The Biggest Cyber Breaches and Hacks of 2024: What We Learned
Reflecting on 2024, the cybersecurity landscape has been marked by significant challenges and rapid evolution. This year, sophisticated breaches have demonstrated the resourcefulness of threat actors, targeting governments, major corporations, and critical infrastructure. Below, we examine the most impactful breaches and hacks of 2024, focusing on their technical implications and the lessons learned.
1. Salt Typhoon's Infiltration of U.S. Telecommunications
One of the most notable attacks of 2024 was the Salt Typhoon hack, in which the Chinese state-sponsored group breached several U.S. telecommunications giants such as Verizon, AT&T, and T-Mobile.
Attack Vector: The hackers exploited unpatched vulnerabilities in Fortinet and Cisco network devices. These devices were improperly configured and lacked sufficient defenses against advanced persistent threats (APTs). The attackers gained unauthorized access to key routers, enabling them to eavesdrop on voice data, intercept communications, and harvest metadata.
Impact: Sensitive data, including call records, financial transactions, and personal data of individuals, was exposed. More concerning was the potential compromise of wiretap systems used by U.S. law enforcement and intelligence agencies. This attack could have had catastrophic implications for national security.
Tech Insights: The breach underscores two critical issues: patch management and network segmentation. The fact that legacy network devices were vulnerable for so long highlights the importance of staying current with software patches. The lack of segmentation in these providers' internal networks allowed lateral movement from compromised systems to more sensitive parts of the infrastructure.
Lesson: Timely patch management is non-negotiable, and network segmentation must be enforced to limit the impact of compromised systems. Organizations should also prioritize continuous network monitoring and employ behavioural analytics to detect any abnormal access patterns in real-time.
2. Ransomware Attack on Synnovis
Another major event was the Synnovis ransomware attack. The attack targeted this key NHS laboratory services provider and was attributed to the cybercriminal group Qilin.
Attack Vector: The attack began with a phishing email, which was used to deliver ransomware into Synnovis' network. Once inside, the attackers encrypted files on critical medical systems, including patient records, medical histories, and diagnostic data. They then demanded a ransom in cryptocurrency to decrypt the files.
Impact: The attack resulted in significant operational disruptions, affecting the London NHS, where thousands of medical procedures were canceled or delayed. Beyond the immediate operational impact, there was a risk of data exposure since the attackers threatened to publish sensitive medical information if their demands were not met.
Tech Insights: This breach highlighted the human element of cybersecurity—phishing remains one of the easiest vectors for entry, regardless of the target's security measures. It also illuminated the inherent risks of legacy systems in healthcare, which often lack the necessary security layers to mitigate such attacks.
Lesson: Healthcare organizations must treat cybersecurity as mission-critical by investing in advanced threat detection tools, conducting regular phishing simulations to train staff, and implementing multi-layered defenses. Regular patching of legacy systems is essential to minimize the window of opportunity for attackers.
3. Data Breach at National Public Data
In April 2024, National Public Data (NPD) experienced a significant data breach, compromising approximately 2.9 billion Social Security records.
Attack Vector: Attackers leveraged misconfigured cloud storage settings to gain unauthorized access to NPD's data. The breach was made possible by poor access controls and lack of encryption on critical data stored in the cloud. This exposed not just personal data, but also key financial records linked to millions of U.S. citizens.
Impact: Sensitive information, including Social Security numbers, addresses, and financial histories, were exposed, leading to a heightened risk of identity theft and financial fraud.
Tech Insights: This attack underscores the need for organizations to secure cloud environments by employing encryption for data at rest and in transit. Furthermore, it highlights the importance of zero trust security models, particularly in environments that manage vast amounts of personal data.
Lesson: Ensure all cloud services are properly configured, encrypted, and monitored continuously. Least-privilege access policies must be strictly enforced, and multi-factor authentication (MFA) should be used across all sensitive accounts.
4. Ransomware Attack on Albyn Housing Society
A significant breach occurred when Albyn Housing Society, one of Scotland's largest housing charities, was targeted by a ransomware attack, which was attributed to the Russian-linked cybercrime group RansomHub.
Attack Vector: Similar to previous ransomware incidents, the attackers used phishing emails to deliver malware, which then encrypted crucial data across the organization’s network. The attackers later threatened to release sensitive employee and tenant data unless their demands were met.
Impact: The breach affected personal details, including payroll and expenses claims, which were later dumped on the dark web.
Tech Insights: Nonprofits often fail to invest adequately in cybersecurity, making them prime targets for ransomware groups seeking easy access to sensitive data. The lack of dedicated IT staff and resources in many nonprofit organizations also plays a significant role in making them vulnerable.
Lesson: Nonprofits must adopt basic but effective cybersecurity hygiene, including email filtering, multi-factor authentication, and regular data backups. They should also consider hiring cybersecurity professionals or consulting firms to establish an effective, low-cost security framework.
