2024 was a banner year for cyber attacks across the globe. A few data points as it relates to cyber attacks which occurred in 2024 inlcude: According to the “The State of Ransomware 2024” report by Sophos, ransomware impacted 59% of respondents. Phishing attacks skyrocketed by 4,151% since the public release of ChatGPT in late 2022, as reported by SlashNext in “The State of Phishing 2024.” Netscout recorded around 8 million DDoS attacks in the first half of 2024. The IBM/Ponemon Institute report stated that the average total cost of data breaches in 2024 was $4.88 million. Below are Transcendent IT’s list top 10 list of cyber attacks for 2024.
1. Ransomware – Ransomware is a type of malware that encrypts the victim’s personal data until a ransom is paid. Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains and government services and led to tens of millions of dollars in ransom payments. TechTarget.com list 10 of the biggest ransomware attacks of 2024. Businesses and organizations should ensure they have a plan of some kind to respond to ransomware attacks.
2. Business Email Compromise – In a BEC scam—also known as email account compromise (EAC)—criminals send an email message that appears to come from a known source making a legitimate request. In the worst of cases, thousands or even hundreds of thousands of dollars are sent to criminals instead. Employees should verify payment and purchase requests in person if possible or by calling the person to make sure a request is legitimate.
3. State Sponsored Attacks – A state-sponsored attack is a well-funded, organized cyberattack or act of terrorism that is sanctioned by a government. These attacks are often used to achieve political, economic, or military objectives. Organizations have to take a proactive and holistic approach to cyber security, which should include security measures like continuous monitoring, regular vulnerability assessments, and prompt patch applications to protect their company and customer data
4. AI and Machine Learning – AI and machine learning cyber attacks, also called “adversarial attacks”, are malicious actions that exploit vulnerabilities in artificial intelligence (AI) and machine learning (ML) systems by manipulating input data to trick the AI into making incorrect decisions. Businesses and organizations should be sure to Implement role-based access control (RBAC) and multi-factor authentication (MFA) can help in securing AI models against unauthorized access, providing an additional layer of security by verifying user identities and restricting access based on user roles and permissions.
5. Insider Attacks – An “insider threat” cyber attack is a malicious act where someone with authorized access to an organization’s systems, like a current or former employee, contractor, or business partner, intentionally uses their privileged position to steal data, disrupt operations, or cause harm to the company, often for personal gain or revenge; essentially, a cyber attack originating from within the organization itself. To protect against insider threat attacks, businesses and organizations can implement access controls, security training, and data loss prevention solutions. They can also establish physical security, monitor user activity, and develop an incident response plan.
6. Social Engineering – Social engineering cyber attacks are a type of cybercrime that use psychological manipulation to trick people into giving away sensitive information. The goal is to gain access to systems, commit fraud, or steal personal information. A good defense against social engineering attacks is for security teams to keep software and firmware regularly updated, particularly security patches. Don’t run your phone rooted, or your network or PC in administrator mode. Even if a social engineering attack gets your non-administrative user account password, it won’t let an attacker reconfigure your system or install software on it.
7. Third Party Exposure – A third-party data breach is a security incident where a third party’s systems are compromised and sensitive data is stolen. This can happen when a malicious actor gains access to a third-party vendor’s systems or when a vendor’s systems are used to access sensitive information. To protect against third-party cyber attacks, you should implement a thorough third-party risk management process, including: evaluating vendor security practices during selection, establishing strong security contracts with clear expectations, conducting regular security audits, monitoring vendor compliance, and limiting data sharing with third parties, all while incorporating risk management into your contracts and performing due diligence before signing with any new vendor.
8. DNS Tunneling – DNS tunneling is a difficult-to-detect attack that routes DNS requests to the attacker’s server, providing attackers a covert command and control channel, and data exfiltration path. DNS is like a phonebook for the internet, helping to translate between IP addresses and domain names. Organizations can detect and prevent DNS tunneling attacks by: Implementing advanced DNS traffic analysis and monitoring tools. Using threat intelligence to identify and block known malicious domains. Configuring DNS security extensions (DNSSEC) to ensure the authenticity of DNS data.
9. Poor Cyber Hygiene – Poor cyber hygiene” refers to neglecting basic digital security practices, like using weak passwords, not updating software regularly, clicking on suspicious links in emails, or failing to use strong security measures, which can leave a person or system vulnerable to cyber attacks like malware, phishing scams, and ransomware, essentially opening the door for hackers to exploit these weaknesses; it’s considered a significant contributor to cyber breaches due to the lack of preventative measures. Network administrators can protect against poor hygiene cyber attacks by doing the opposite of what is described above.
10. Configuration Mistakes – A “configuration mistake cyber attack” refers to a cyber attack that exploits vulnerabilities created by incorrect settings or misconfigurations on a system, such as a server, network device, or application, essentially providing an easy entry point for hackers due to poorly configured security features like leaving default passwords unchanged, enabling unnecessary features, or not properly managing user permissions. Network administrators should develop a security minded checklist of items to ensure gets addressed when deploying new devices or software platforms on a network.
References
2024 ransomware report: Sophos State of ransomware. SOPHOS. (n.d.-a). https://www.sophos.com/en-us/content/state-of-ransomware
Cost of a data breach 2024. IBM. (n.d.). https://www.ibm.com/reports/data-breach
