Closing out 2024, it’s time to look back at the cybersecurity stories that made the headlines and shook our industry to its core. Each of these events left its mark, and if we’re paying attention, they’ve also left us with lessons—hard-earned, but invaluable.
Let’s break it down, no bullshit, just the truth.
1. Salt Typhoon’s Infiltration of U.S. Telecommunications
The Story: Chinese state-sponsored hackers breached major U.S. telecom providers, gaining the ability to geolocate millions of Americans and intercept private communications. High-profile targets included President-elect Donald Trump and Vice President-elect JD Vance. The attackers infiltrated at least nine major telecom providers, including AT&T, Verizon, T-Mobile, and Lumen Technologies, gaining extensive access to their networks.
Why It Made the List: The U.S. government has described this incident as the largest telecommunications hack in the nation’s history, with significant implications for national security and individual privacy. This was one of the most significant espionage campaigns of the year, showing just how vulnerable critical infrastructure is.
The Lesson: Stop underestimating your adversaries. Our critical infrastructure remains painfully vulnerable, and it’s high time we prioritize defense. In fact, it’s woefully overdue.
More information: Politico, The Times, Bleeping Computer, TechCrunch, TechStory, Wired, Armis, Risk and Resilience Hub, Business News India, SimplyMac, AP News, Ars Technica, and FCC
2. CrowdStrike’s Faulty Update Causes Global IT Outage
The Story: In July 2024, a faulty update to CrowdStrike’s Falcon Sensor security software caused a global IT outage, impacting approximately 8.5 million Windows systems. This incident led to widespread disruptions across various sectors, including aviation, healthcare, finance, and media.
Why It Made the List: The scale of this incident was enough to make the list; however, considering that it was caused by one of our industry’s “good guys”, cemented this story in the top 10 of 2024. The outage resulted in estimated global financial damages of at least $10 billion.
The Lesson: Even defenders aren’t immune to catastrophic errors. We need to spend more time making and doing good sh*t, and less time (and money) marketing our half-assed sh*t. Cutting corners, in this case failure to thoroughly test and update before deployment, is inexcusable. We need better QA processes and contingency planning—period.
More information: CRS Reports, Reuters, TechCruch, New York Post, AP News, CISA, Bitsight, and Messageware
3. Change Healthcare Ransomware Attack
The Story: The ALPHV/BlackCat ransomware group attacked Change Healthcare (acquired by UnitedHealth Group in October 2022 for $13 billion), impacting over 100 million individuals and causing severe operational disruptions.
Why It Made the List: The scale of this attack and its consequences were among the most severe of the year. The attack incapacitated Change Healthcare’s payment processing systems, which handle approximately 40% of all U.S. healthcare insurance claims. This led to significant delays in payments to pharmacies, clinics, healthcare practices, and hospitals nationwide. Change Healthcare paid a ransom of $22 million to the attackers in an attempt to regain control over their systems, and an American Hospital Association survey indicated that 94% of hospitals experienced financial repercussions, with approximately 60% reporting daily losses of at least $1 million due to the incident.
I won’t even get started about the repercussions of this breach to the patients, the worst part (by far).
The Lesson: Just because a huge company has the money to address cybersecurity basics, doesn’t mean they are. The lack of preventative control, poor vulnerability management, and sh*tty incident response ends up costing everyone. Ransomware is everyone’s problem. Organizations must adopt better (even basic) proactive measures.
More information: The Verge, Wired, Pharmacy Times, The HIPAA Journal, HHS, WSJ, PCQ, TechCrunch, JAMA Network, CSO Online, Association of Health Care Journalists, and Capline Healthcare Management
4. Microsoft Email Breach by Midnight Blizzard
NOTE: This attack was launched in 2023, but wasn’t detected by Microsoft until January 12, 2024.
The Story: Russian hackers targeted Microsoft’s cloud services, gaining access to the emails of executives and U.S. government officials. The attackers employed a password spray attack to compromise a legacy, non-production test tenant account lacking multi-factor authentication (MFA). This foothold allowed them to move laterally within Microsoft’s network.
Why It Made the List: This breach highlighted vulnerabilities in cloud services and the potential for espionage. Sensitive information, including internal communications and documents, was stolen. The full extent of the data compromised remains undisclosed.
The Lesson: Just because “it’s in the cloud”, does NOT make it secure. Lack of MFA is begging for compromise and Zero trust isn’t a buzzword; it’s a survival strategy (always has been BTW).
More information: Microsoft Security Response Center, CISA, The Verge, Tech Monitor, GBHackers, CRN, wiz.io, and CloudDefense.AI
5. Snowflake Data Breach
The Story: Between April and June 2024, a significant data breach targeted over 100 customers of Snowflake Inc., a prominent cloud data platform. The cybercriminal group Scattered Spider, notably members known as “Waifu” (Connor Riley Moucka) and “IRDev” (John Erin Binns), orchestrated these attacks. They used stolen credentials to access data from major companies via the popular Snowflake platform.
Why It Made the List: Prominent companies such as AT&T, Ticketmaster, Santander Bank, Advance Auto Parts, and LendingTree were among those compromised. The breach led to the exposure of sensitive information, including customer call logs, personal details, and financial records. For instance, AT&T reported that phone and text logs from May to October 2022 for nearly all its customers were exposed. This breach underscored the risks associated with third-party services.
The Lesson: The breach underscores the necessity for robust security measures, including the implementation of MFA and regular monitoring for unauthorized access. Vet your partners thoroughly, and never assume your security is airtight just because you’re using a “trusted” platform. Dependency on external platforms demands accountability.
