APT/GOVERNMENT ACTIVITY

This year saw the largest number of active ransomware groups of all time, and a surge in attacks. This may be, in part, due to the law enforcement takedown of various high-profile ransomware gangs like Lockbit, which causes a splintering effect where members and clients move on to other less-known ransomware gangs. Additionally, surges in both cyber-related fraud and the ingenuity and scalability of fraud tactics were observed.

This year also saw a blurring of the line between cybercrime and APT groups, as nation-state actors conducted operations for financial gain while enlisting the aid of cybercriminals and commodity malware, and cybercriminals used advanced defense evasion and technical complexity that was once only seen from APT groups. Hybrid war and interference in democratic elections was prevalent amid rising geopolitical tensions and active conflicts. Throughout the year, China infiltrated and positioned itself within the critical infrastructure of the United States (and several other countries across the world), in preparation for massive cyberattacks (i.e., cyberwarfare) amid growing tensions between the two countries (read this blog post for an in-depth dive on the topic).

SECTION 2 - HUGE, NONSTOP BREACHES

Every month in 2024, at least 1 million people had their information leaked in a data breach (and most months, the number was much higher). At worst, 2.9 billion individuals had their PII breached in the record-breaking National Public Data breach. The information breached throughout the year includes passwords, payroll information, passports, PHI, and everything in between. It appears that attackers are focusing more on stealing health and other personally-identifiable information for double and triple-extortion opportunities, which is more profitable and sustainable than stealing payment card information or only encrypting a victim’s data.[^18] [^19] The breaches this year ranged from gigabytes to terabytes (even from industry leaders - the hacker "Intelbroker" claims to still be holding several terabytes of Cisco's data, and has released several-gigabyte batches of this data so far), and the Main Ukrainian Intelligence Directorate even claimed to have destroyed petabytes (1 PB = 1,000 TB) of data from the Russian research center Planeta.

There were a concerning number of instances of large companies, including healthcare providers, engaging in negligent practices that ultimately led to data leaks involving hundreds of thousands of people this year. Even though it was not a data breach, this report would be remiss if it didn't also mention the negligent oversight from CrowdStrike, which rendered 8.5 million Windows devices across critical industries inoperable with a faulty software update that wasn't properly tested.

For a nuanced perspective on why some of these oversights might have occurred, a study from BlackFog (an international cybersecurity company) found that 24% of security decision makers and CISOs are considering leaving their current roles (with 93% of them citing stress and job demands as the reason), and 98% of security leaders are working beyond their contracted time by an average of at least 9 hours.[^2] While certain oversights are inexcusable, security can be complex and difficult!

SECTION 3 - AI

This year saw incredible developments in AI technologies, which has become a powerful tool in the arsenals of both adversaries and defenders. Nefarious actors are using AI to debug malware; creating full, AI-generated social media profiles and political campaign websites, creating spear-phishing and whaling campaigns; and writing malicious scripts and tools with detection evasion. Cyber defenders are using AI to detect and automatically respond to known attack patterns, ingest and analyze large amounts of endpoint data, and identify anomalies with machine learning models (i.e., pattern analysis). Worth noting is that generative AI systems themselves (and the infrastructure they run on) can be compromised, and their vulnerabilities can't usually be deterministically patched (AI is nondeterministic, meaning that giving it the same input twice won't have the same effect).

Final Remarks

What a crazy year! In the whirlwind of constant information on almost daily breaches, critical vulnerability disclosures, and new developments in attacker techniques, it is evidently very important for security personnel to stay up-to-date with the latest happenings in the field. Take care of yourself, keep learning, stay vigilant, and good luck in the year ahead!

References

  1. National Public Data breach: What you need to know. (n.d.)
  2. Blackfog - Managing Expectations and Job Satisfaction For IT Security Leaders (October 9, 2024)
  3. What 2024’s Worst Cyberattacks Say About Security in 2025 (December 27, 2024)
  4. The biggest cyber attacks of 2024 (September 5, 2024)
  5. File hosting services misused for identity phishing (October 8, 2024)
  6. Ukraine: Hack wiped 2 petabytes of data from Russian research center (January 26, 2024)
  7. GUR specialists conduct successful cyberattack on company implementing information systems into Russian industry (January 27, 2024)
  8. Moobot Malware FBI Affadavit and Search and Seizure Warrant (January 26, 2024)
  9. Year in Review: The Most Significant Cyberattacks of 2024 (December 2, 2024)
  10. Data Breaches That Have Happened in 2022, 2023, 2024, and 2025 So Far (January 2, 2025)
  11. Top Data Breaches in 2024 [Month-wise] (September 10, 2024)
  12. Cybersecurity News Round-Up 2024: 10 Biggest Stories That Dominated the Year (December 10, 2024)
  13. 2024 in review: Hacks, hacks and more hacks (December 27, 2024)
  14. 10 of the biggest cybersecurity stories of 2024 (December 23, 2024)
  15. What 2024’s Worst Cyberattacks Say About Security in 2025 (December 27, 2024)
  16. Microsoft Digital Defense Report 2024 (October 25, 2024)
  17. Stop saying “technical debt” - StackOverflow (December 27, 2023)
  18. Ransomware and Cyber Extortion in Q2 2024 (July 15, 2024)
  19. The Dangers of Double and Triple Extortion in Ransomware (March 19, 2024)