Jakarta, INTI - In 2024, cyber-attacks wreaked havoc across various industries, causing widespread disruption to organizations and critical services globally. Sensitive personal data was stolen, often sold to malicious actors or used to extort victims. As the sophistication of cyber-attacks increases, no sector seems to be off-limits. Below is an in-depth analysis of the ten most significant cyber-attacks in 2024, based on factors such as data loss, recovery costs, real-world impacts, and geopolitical implications.
1. LoanDepot Attack Disrupts Mortgage Payments
On January 8, LoanDepot, one of the largest retail mortgage lenders in the US, faced a ransomware attack that disrupted its systems and hindered customers from making mortgage payments. By January 22, it was revealed that 16.6 million customers had their sensitive personal data, including Social Security numbers and financial account details, stolen. Recovery costs amounted to $26.9 million, encompassing remediation, legal fees, and litigation settlements.
2. Ivanti Zero-Day Exploitation
In early 2024, critical zero-day vulnerabilities in Ivanti’s Connect Secure and Policy Secure gateways were massively exploited. These vulnerabilities affected sectors like government, military, and telecommunications. The US Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directives to mitigate the vulnerabilities. Chinese nation-state actors were suspected of leveraging these exploits for espionage, raising concerns about geopolitical tensions.
3. Volt Typhoon Targets US Critical Infrastructure
On January 31, the US Department of Justice announced the takedown of Volt Typhoon, a Chinese state-sponsored group targeting critical US infrastructure. By February, it was revealed that the group had infiltrated communications, energy, and water networks. Experts believe these actions were strategic moves by Beijing, potentially aimed at disrupting critical services during heightened geopolitical tensions.
4. Change Healthcare Ransomware Attack
In February, Change Healthcare, a major healthcare payment provider in the US, suffered a ransomware attack. This incident disrupted prescription services nationwide. The attackers, identified as the ALPHV/BlackCat gang, extorted a $22 million ransom. However, the gang dissolved shortly after, leading to extensive fallout, including the breach of 100 million health records. Investigations continue into Change Healthcare's compliance with data protection regulations.
5. MediSecure Breach in Australia
In May, Australian prescription provider MediSecure suffered a ransomware attack compromising 12.9 million health records, including prescription details. The breach led to financial collapse as the company failed to secure government funding for recovery costs. The stolen data was later found for sale on the dark web, further amplifying concerns about healthcare cybersecurity.
6. NHS Pathology Services Ransomware Incident
A ransomware attack on UK NHS hospitals’ pathology services in June caused cancellations of thousands of surgeries and blood transfusions. The Qilin ransomware gang claimed responsibility, releasing 400GB of stolen patient data. Full recovery took several months, underscoring the vulnerability of healthcare systems to cyber threats.
7. Snowflake Attack Causes Multiple Breaches
In June, researchers discovered a systematic attack on Snowflake, a multi-cloud data warehousing platform. The breach impacted 165 organizations, including Ticketmaster, Santander, and AT&T. High-profile data leaks, such as customer records and sensitive employee data, raised alarms about cloud security.
8. Columbus City Ransomware Attack
In July, Columbus, Ohio, experienced a ransomware attack that exposed 3.1TB of sensitive data, including Social Security numbers and driver’s license information. Over 500,000 residents were notified of the breach, making it one of the most significant public sector breaches in recent history.
9. Seattle Airport Chaos
In August, the Port of Seattle faced a ransomware attack that disrupted operations at Seattle–Tacoma International Airport (SEA). The incident caused delays, with critical systems offline for weeks. Investigations revealed that the Rhysida gang was responsible, further highlighting the susceptibility of transportation networks to cyber threats.
10. Espionage Campaign on US Officials
A large-scale espionage campaign targeting US telecommunications providers compromised sensitive data of government officials, including call records and private communications. Chinese-affiliated threat actors, dubbed Salt Typhoon, were linked to the attack, marking one of the most significant espionage efforts of the year.
A Call for Enhanced Cybersecurity
The escalation of cyber threats in 2024 underscores the urgent need for robust cybersecurity measures. From healthcare to critical infrastructure, no sector is immune. Governments and organizations must prioritize investments in cybersecurity to safeguard sensitive data and mitigate potential disruptions in the future.