5. U.S. Treasury Department Breach
In 2024, a cyberattack linked to China targeted the U.S. Treasury Department, compromising sensitive systems used by top officials.
Attack Vector: The breach was initiated through a compromised third-party cybersecurity provider, BeyondTrust, which allowed hackers to gain unauthorized access to key personnel’s computers, including Treasury Secretary Janet Yellen’s machine.
Impact: Sensitive communications and data, including emails and financial records, were exposed. The breach posed significant national security risks by potentially compromising classified government discussions and data.
Tech Insights: The attack reveals the inherent risks in the third-party supply chain. It highlights how even highly trusted cybersecurity vendors can become vectors for major breaches, especially when security measures are not adequately managed or monitored.
Lesson: Organizations must enforce third-party risk management frameworks, conduct regular audits of all external vendors, and utilize intrusion detection systems (IDS) to monitor anomalous activity on all critical devices.
6. Ransomware Attack on Evolve Bank
In July 2024, Evolve Bank, a banking-as-a-service provider, was targeted by a ransomware attack, resulting in the theft of personal information of more than 7.6 million individuals.
Attack Vector: The attackers used a multi-faceted approach involving a spear-phishing campaign and remote desktop protocol (RDP) vulnerabilities to gain initial access. Once inside, they deployed ransomware across the network and exfiltrated sensitive data before encryption. The ransomware used was a variant specifically designed to bypass traditional security measures in financial environments.
Impact: Personal financial data, including banking credentials, account numbers, and transaction histories, were exposed. Over 7.6 million individuals were affected, leading to severe reputational damage for Evolve Bank and its partner fintech clients. The data exfiltration allowed cybercriminals to sell the sensitive information on the dark web, contributing to financial fraud and identity theft.
Tech Insights: This attack highlights the risks posed by inadequate endpoint detection and response (EDR), vulnerability management, and lack of real-time monitoring in fintech organizations. The breach also demonstrates the efficacy of credential stuffing and exploiting weak RDP configurations in gaining footholds within secure systems.
Lesson: Financial institutions must prioritize continuous vulnerability scanning, implement strong multi-factor authentication (MFA) on all remote access points, and bolster EDR capabilities to detect early signs of ransomware deployment. Regular employee training on phishing attacks and a robust incident response plan are also critical to minimize damage.
7. Data Theft from Snowflake Customers
In 2024, cybercriminals used stolen credentials to breach Snowflake accounts, leading to the theft of data from several high-profile customers, including Ticketmaster and AT&T.
Attack Vector: Attackers exploited weak API keys and stolen credentials obtained through previous breaches or leaked databases. Once inside, the hackers gained unauthorized access to sensitive customer databases by targeting poorly secured APIs. The attackers used automated scripts to brute-force their way through exposed endpoints.
Impact: The breach resulted in the theft of highly sensitive data, including customer PII (personally identifiable information), transaction histories, and internal communications. This breach not only exposed valuable business intelligence but also created compliance risks for Snowflake’s customers, as they had to notify affected individuals and regulators.
Tech Insights: This breach emphasizes the critical need for API security in cloud environments, especially for platforms managing vast amounts of sensitive data. Snowflake’s breach also highlighted the weaknesses of traditional password management systems and poor API key management practices.
Lesson: Organizations using cloud data platforms must enforce strong API security by using OAuth, API token rotation, and rate limiting. Additionally, implementing multi-factor authentication (MFA) for all accounts, especially those with access to cloud environments, is essential to prevent unauthorized access.
Takeaways from 2024’s Cybersecurity Incidents
The breaches of 2024 reveal common threads of exploitation, from vulnerabilities in third-party systems to gaps in cloud identity management. Here are the actionable lessons:
Adopt Zero Trust Architecture
Always verify access, whether internal or external and implement Zero Trust principles.
Strengthen Vendor and Third-Party Security
Relying on third parties without strict vetting introduces significant risk. Use tools and frameworks to assess their compliance and security posture.
Invest in AI-Driven Threat Detection
AI is both a threat and a solution. Understand the role of AIÂ in defending against increasingly sophisticated attacks.
Conduct Regular Penetration Testing
Simulating attacks can expose critical vulnerabilities. Consider implementing advanced penetration testing services.
Secure Legacy and Cloud Systems Alike
Cloud migrations are not inherently secure. Implement regular audits and ensure legacy systems are patched and monitored.
Looking Ahead
The breaches of 2024 serve as a stark reminder of the critical need for proactive cybersecurity measures. At Sekurno, we help businesses address these challenges head-on by offering tailored solutions in compliance, application security, and penetration testing.
Learn more about our services.
Explore our latest insights.
By taking action now, organizations can reduce risks and stay ahead of the evolving threat landscape in 2025. Stay vigilant and prepared!