2024: A Cyber Year in Review

2024: A Cyber Year in Review

Expired

By Adam Crenshaw, Cybersecurity Expert

Now that we are well into 2025 it’s time to reflect on the past year’s most significant cybersecurity incidents and what they teach us about the evolving threat landscape. From easily exploitable vulnerabilities to large-scale, sophisticated operations, and the rise of AI-augmented threats; 2024 highlighted significant weaknesses across industries. Here’s a closer look at the key trends, major attacks, and crucial lessons to carry into 2025.

Low-Hanging Fruit from 2024:

While organizations continue to invest in advanced security solutions, many attacks in 2024 demonstrated that the simplest vulnerabilities remain some of the most exploited. Weak password hygiene, lack of multi-factor authentication (MFA) enforcement, unpatched systems, and a poor vendor management program left many organizations vulnerable.

  • LoanDepot: A major U.S. mortgage lender, suffered a ransomware attack that disrupted mortgage payment systems. According to Schappert (2024) the attackers exploited unpatched systems, highlighting the organizations lack of having a critical need for timely software updates. The financial impact of the attack was substantial, with LoanDepot reporting costs nearing $27 million (Kovacs, 2024).
  • Ticketmaster: The popular event exchange experienced a security breach exposing 560 million customer records, including sensitive payment information (Lauritzen, 2024). The breach was attributed to inadequate access controls and failure to implement MFA attributed to third party service providers. In response to the incident, Ticketmaster has been notifying affected customers and offering guidance on protective measures. The company has also faced legal actions, including a class-action lawsuit, due to the breach.
  • Snowflake: The cloud storage company announced that customer accounts had been accessed by a bad actor. The attackers leveraged login credentials harvested from employees' devices. These credentials were then used to access Snowflake accounts that did not have MFA enabled. The stolen information varied by organization but included personally identifiable information (PII), financial records, and communication logs. Approximately 165 organizations were notified of potential exposure, with confirmed data thefts from companies such as Ticketmaster, Santander Bank, and AT&T. For instance, AT&T reported that nearly all records related to its customers' calls and texts from a seven-month period in 2022 were stolen (Burgess, 2024). In AT&T's case, call and text records were compromised.

These case studies represent how easy targets such as weak password practices, optional or poorly implemented MFA, unpatched systems, and misconfigured cloud environments provided attackers with easy wins. This low hanging fruit can easily lead to breaches, ransomware attacks, and data leaks. 

More Sophisticated Attacks:

2024 also saw large-scale cyber-attack operations including supply chain compromises, state-sponsored cyberattacks on critical infrastructure; demonstrating the growing capabilities of adversaries. High-profile incidents included malware-laden software updates, ransomware targeting global supply chains, and massive data breaches exposing millions of records.

  • Synnovis Ransomware Attack: In 2024, Synnovis, a laboratory services provider for the UK's National Health Service (NHS), suffered a ransomware attack attributed to the Qilin group. The attackers exfiltrated 400GB of sensitive data, leading to significant operational disruptions, including the cancellation and delay of thousands of medical procedures (Alder, 2024).
  • Salt Typhoon Cyberattack: Hackers identified as "Salt Typhoon," breached U.S. internet service providers by infiltrating Cisco Systems routers. This campaign aimed to gather sensitive information and establish footholds in critical broadband infrastructure, reflecting the ongoing success of China's digital espionage activities (Geller, 2025).
  • XZ Utils: A critical security breach was identified in XZ Utils, a widely used data compression library in Unix-like systems. The breach involved a backdoor introduced in versions 5.6.0 and 5.6.1, allowing attackers to execute remote code on affected systems. Popular Linux distributions like Debian, Red Hat, and SUSE integrated these vulnerable versions, potentially exposing thousands of systems globally (Brekkan, 2024). The vulnerability posed a direct threat to servers, IoT devices, and development environments relying on Linux.
The Rise of AI-Based Attacks

In 2024, cybercriminals exploited AI to execute highly sophisticated attacks, revolutionizing phishing, fraud, and social engineering. AI-generated phishing emails and websites targeted financial institutions and professionals, while deepfake technology was used to clone voices. Large-scale event-based scams, such as fake domains mimicking further demonstrated AI’s potential for cybercrime. These incidents highlighted the dual-edged power of AI, driving organizations to adopt advanced defenses and reinforcing the urgency of addressing AI-enabled security threats.

