From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Thursday, December 12th, 2024, and today, we’re counting down the top 10 cybersecurity headlines of 2024. This year brought no shortage of challenges—from healthcare breaches exposing millions of records, to CrowdStrike’s worldwide outage that disrupted businesses across the globe, and even one breach that cascaded from one company to another. These stories reflect the ever-evolving threats we face and some of the critical lessons learned along the way. And now, in no particular order, let’s dive into the year that was, in cybersecurity.”
In July 2024, a massive compilation of nearly 10 billion unique plaintext passwords, dubbed “RockYou2024,” was leaked on a popular hacking forum. This dataset amalgamated passwords from thousands of previous breaches, both old and recent, creating an unprecedented repository of compromised credentials. The leak significantly heightened the risk of credential stuffing attacks, where cybercriminals exploit reused passwords to gain unauthorized access to various accounts. Security experts urged individuals to immediately reset compromised passwords, adopt strong and unique passwords for each account, utilize password managers, and enable multi-factor authentication to mitigate potential threats.
In January 2024, Microsoft revealed that the Russian state-sponsored group Midnight Blizzard (also known as APT29 or Nobelium) had infiltrated its corporate email systems. The attackers employed a password spray attack to compromise a legacy non-production test account lacking multi-factor authentication. This initial breach allowed them to escalate privileges and access a small percentage of corporate email accounts, including those of senior leadership and cybersecurity personnel. The group exfiltrated emails and attachments, aiming to gather intelligence on Microsoft’s knowledge of their operations. Microsoft has since implemented enhanced security measures across its environments to prevent similar future incidents.
In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a ransomware attack by the ALPHV/BlackCat group, compromising the personal and health information of over 100 million individuals—the largest healthcare data breach in U.S. history. The stolen data included names, contact details, Social Security numbers, medical records, and financial information. The breach disrupted healthcare services nationwide, affecting claims processing and patient care. UnitedHealth paid a $22 million ransom to the attackers and has been notifying affected individuals, offering two years of free credit monitoring and identity protection services.
In April 2024, National Public Data, a background check company, suffered a massive data breach that exposed approximately 2.9 billion records, affecting up to 170 million individuals across the U.S., U.K., and Canada. The compromised data included full names, Social Security numbers, mailing addresses, email addresses, and phone numbers. The breach was attributed to a third-party hacker who gained access to the company’s systems in December 2023, with data leaks occurring from April through the summer of 2024. This incident led to multiple class-action lawsuits and significant reputational damage, ultimately resulting in National Public Data filing for Chapter 11 bankruptcy in October 2024.
In mid-2024, a cybercriminal group identified as UNC5537 executed a series of attacks targeting customers of Snowflake, a prominent cloud data platform. By exploiting credentials harvested through infostealer malware, the attackers accessed approximately 165 customer accounts lacking multi-factor authentication (MFA), leading to the exfiltration of substantial volumes of sensitive data. Notable victims included Ticketmaster, Santander Bank, and AT&T, with the latter’s breach exposing call records of over 100 million customers. The attackers attempted to extort affected organizations, demanding ransoms to prevent the public release of stolen data. In response, Snowflake collaborated with cybersecurity firm Mandiant to investigate the breaches and has since initiated plans to mandate MFA for all user accounts to enhance security.
In May 2024, Ticketmaster experienced a significant data breach that exposed personal information of approximately 560 million customers worldwide. The hacking group ShinyHunters claimed responsibility, offering 1.3 terabytes of stolen data—including names, addresses, phone numbers, and partial credit card details—for $500,000 on the dark web. Ticketmaster detected unauthorized activity on May 20 and has since collaborated with law enforcement and cybersecurity experts to investigate the breach. The company assured customers that their accounts remain secure and offered affected individuals 12 months of free identity monitoring services. Customers are advised to monitor their financial accounts for suspicious activity and be vigilant against potential phishing attempts.
In July 2024, AT&T disclosed a significant data breach that compromised the call and text records of nearly all its wireless customers. The breach affected approximately 110 million individuals, exposing metadata such as phone numbers, call durations, and associated cell tower locations. While the content of communications and sensitive personal information like Social Security numbers were not included, the exposed data could still be exploited for targeted phishing attacks and other malicious activities. AT&T has since secured the breach, notified affected customers, and is collaborating with law enforcement, resulting in at least one arrest related to the incident.
In May 2024, Ascension, a major U.S. healthcare system, suffered a ransomware attack initiated by an employee inadvertently downloading a malicious file. The Russian-linked Black Basta group was identified as the perpetrator. The breach disrupted operations across Ascension’s 140 hospitals, leading to ambulance diversions, postponed medical procedures, and a six-week outage of electronic health records (EHR). Financially, the attack contributed to a $1.1 billion net loss for the fiscal year ending June 30, 2024, due to delays in revenue cycle processes and increased remediation costs. Ascension has since restored EHR access and is collaborating with cybersecurity experts to strengthen its defenses and prevent future incidents.
In June 2024, CDK Global, a leading software provider for automotive dealerships, fell victim to a ransomware attack by the BlackSuit group, causing widespread operational disruptions across approximately 15,000 dealerships in North America. The breach forced many dealerships to revert to manual processes, significantly slowing down sales and service operations. To expedite system restoration, CDK Global reportedly paid a $25 million ransom to the attackers. The incident not only highlighted vulnerabilities within the automotive sector’s digital infrastructure but also underscored the substantial financial and operational risks associated with cyberattacks.
In July 2024, a defective software update from cybersecurity firm CrowdStrike caused a global IT outage, disrupting numerous industries. The faulty update led to widespread system crashes, notably displaying the “blue screen of death” on Windows devices. This incident affected over 8.5 million devices worldwide, grounding thousands of flights, halting financial transactions, and impairing healthcare services. The recovery process was complex, requiring manual interventions and system reboots, which prolonged downtime for many organizations. The outage highlighted the critical need for robust software testing and the vulnerabilities inherent in centralized cybersecurity solutions.
And those are your top headlines for the year of 2024. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite podcast platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.
Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.