The Top Cyberattacks Of 2024 And What They Taught Us


Cyberattacks this year have escalated into a high-stakes battle, with increasingly advanced attacks targeting critical infrastructure, personal data, and corporate systems. From state-sponsored cyberattacks to ransomware campaigns, the top cyberattacks of 2024 have proven that threat actors have been weaponizing advanced technologies to exploit vulnerabilities in both private and public sectors.

According to the Cyble Global Cyber Threat Intelligence Overview 2024 report, ransomware attacks surged, with over 2,600 incidents across industries like healthcare, finance, and manufacturing.  

Major groups like LockBit and RansomHub are pushing the frequency of attacks to new heights. Dark web activity grew, with over 700 incidents linked to data leaks and malware sales. Additionally, the first half of 2024 saw over 33 billion records leaked, which included the “Mother of All Breaches” that exposed 26 billion.  

Among the top ransomware attacks of 2024, the BlackCat ransomware group played an important role in numerous breaches. Notably, groups like Volt Typhoon and Salt Typhoon, linked to China, have targeted vital U.S. infrastructure, while cybercriminals such as the BlackCat ransomware group have attacked organizations worldwide, compromising millions of sensitive records.  

Companies like Change Healthcare and Dell have faced massive data leaks, affecting tens of millions, and cybercriminals have used platforms like Telegram to distribute stolen data. These incidents are among the biggest data leaks of 2024, impacting millions of users and organizations worldwide. 

Meanwhile, advanced cyberattack techniques, such as exploiting vulnerabilities in legacy systems and using malware like KV Botnet, have continued to exploit weak points in global networks.


Let’s look at the top cyberattacks of 2024, highlighting the most impactful incidents. 

Top Cyberattacks of 2024: Looking Back at the Most Influential Attacks this Year! 

 The Cyber Express brings the compiled list of the top 10 cyberattacks of 2024, highlighting the most notorious attacks that affected companies, organizations, cities, individuals and governments worldwide.  

1. China-Backed Volt Typhoon Hackers Target U.S. Infrastructure 

top cyberattacks of 2024
Source: Federal Agencies

Volt Typhoon, a China-backed hacker group, recently carried out one of the top cyberattacks of 2024 on critical infrastructure in the U.S. and abroad. The mode of the weapon is reported to be KV Botnet malware, which was used to conceal their cyberattacks. The group exploited vulnerable SOHO routers, particularly Cisco and NetGear devices, which had reached their “end of life” and were no longer receiving security updates.  

These compromised routers allowed the hackers to target sectors like communications, energy, and transportation. In response, a court-authorized operation led by the FBI, Justice Department, and CISA successfully removed the KV Botnet malware from hundreds of infected routers and severed their connection to the botnet. 

This disruption is part of ongoing efforts to protect U.S. infrastructure from state-sponsored cyber threats. Officials called for replacing outdated routers to prevent reinfection and safeguard personal and national security. The FBI also encouraged public vigilance and continued reporting of suspicious activities. This attack is one of the biggest cyberattacks of 2024, with far-reaching implications for U.S. infrastructure 

2. Change Healthcare Cyberattack Exposes Personal Data of 110 Million Americans

Change Healthcare CyberattackChange Healthcare Cyberattack
Source: Change Healthcare

In February 2024, Change Healthcare (CHC) experienced a cyberattack, where hackers accessed sensitive data, including health insurance details, medical records, and personal information of millions of Americans.  

The breach, linked to the BlackCat ransomware group, exposed up to a third of the U.S. population, with potentially 110 million individuals impacted. CHC took immediate action to shut down affected systems and launched an investigation, with support from cybersecurity experts and law enforcement.  

The company confirmed that data was exfiltrated between February 17-20, 2024, and began notifying affected individuals in June. As part of its response, CHC offered two years of complimentary credit monitoring and identity protection services. They advised individuals to monitor financial statements and report any suspicious activities. 

3. Snowflake Cyberattack Attack Leaks 165 Enterprises’ Data 

Snowflake CyberattackSnowflake Cyberattack
Source: The Cyber Express

The Snowflake data breach, impacting 165 customers, is considered one of the largest breaches of 2024, potentially affecting hundreds of millions. Snowflake, a U.S.-based cloud data storage company, faced an attack in April 2024, with hackers gaining access via compromised employee credentials.  

