In 2024, a notable increase in cyberattacks targeting U.S. critical infrastructure has been observed, particularly focusing on network devices and software-as-a-service (SaaS) systems. This surge reflects a concerning trend where threat actors exploit vulnerabilities to compromise essential services, thus heightening security risks for businesses and government entities alike.
Among the most significant incidents was the widespread exploitation of Ivanti’s Connect Secure VPNs, which were compromised shortly after the disclosure of critical vulnerabilities. These zero-day flaws were targeted heavily by adversaries, leading to breaching organizations including the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The consequences were dire, with thousands of devices thought to be affected. Such attacks exemplify the tactic of gaining initial access via vulnerabilities, a common method in the MITRE ATT&CK framework.
Additionally, the ransomware attack against Change Healthcare, part of the UnitedHealth Group, severely disrupted health care services across the U.S. The cybercriminal group behind this attack utilized stolen credentials to infiltrate the system, exposing sensitive patient information. The incident involved key tactics such as credential dumping and lateral movement within the network, highlighting the ease with which attackers can escalate privileges once inside a system.
Data theft remained a persistent issue, as evidenced by another breach affecting Snowflake customers, which included major corporations like AT&T and Ticketmaster. This series of attacks leveraged stolen passwords to gain unauthorized access, underlining the importance of implementing multifactor authentication to prevent such breaches. The attacks allowed for data exfiltration, further demonstrating techniques tied to data theft as outlined in the MITRE ATT&CK tactics.
The geopolitical dimension of cyber threats has also become pronounced, with nation-state groups like the China-linked Salt Typhoon successfully targeting telecommunication giants, including Verizon and T-Mobile. These attacks not only compromised communication records but also sought to gain continuous access to sensitive government information. Such activities are indicative of advanced persistent threats (APTs), employing sophisticated methods for persistence and data collection.
In the water treatment sector, a new wave of attacks disrupted services as hackers targeted critical infrastructure through compromised small office/home office (SOHO) routers. These efforts reflect a shift in adversary tactics, where previously “off-limits” targets are now being aggressively pursued by malicious actors. The increased frequency of attacks on strategic infrastructure signals a significant change in the landscape of cybersecurity threat assessments.
Throughout 2024, network security devices, including firewalls and VPNs, became prime targets for exploitation. Vulnerabilities in widely used systems from manufacturers like Fortinet and Cisco have been actively exploited in attacks, showcasing a range of adversarial techniques that align with initial access and exploitation tactics in the MITRE ATT&CK framework. Security experts anticipate that as long as these devices remain connected to the internet, they will continue to attract cyber threats.
As businesses enhance their digital footprints, the critical need for robust cybersecurity measures becomes increasingly apparent. Regular security assessments, updates to infrastructure, and employee training on best practices for credentials and access management are essential to mitigate the risks posed by evolving threat landscapes. Understanding the tactics outlined in frameworks like MITRE ATT&CK can aid organizations in developing a comprehensive defense strategy against cyber threats.
