Welcome to our annual wrap-up issue, where we reflect on the notable events in the tumultuous cybersecurity landscape of 2024. We’ll dive into memorable cyberattacks and data breaches, our top resources as well as a look ahead at what’s next. Exploring the impactful events and trends of 2024 offers valuable insights into the possibilities IT professionals may encounter in 2025.

---

---

---

Reported in: The Week in Breach News: 02/21/24 – 02/27/24

Exploit: Hacking

Change Healthcare, owned by UnitedHealth Group, suffered a major cyberattack by the BlackCat (ALPHV) ransomware group on February 21, 2024, exploiting a ConnectWise vulnerability. The hackers stole credentials from a server that did not have two-factor authentication enabled, and then exfiltrated data before deploying ransomware. UnitedHealth Group paid a $22 million ransom to recover data. The sensitive data of over 100 million people was exposed in the incident, and data breaches related to this attack continue to crop up months later. 

3 Key takeaways from this incident:

• Massive financial impact: The cyberattack on Change Healthcare cost UnitedHealth Group between $2.3 billion and $2.45 billion in 2024, far exceeding initial estimates of $1.6 billion. This figure does not include the $22 million ransom payment. 
• Widespread technological disruption: 94% of the hospitals in the U.S. were impacted by this attack. Over 100 Change Healthcare applications were affected, disrupting critical healthcare services, including pharmacy operations, medical records, and payment systems, with cascading effects across the U.S. healthcare system. 
• Severe operational strain on the U.S. healthcare sector: According to an AMA survey, 31% of impacted clinics were unable to make payroll, 55% used personal funds to cover expenses and 44% struggled to purchase medical supplies, highlighting the far-reaching consequences of cyberattacks on healthcare providers. 

The key lesson from this attack is that proactive cybersecurity measures and robust incident response planning are critical for organizations in high-stakes industries like healthcare. 

---

---

Reported in: The Week in Breach News: 06/12/24 – 06/18/24 

Exploit: Credential Compromise 

Snowflake, a major cloud-based data warehousing company, suffered a severe cyberattack that compromised the data of over 165 customers, including large corporations like AT&T, LiveNation/TicketMaster, and Santander. Attackers gained access by exploiting compromised employee credentials stolen from previous breaches and sold on the Dark Web. They accessed accounts lacking multi-factor authentication (MFA). Initially, Snowflake downplayed the impact and blamed weak customer security practices, but later admitted the breach occurred through a compromised employee account. 

Key takeaways from this incident:

• Service provider dangers: The breach exposed sensitive information, including personal data and proprietary business records. For instance, AT&T reported that the hackers accessed over 50 billion call logs, containing detailed customer information. 
• Credential security: This attack was primarily caused by compromised credentials and the absence of multi-factor authentication (MFA) on customer accounts, highlighting the importance of implementing MFA to protect sensitive data.
• Dark web credential compromise: Analysis showed some of the credentials identified in infostealer malware output had been for sale on the Dark Web for years and were still valid, which means those credentials hadn’t been rotated or updated. 

This attack highlights the importance of credential security. Companies must ensure that their employee credentials aren’t for sale on the dark web and enforce safe password policies including regular password rotation and MFA for every account. 

---

---

---

Reported in: The Week in Breach News: 06/12/24 – 06/18/24

Exploit: Ransomware

In June 2024, Synnovis, a key pathology services provider for the UK’s National Health Service (NHS) suffered a ransomware attack by the Russia-aligned cybercrime group Qilin that caused a massive disruption in NHS facilities throughout London. The incident led to 119 cases of associated patient harm as well as a shortage of Type 0 blood. The breach compromised sensitive data, with stolen information published online by the attackers. According to the Daily Mail, the attack resulted in the postponement of over 1,100 planned operations and more than 4,000 outpatient appointments. The incident prompted the UK government to propose stricter cybersecurity regulations for private contractors providing essential public services. By December 2024, Synnovis reported that almost all affected services had been restored, marking a significant milestone in their recovery efforts. 

Key takeaways from this incident:

• Severe service disruption: The Synnovis ransomware attack significantly disrupted pathology services for London’s NHS hospitals and GP practices, leading to delayed medical testing, deferred surgeries and postponed appointments
• Public health risk: At least 119 cases of patient harm were recorded and medical facilities experienced a shortage of Type O blood, creating a major danger to the public. 
• Regulatory changes: The incident spurred the UK government to propose stricter cybersecurity regulations for private providers working with public services, emphasizing the need for enhanced security protocols to prevent similar attacks. 

This incident shows how disruptive a successful cyberattack on critical infrastructure can be. Security failures can result in a threat to public health and safety. Private contractors handling critical operations for infrastructure components must be cognizant of the importance of maintaining strong security to prevent disaster.

---

---

Reported in: The Week in Breach News: 01/17/24 – 01/23/24

Exploit: Password spraying

In January 2024, Microsoft revealed that the Russia-aligned advanced persistent threat (APT) group Midnight Blizzard (NOBELIUM) infiltrated its corporate systems using a “password spray” attack, compromising email accounts of senior leadership and cybersecurity teams. Microsoft has been engaged in an ongoing conflict with the cybercrime group since 2020. The group, linked to Russia’s Foreign Intelligence Service, primarily targets governments, NGOs, and IT providers in the U.S. and Europe Investigations showed that customer email accounts were also breached. In response, Microsoft has worked with U.S. authorities to disrupt the group’s operations, resulting in the seizure of over 100 domains linked to their espionage activities. 