These credentials were obtained through infostealing malware targeting demo accounts that lacked multi-factor authentication (MFA). Despite no breach of Snowflake’s core systems, attackers exploited vulnerabilities in third-party accounts, leading to the compromise of sensitive data from several high-profile clients. 

Companies such as Santander Group, TicketMaster, LendingTree, and Pure Storage were among those affected. For instance, TicketMaster reported the potential exposure of 560 million user details and card information. Snowflake emphasized that there were no breaches within its platform, but security flaws, including outdated credentials and lack of MFA, were key contributors. 

Snowflake has since collaborated with customers to enhance security, recommending MFA enforcement, regular credential rotation, and network access restrictions.  

4. Dell Data Breach 

Dell Data Breach Dell Data Breach 
Source: Dell

Dell confirmed a data breach after a threat actor claimed to have stolen approximately 49 million customer purchase records. The breach, which affected a Dell portal containing non-financial customer data, exposed information such as names, physical addresses, order details, and warranty information, but did not include financial data, email addresses, or phone numbers. 

Dell assured customers that no payment information had been compromised and was working with law enforcement and a third-party forensics firm to investigate the incident. The stolen data was later put up for sale on an underground forum by a hacker known as “Menelik,” who claimed to possess personal and company information from 7 million individual purchases and 11 million consumer business records.  

While Dell did not confirm the sale, the threat actor detailed the data, which spanned from 2017 to 2024, including system shipment dates, service tags, and warranty details. Although the sale ceased, Dell warned customers about potential phishing and smishing attacks.  

5. Ascension Health Faced $1.8 Billion Loss After Cyberattack Disruption 

Ascension Health data breachAscension Health data breach
Source: Ascension Health

In May 2024, Ascension Health, one of the largest nonprofit health systems in the U.S., experienced a massive cyberattack that disrupted its operations and hindered its financial recovery. The cyberattack severely impacted clinical operations, caused systemwide disruptions, and led to additional expenses for remediation. 

As a result, Ascension’s operating loss for the fiscal year ended at $1.8 billion, a setback after its earlier recovery. The attack also disrupted services, forcing Ascension to take certain systems offline and temporarily sever connections with business partners.

Despite this setback, Ascension’s overall financial performance for FY24 showed a $1.2 billion improvement over the previous year, demonstrating the strength of its recovery efforts before the cyberattack.

6. Ransomware Attack Disrupts CDK Global, Impacting 15,000 Dealerships 

CDK Global data breachCDK Global data breach
Source: The Cyber Express

In late June 2024, a ransomware attack on CDK Global, a key software provider for car dealerships, severely disrupted operations for major automotive retailers across North America. Companies such as Asbury Automotive, AutoNation, Lithia Motors, Penske, and Group 1 Automotive reported impacts due to the shutdown of CDK Global’s systems. 

These systems, essential for managing sales, inventory, financing, and customer relationships, were temporarily halted as CDK took precautionary measures. The attack affected over 15,000 dealerships, forcing many to revert to manual processes to continue operations. 

Asbury and other affected companies activated incident response plans, but the full extent of the data compromise remained unclear. Lithia Motors and Group 1 Automotive expressed concerns over the long-term financial impact, while Penske implemented contingency plans to maintain operations at its truck dealerships. CDK Global, which was negotiating with the ransomware group BlackSuit, acknowledged the attack and began working with third-party experts to assess the damage. 

7. City of Columbus Cyberattack by Rhysida Ransomware 

City of Columbus CyberattackCity of Columbus Cyberattack
Source: The Columbus Dispatch

The City of Columbus experienced a cyberattack by the Rhysida ransomware group, claiming to have stolen 6.5 terabytes of data, including employee passwords. However, Mayor Andrew Ginther confirmed that the stolen data was either encrypted or corrupted, making it largely unusable. He assured the public that no personal information had been leaked onto the dark web, offering some relief to residents and city employees. 

The cyberattack did not involve a ransom demand, which is unusual for ransomware attacks. Despite fears of compromised data, Ginther emphasized that any subsequent theft of personal information was likely unrelated to this specific incident. To protect employees, the city offered free credit monitoring and identity theft protection services, extending this to former employees as well. 

In response, the city enhanced its cybersecurity measures and increased training for employees. The attack, which stemmed from a compromised website download, led to a quick response from the city’s Department of Technology and collaboration with federal agencies. 