  • Abuse Attacks on AI Systems: The National Institute of Standards and Technology (NIST) identified "abuse attacks," where adversaries inserted incorrect information into legitimate sources that AI systems rely on, causing the AI to behave inappropriately (Boutin, 2024). These attacks exploited the trust AI systems place in their data sources, leading to manipulated outputs and decisions
  • Deep Fake Impersonations: An advanced deepfake operation targeted U.S. Senator Ben Cardin, where attackers impersonated Ukrainian official Dmytro Kuleba during a video call (Merica, 2024). The scheme was identified when the caller posed politically sensitive questions, prompting verification that revealed the deception.
  • AI-Enhanced Phishing and Social Engineering: Cybercriminals increasingly utilized AI to craft highly convincing phishing emails and messages, mimicking organizational communication styles to deceive recipients (Falade, 2023). Tools like WormGPT facilitated the creation of sophisticated phishing content, leading to a surge in successful social engineering attacks. An example of this occurred during the Paris 2024 Summuer Olympics where over 300 fraudulent websites were identified, purporting to sell tickets games. These sites closely resembled official ticketing platforms, misleading consumers into purchasing non-existent tickets (Thompson, 2024).
Conclusion

Overall cybersecurity in 2024 was a year of contrasts, from preventable vulnerabilities to sophisticated campaigns that disrupted entire industries. These events underscored the importance of foundational security measures like robust authentication, patch management, and employee training, as well as advanced defenses such as Zero Trust architectures. It also emphasizes the need for conducting security program assessments and incident based table-top exercises. The year’s key takeaway is clear: balancing basic hygiene with proactive, innovative defenses is essential to safeguarding the digital ecosystem in an increasingly complex threat landscape. As we look to 2025, these lessons remind us that cybersecurity is a continuous, collective effort to protect our organizations.

 References: 
Alder, S. (2024, June 22). Ransomware Group Leaks Data from 300 Million Patient Interactions with NHS. The HIPPA Journal. https://www.hipaajournal.com/care-disrupted-at-london-hospitals-due-to-ransomware-attack-on-pathology-vendor/
Boutin, C. (2024, January 4). NIST identifies types of cyberattacks that manipulate behavior of AI systems. NIST. https://www.nist.gov/news-events/news/2024/01/nist-identifies-types-cyberattacks-manipulate-behavior-ai-systems
Brekkan, Brjann. (2024, April 7). Microsoft FAQ and guidance for XZ Utils backdoor. TECHCOMMUNITY.MICROSOFT.COM. https://techcommunity.microsoft.com/blog/vulnerability-management/microsoft-faq-and-guidance-for-xz-utils-backdoor/4101961
Burgess, M. (2024, June 6). The snowflake attack may be turning into one of the largest data breaches ever. WIRED. https://www.wired.com/story/snowflake-breach-advanced-auto-parts-lendingtree/
Falade, P. (2023). Decoding the Threat Landscape : ChatGPT, FraudGPT, and WormGPT in Social Engineering Attacks. ArXiv, abs/2310.05595. https://doi.org/10.32628/CSEIT2390533.
Geller, E. (2025, January 17). The FCC’s Jessica Rosenworcel isn’t leaving without a fight. WIRED. https://www.wired.com/story/the-fccs-jessica-rosenworcel-isnt-leaving-without-a-fight/
Kovacs, E. (2024, August 7). Ransomware Attack Cost LoanDepot $27 Million. Security News. https://www.securityweek.com/ransomware-attack-cost-loandepot-27-million/
Lauritzen, D. (2024, October 17). The Biggest Cyber Attacks in 2024 and What We Can Learn from Them – Simple Systems. Simple Systems. https://simplesystemsutah.com/cybersecurity/the-biggest-cyber-attacks-in-2024-and-what-we-can-learn-from-them/
Merica, D. (2024, September 26). Sophistication of AI-backed operation targeting senator points to future of deepfake schemes | AP News. AP News. https://apnews.com/article/deepfake-cardin-ai-artificial-intelligence-879a6c2ca816c71d9af52a101dedb7ff
Pratapagiri, V. (2024, December 12). AppLite: a new AntiDot variant targeting mobile employee devices - Zimperium. Zimperium. https://www.zimperium.com/blog/applite-a-new-antidot-variant-targeting-mobile-employee-devices/
Schappert, S. (2024). LoanDepot finally reveals what data was exposed in Jan Hack. In cybernews.com. Cybernews. https://cybernews.com/news/loandepot-finally-reveals-what-data-exposed-in-jan-hack/
Thompson, H. (2024, June 11). Avoid Paris Olympics 2024 scam tickets: Tips to identify genuine tickets. Connexionfrance. https://www.connexionfrance.com/news/paris-olympics-ticket-scams-338-websites-identified-for-resale-fraud/664006