In 2024, significant events in the realm of cybersecurity have underscored the growing threats businesses face in the digital age. A series of notable cyberattacks, data breaches, the emergence of new threat groups, and the exploitation of zero-day vulnerabilities have attracted attention from cybersecurity professionals and business owners alike.
One of the most alarming incidents occurred in October when the Internet Archive suffered a dual assault. Hackers breached the site, stealing user data pertaining to over 33 million users, while a simultaneous Distributed Denial of Service (DDoS) attack disrupted operations, allegedly orchestrated by the pro-Palestinian group SN_BlackMeta. The cybercriminals exploited an exposed GitLab configuration, gaining access to the organization’s source code and database management systems, thus amplifying the scale of the breach. This incident is indicative of the “initial access” technique outlined in the MITRE ATT&CK framework, where attackers capitalize on weak configurations or exposed credentials.
Another significant breach involved a faulty update from CrowdStrike on July 19, which led to the malfunction of cybersecurity software across approximately 8.5 million Windows devices globally. The malfunction was rooted in a flaw within CrowdStrike’s content validation process, resulting in countless devices entering endless reboot loops. The aftermath saw not only widespread operational disruption for various sectors, including finance and healthcare, but also a new wave of cybercriminal activities. Attackers seized the opportunity to disseminate counterfeit repair tools—deployed as malware—further complicating recovery efforts. This event can be framed within MITRE tactics of “disruption” and “credential theft,” as attackers sought to exploit user vulnerabilities during a chaotic moment.
In June, the Biden administration announced a ban on Kaspersky antivirus software, impacting its US customer base. The abrupt termination forced customers to transition to alternative products, specifically UltraAV, which was installed without explicit consent from users. This incident raised significant concerns over software supply chain vulnerabilities, emphasizing tactics related to “command and control” whereby adversaries leverage legitimate software to propagate threats within user environments.
Moreover, Microsoft disclosed a breach attributed to Russian state-sponsored actors targeting their corporate email servers in November 2023. The attackers utilized a password-spray technique to access high-value email accounts, enabling them to extract sensitive information including corporate intelligence on Microsoft’s defensive strategies. This breach falls under MITRE ATT&CK tactics of “credential dumping” and “collection,” exposing the interconnectedness of corporate communications and the potential for espionage.
A staggering event transpired in August when nearly 2.7 billion personal records from the National Public Data database found their way onto a hacking forum, unveiling sensitive data such as Social Security numbers and email addresses. The attackers had planned to sell the data for 3.5 million dollars before opting for a distribution strategy instead. This breach highlights techniques associated with “exfiltration” as threat actors seek to monetize stolen data for illicit gain.
The telecom sector also faced significant threats this year, especially from a Chinese state-sponsored group known as “Salt Typhoon.” This group executed a campaign designed to infiltrate telecommunication providers, including prominent names like AT&T and Verizon, to intercept sensitive communications, thereby posing grave national security risks. This situation encapsulates numerous MITRE tactics such as “network exploitation” and “exfiltration over command and control channel,” exposing vulnerabilities in critical infrastructure.
The prevalence of information-stealing malware has surged in 2024, employed in various cybercrime campaigns targeting individuals and organizations alike. These malicious software variants typically harvest browser data, passwords, and payment information, making them instrumental in subsequent attacks on corporate networks. The “collection” tactics within the MITRE framework are clearly reflected in these campaigns, underscoring the critical need for robust cybersecurity measures, including multi-factor authentication.
As organizations navigate the complex cybersecurity landscape of 2024, awareness of these incidents and understanding their underlying tactics according to the MITRE ATT&CK framework will be essential for business owners aiming to fortify their defenses against the rising tide of cyber threats. The convergence of accessible technology with sophisticated attack vectors necessitates a proactive approach to security, ensuring organizations can safeguard their assets in an increasingly perilous digital environment.