More information: Wired, The US Sun, Barron’s, TechCrunch, Tom’s Guide, StrongDM, Proven Data, and CRN
6. North Korean Cryptocurrency Theft
The Story: North Korean hackers stole approximately $1.34 billion in cryptocurrency in 2024, partially (or mostly) to fund weapons programs. A few of the more notable thefts were:
- DMM Bitcoin Hack: In May 2024, Japanese cryptocurrency exchange DMM Bitcoin Co. suffered a loss of 48 billion yen (approximately $308 million).
- WazirX Breach: In July 2024, India’s WazirX exchange was compromised, leading to the theft of around $234.9 million.
Why It Made the List: This activity highlighted the intersection of cybercrime and geopolitical tensions. The United Nations and various intelligence agencies have reported that proceeds from these cyber activities are channeled into North Korea’s ballistic missile and nuclear weapons programs, circumventing international sanctions.
The Lesson: Cryptocurrency platforms need to harden their defenses. Governments need to treat this as more than just theft—it’s an international security issue.
More information: Cointelegraph, CCN, Financial Times, Cybersecurity News, GBHackers, SecurityWeek, and TechRadar
7. National Public Data Leak
The Story: In early 2024, National Public Data (NPD), a data brokerage firm specializing in background checks and fraud prevention, experienced a significant data breach. This incident exposed approximately 2.9 billion records containing sensitive personal information of up to 170 million individuals across the U.S., U.K., and Canada.
Why It Made the List: The scope of this breach is staggering in terms of the number of people affected. This raises serious concerns about data privacy and security beyond the bullshit we’re (sadly) growing used to.
The Lesson: Data brokers need stricter regulations, and we all need to demand better stewardship of our data.
More information: Microsoft Support, Tolu Michael, TenForums, ITPro, and ClassAction.org
8. IntelBroker’s Series of High-Profile Breaches
The Story: In 2024, the cybercriminal entity known as IntelBroker orchestrated a series of high-profile breaches targeting major technology companies, including Cisco, AMD, and Apple.
Why It Made the List: The sheer amount of data that was stolen is staggering as were the targets. For instance:
- The Cisco breach resulted in the exfiltration of approximately 4.5 terabytes of sensitive data, including source code, hardcoded credentials, API tokens, and confidential documents.
- The AMD breach resulted in IntelBroker obtaining data related to future products, employee databases, customer information, source code, firmware, and financial records. The group offered this data for sale on dark web marketplaces.
- From Apple, the group acquired source code for several internal Apple tools, which were subsequently leaked on BreachForums. These tools were related to internal Apple processes, such as authenticating users and sharing information within Apple’s network.
The Lesson: Even the largest, most respected tech companies cannot prevent all bad things from happening. Collaboration across sectors is essential—we’re all targets, and we’re stronger together.
More information: Cybersec Sentinel, CloudSEK News, Cybersecurity News, Tom’s Hardware, Daily Security Review, and Threat Intel Report
9. IronNet’s Collapse
The Story: In September 2024, IronNet, a cybersecurity firm founded by former NSA Director Keith Alexander, announced its closure after depleting its financial resources. Once valued at over $3 billion following its 2021 public listing, the company failed to deliver on its ambitious promises, leading to a significant downfall.
Why It Made the List: The company’s downfall was a cautionary tale about overpromising and underdelivering, a tale all too common in our industry.
The Lesson: In cybersecurity, reputation gets you in the door, but results keep you there. Delivering high-quality, effective solutions is essential for success in any business. Sadly, there are still many more cybersecurity firms that are faking it in our industry. Unless they figure out how to do sh*t right they will also fail.
More information: AP News, This Week Health, HotAir, Military Benefits Hub, Economic Times, U.S. News & World Report, and TechRadar
10. Enhanced Cybersecurity Regulations for Healthcare Providers
The Story: U.S. regulators proposed stringent cybersecurity measures for hospitals, including mandatory multi-factor authentication and regular audits. Key regulatory developments included:
- Healthcare Cybersecurity Act of 2024: Introduced by a bipartisan group of senators, this act mandates the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the Department of Health and Human Services (HHS), to enhance cybersecurity measures within the healthcare and public health sectors.
- Health Care Cybersecurity and Resiliency Act of 2024: This legislation seeks to bolster cybersecurity across the healthcare sector by improving coordination between government agencies, updating cybersecurity standards, increasing breach reporting requirements, and providing grants to rural healthcare organizations lacking necessary resources.
- Proposed HIPAA Updates: The Department of Health and Human Services (HHS) proposed updates to the Health Insurance Portability and Accountability Act (HIPAA), introducing stricter security requirements.
Why It Made the List: These regulations (or potential regulations) represent the most significant shift in healthcare cybersecurity since 2013.
The Lesson: Regulations alone aren’t enough. We need to provide the tools and resources to help organizations comply effectively. We’re still missing the basics.
More information: The HIPAA Journal, Clearwater, Reuters, The Verge, WSJ, and SiliconANGLE
Final Thoughts
2024 was a year of hard lessons in cybersecurity. From state-sponsored espionage to self-inflicted wounds, the stories on this list remind us of one thing: we’re still playing catch-up. But here’s the silver lining—every breach, blunder, and battle offers an opportunity to get better. The question is, will we take it?
So, as we roll into 2025, let’s resolve to do better. Breaches and incidents are only symptoms of irresponsibility, they are not the cause. Their is still very little (or no) accountability for being irresponsible. We need more accountability, open collaboration, better security practices, and fewer excuses. Because let’s face it, the stakes couldn’t be higher.
Happy New Year, and here’s to a safer digital world.
-Evan