8. Star Health Data Breach Leaked Sensitive Customer Info on Telegram 

Star Health Data BreachStar Health Data Breach
Source: Star Health

Sensitive customer information from Star Health and Allied Insurance, India’s largest health insurer, was found publicly accessible on Telegram and other websites. The breach, which surfaced in August 2024, involved millions of customers’ medical reports, policy documents, and personal details being sold online. The threat actor, known as “xenZen,” used Telegram chatbots to distribute free samples of the data, while selling bulk information on the cybercrime platform BreachForums. 

The breach raised security concerns at Star Health as the data was readily accessible despite the company’s assurances. Telegram, a widely used messaging platform, was implicated for its role in facilitating the breach, as its chatbot feature was exploited by cybercriminals. Despite the platform’s efforts to remove the chatbots, new ones quickly emerged, continuing to sell the stolen data. Star Health confirmed the breach and assured customers that it was working with law enforcement to address the issue. 

9. Cencora Confirms Data Breach in Patient Support Programs, Offers Free Identity Protection 

CencoraCencora
Source: The Cyber Express

In February 2024, Cencora, Inc. discovered unauthorized access to its information systems, potentially exposing personal data through its Lash Group affiliate’s patient support programs for Bristol Myers Squibb. The breach was detected on February 21, 2024, and after containment and investigation, it was confirmed by April 10, 2024, that some individuals’ personal information, including names, addresses, birth dates, health diagnoses, medications, and prescriptions, was involved.

Cencora assured that there was no evidence of the data being misused or disclosed publicly but implemented precautionary measures, including offering free identity protection services. The company worked with cybersecurity experts, law enforcement, and outside attorneys to secure systems and prevent further incidents. Affected individuals were encouraged to enroll in Experian IdentityWorks for credit monitoring and identity restoration services, free for 24 months.

10. NHS Confirms Patient Data Stolen in June Cyberattack 

NHS EnglandNHS England
Source: NHS

NHS England confirmed that patient data managed by Synnovis, a pathology testing organization, was stolen in a ransomware attack on June 3, 2024. The Russian cyber-criminal group Qilin leaked nearly 400GB of private data on the darknet, including patient names, NHS numbers, and test details.

Over 3,000 appointments were disrupted by the attack, which also affected financial documents related to Synnovis and NHS trusts. The attackers encrypted Synnovis’ systems and downloaded private data, demanding a ransom in Bitcoin. Qilin claimed responsibility, citing political motives related to the UK’s foreign involvement.

Other Top Cyberattacks in 2024 That Shook the Horizon 

  • EigenLayer lost $5.7 million in a cyberattack where attackers stole 1.6 million EIGEN tokens via a compromised email. 
  • The Ticketmaster’s breach exposed 560 million customer records, including personal and credit card details. Hackers sold the data online, and affected users were warned to monitor their accounts. 
  • A Chinese hacking group, “Salt Typhoon,” stole data from eight US telecoms, compromising millions of customer records. The breach is called the worst telecom hack in US history. 
  • Microsoft detected a nation-state attack by Midnight Blizzard on January 12, 2024, compromising some corporate email accounts. No customer data was affected by the breach.  
  • British auction house Christie’s was forced to take its website offline following a cyber-attack, which also caused a delay in one of its live auctions.  
  • In April 2024, the City of Helsinki discovered a data breach in its education division, affecting tens of thousands. Hackers exploited an unpatched vulnerability in a remote access server to gain unauthorized access to a network drive. 
  • Ivanti patched critical zero-day vulnerabilities in its Cloud Service Appliance (CSA) after exploitation attempts. The flaws, affecting CSA versions 5.0.1 and earlier, allowed attackers to bypass restrictions and execute remote code. Ivanti released updates in CSA 5.0.2 and urged CSA 4.6 users to upgrade. 

Summing Up! 

The top cyberattacks of 2024, such as the theft of 110 million records from Change Healthcare, breaches impacting major corporations like Dell, and ransomware attacks disrupting essential services, have shown how vulnerabilities in both legacy and modern systems are being exploited.  

With the dark web fueling the distribution of stolen data, cybercriminals are changing their ways and adopting new technologies to target victims.

To fight against such adversaries, it is more than important for organizations to adopt advanced security protocols, collaborate across sectors, and raise public awareness to protect sensitive information and infrastructure. 



Source link