Key takeaways from this incident:

• APTs are dangerous threats: The Midnight Blizzard (NOBELIUM) group has been targeting high-profile organizations, including governments and IT providers, since 2020, highlighting the ongoing and evolving nature of cyber espionage threats. 
• Password spraying: The use of a “password spray” attack by the group emphasizes the importance of robust password policies and multi-factor authentication (MFA) in preventing unauthorized access to sensitive systems. 
• Collaboration and disruption: Microsoft’s partnership with U.S. authorities to disrupt NOBELIUM’s operations demonstrates the value of public-private cooperation in combating cybercrime, as seen in the seizure of over 100 domains linked to the group’s activities. 

APT groups like this state-sponsored cybercrime gang aren’t just looking for a quick payday; they’re seeking paths to steal data and potentially disrupt infrastructure. Collaboration between private companies and governments is crucial for uncovering and eliminating these sophisticated cybercriminal operations. 

---

---

Reported in: The Week in Breach News: 11/06/24 – 11/12/24

Exploit: Ransomware 

Schneider Electric, a French energy management company, faced three cyberattacks in quick succession. In January 2023, the company’s sustainability division was hit by Cactus ransomware directly impacting its EcoStruxure Resource Advisor platform, which is used by more than 2,000 companies worldwide.Then, in June, it was targeted by the Cl0p group through the MoveIT exploit. The third attack, by the emerging HellCat ransomware group, involved a demand for $125,000 in ransom in November 2024, with the attackers humorously suggesting payment in baguettes, though they preferred Monero. HellCat claimed to have breaches the company’s developer platform compromising critical data including project details, issues, plugins and over 400,000 user data rows, amounting to over 40GB of stolen information.

Key takeaways from this incident:

• Multiple attack risk: Schneider Electric was successfully hit by three attacks using three different tactics, showcasing the wide array of tactics bad actors employ as well as the myriad of potential cyberrisks that businesses face today
• Theft of proprietary data: The HellCat ransomware group stole significant amounts of sensitive data, underlining the serious risk of data breaches and the importance of securing platforms like JIRA. 
• Emerging threat actors: The involvement of a new group like HellCat shows the evolving nature of the cybercrime ecosystem with new threat actors emerging all the time.

The lesson learned is the critical need for robust cybersecurity measures across all systems, including timely patching of vulnerabilities and securing platforms that hold sensitive data. Additionally, organizations must be prepared for a range of attack methods and emerging cybercrime groups, as the tactics and demands of attackers continue to evolve. 

---

---

Our top 5 blogs of 2024 

---

Explore our top 5 blogs of 2024, where insight meets innovation and the latest trends take center stage. 

1. Are You Prepared for the Rise of AI-Enhanced Cyberattacks? 
2. What Should MSPs Have in Their Stack? 
3. IT Pros Can Help Mitigate the Growing Threat of Cyberattacks on Industrial Controls 
4. Is AI the New Frontline in Cybersecurity or Just Hype? 
5. Is That Email Really from the CEO, or is It Deepfake Phishing? 

---

---

Our top three reports and eBooks of 2024 are packed with essential cybersecurity knowledge, data-driven strategies and forward-thinking solutions. 

1. Kaseya Cybersecurity Survey Report 2024 
2. Midyear Cyber-Risk Report 2024 
3. A Comprehensive Guide to Email-based Cyberattacks 

---

---

---

The top three infographics and checklists of 2024 are designed to simplify complex data and provide a handy reference for smart cybersecurity practices.  

1. 5 Ways to Squeeze More From a Tight Security Budget 
2. The Cybersecurity Monster Hunter’s Checklist 
3. 4 Smart Moves to Reduce Your IT Cybersecurity Workload 

---

---

Unlock expert insights at your convenience with our top three on-demand webinars of 2024, offering actionable knowledge and strategic solutions.  

1. Stay Ahead of Cyberthreats: Exclusive Findings From Kaseya’s 2024 Cybersecurity Survey 
2. Shoring Up Your Weakest Cybersecurity Link: Your Employees 
3. Smooth Sailing in Cyber Seas: 12 Ways Kaseya’s Security Solutions Reduce IT Burden 

---

---

---

Are you future-ready? Explore the possibilities of cybersecurity in 2025 in these resources that offer critical insights into the trends shaping the future.  

• 2025 Cybersecurity Predictions webinar
• How Are Businesses Preparing for Cyber Risk in 2025? 
• Defending Tomorrow: What 2024 Tells Us About Cybersecurity in 2025 
• 12 Strategic Moves for Cybersecurity Success in 2025 

---

Thank you, readers!

---

As we wrap up our reflection on 2024, we want to extend our gratitude to the IT professionals who read our publication every week and share it with colleagues. We hope you’ve found our curated news on the latest cybersecurity trends, notable cyberattacks and Kaseya’s ongoing cybersecurity innovations insightful. We look forward to helping you stay informed and prepared for whatever 2025 has in store—it’s certain to be another exciting year! 

---

---