Thursday , April 24 2025
2024

Look back; The Worst Hacks of 2024

In 2024, digital security experienced major breaches as cybercriminals and state-backed groups exploited vulnerabilities for large-scale attacks. These incidents were efficient for attackers but damaging to affected organizations and individuals, threatening their privacy and security. With rising global tensions, 2025 is anticipated to present more cybersecurity challenges. Infosecbulletin highlights the year’s significant breaches and warns for increased vigilance.

China’s Salt Typhoon Telecom Breaches:

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

ChatGPT Develops Exploit for CVEs Before Public PoCs Share

Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
ChatGPT Develops Exploit for CVEs Before Public PoCs Share

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
TP-Link Router Vulns Allow to Execute Malicious SQL Commands

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
SSL.com’s domain validation system’s bug found: Hacker exploited

Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Hackers Exploit Zoom’s Remote Control Feature for System Access

ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
Hackers Exploit Zoom’s Remote Control Feature for System Access

In 2024, the China-linked espionage group Salt Typhoon infiltrated major US telecom companies, including Verizon and AT&T, along with other global targets, over several months. Affected companies are still struggling to eliminate the hackers despite ongoing efforts.

Snowflake Customer Breaches:

In summer 2024, attackers used stolen passwords to access Snowflake accounts without two-factor authentication, causing major data breaches at companies like Ticketmaster, Santander Bank, Neiman Marcus, and AT&T. This included the theft of nearly all customer records from AT&T’s calls and texts over seven months in 2022. Security firm Mandiant reported around 165 victims were affected. In response, Snowflake made two-factor authentication mandatory for account administrators in July. In November, suspect Alexander “Connor” Moucka was arrested in Canada for leading the attack, and John Erin Binns was indicted for his role in the breaches.

Change Healthcare Ransomware Attack:

In February 2024, Change Healthcare, a major medical billing and insurance company, suffered a ransomware attack that disrupted healthcare facilities across the US and compromised over 100 million individuals’ data. The attack, believed to be carried out by the Russian-speaking ALPHV/BlackCat ransomware gang, led to the theft of personal information, including phone numbers, addresses, financial data, and medical records. Change Healthcare paid a $22 million ransom in March, but the attack resulted in widespread harm, with ongoing notifications to victims and mounting lawsuits. The state of Nebraska sued the company, citing its failure to implement basic security protections.

Russia’s Midnight Blizzard Hit Microsoft:

Microsoft said in January that it had been breached by Russia’s “Midnight Blizzard” hackers in an incident that compromised company executives’ email accounts. The group is tied to the Kremlin’s SVR foreign intelligence agency and is specifically linked to SVR’s APT 29, also known as Cozy Bear. After an initial intrusion in November 2023, the attackers targeted and compromised historic Microsoft system test accounts that then allowed them to access what the company said were “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there, the group exfiltrated “some emails and attached documents.” Microsoft said that the attackers seemed to be looking for information about what the company knew about them—in other words, Midnight Blizzard doing reconnaissance on Microsoft’s research into the group. Hewlett-Packard Enterprise (HPE) also said in January that it had suffered a corporate email breach attributed to Midnight Blizzard.

National Public Data:

In December 2023, National Public Data, a background check company, experienced a data breach, with stolen information beginning to appear for sale on cybercriminal forums by April 2024. Throughout the summer, various forms of this data circulated, leading to public confirmation from the company in August. The compromised information included names, Social Security numbers, phone numbers, addresses, and dates of birth. Due to the delay in the breach’s acknowledgment until August, speculation ran rampant for months, with some theories suggesting that tens or even hundreds of millions of Social Security numbers were involved. Fortunately, the actual number of affected individuals turned out to be much lower, with the company reporting in a Maine filing that approximately 1.3 million people were impacted. In October, the parent company of National Public Data, Jerico Pictures, filed for Chapter 11 bankruptcy reorganization in the Southern District of Florida, citing ongoing state and federal investigations along with multiple lawsuits stemming from the breach.

A lot of people steal a lot of cryptocurrency every year, including North Korean cybercriminals who have a mandate to help fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis released this month, though, underscores just how aggressive Pyongyang-backed hackers have become. The researchers found that in 2023, hackers affiliated with North Korea stole more than $660 million across 20 attacks. This year, they stole roughly $1.34 billion across 47 incidents. The 2024 figures represent 20 percent of total incidents Chainalysis tracked for the year and a whopping 61 percent of the total funds stolen by all actors.

The sheer domination is impressive, but the researchers emphasize the seriousness of the crimes. “US and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security,” Chainalysis wrote.

@Wired

Check Also

Australian Cyber Security Centre Alert for Fortinet Products

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public …

Leave a Reply

Your email address will not be published. Required fields are marked *