CybersecuritySpooky Cyber Incidents of 2024
Read the blog to learn about frightening cyber incidents that rocked the business world in 2024. Learn more.
By
Adam Marget
10 minute read
This Halloween, the scariest stories aren’t coming from haunted houses or graveyards — they’re lurking in the darkest corners of the digital realm. In 2024, cyberattacks reached a blood-curdling level of sophistication, leaving businesses in a constant state of terror. From ransomware to phishing, these modern-day data ghosts relentlessly target organizations, draining their resources, damaging reputations and causing sleepless nights. About one in three businesses fell victim to a SaaS data breach in the past 12 months, indicating a 5% increase compared to the previous year. Software-as-a-Service (SaaS) data is often the first to be snatched by these cyber ghouls, putting your business-critical information at risk. Even a minor data breach incident can have devastating consequences without a robust disaster recovery (DR) plan.
In a year filled with catastrophic cyberattacks, it is clear that no business is safe. With threat actors upgrading their attack methods faster than you can say “trick or treat,” protecting your organization’s data is now more important than ever. In this blog, we’ll take a look at some of the most frightening cyber incidents that shook the business world in 2024 and why investing in SaaS backup solutions is your best defense against the horrors that await.
The most haunting data breaches of 2024
Cyberattacks have become a growing concern for businesses of all sizes and across all industries. Let’s explore some of the creepiest cyberattacks of 2024.
AT&T
In 2024, AT&T, one of the largest telecommunications companies in the world, suffered a large-scale data breach. The incident exposed the call and text records of nearly all its wireless customers (current and former). The compromised data also included information belonging to landline customers who dialed or received calls from these phone numbers between May 1 and October 31, 2022.
According to reports, the breach resulted from unauthorized access to a third-party cloud service. Hackers used stolen credentials to infiltrate and extract customer data.
While sensitive information, such as Social Security numbers and call or text content, were not compromised, the stolen data included phone numbers, call durations and cell site identifiers. Threat actors can use such information in combination with data from other breaches, which could potentially lead to targeted phishing attacks and privacy invasions.
The company also suffered similar breaches in January 2023 and March 2024. Such incidents can have far-reaching consequences, including revenue loss, regulatory fines, reputational damage, operational disruption and legal consequences.
Dell Technologies, Inc.
In May 2024, Dell Technologies, Inc., a leading technology hardware company, confirmed a large-scale data breach that exposed records of nearly 50 million customers. The threat actor named Menelik registered as partners using different names on a Dell portal. Once approved, the perpetrator was able to gain access to the portal using the brute force attack method. According to reports, the hacker sent thousands of requests per minute to the page containing sensitive information, allowing him to extract large volumes of customer records. For almost three weeks, Menelik managed to extract customer data without being noticed, which was later put on the dark web for sale.
The stolen data included customer names, addresses, Dell product details (such as service tags) and order histories dating back to 2017. Although no financial data or highly sensitive information, such as emails or phone numbers, were accessed, the breach still posed significant risks, particularly for phishing and identity theft schemes.
Dell experienced similar data breach incidents in September 2024, which exposed sensitive information belonging to its employees.
Synnovis
In June 2024, a massive ransomware attack on Synnovis, a pathology service provider for multiple National Health Service (NHS) trusts in London, stunned the U.K. health sector. Qilin, a Russian ransomware group, is believed to be behind the attack. The attack disrupted critical IT systems that support blood testing and diagnostics, resulting in the cancellation and postponement of thousands of patient appointments and procedures.
In June, the cybercriminal group published some of the stolen information online and demanded a $50 million ransom from Synnovis. This included partial administrative data that contained patient names, NHS numbers and some test-related details. However, Synnovis did not pay the ransom. It took several weeks for full services to resume across affected NHS trusts, highlighting the criticality of having a robust backup and DR strategy in place.
Incidents like this can not only expose sensitive patient information but can also affect operational efficiency and patient trust. Additionally, failing to comply with industry regulations could result in hefty fines and legal implications.
The new threats sending shivers down IT spines
Cybercriminals and their eerie tactics never cease to evolve. Their methods have indeed grown in sophistication and complexity. However, one of the main contributing factors to their success is an organization’s inaction or human error.
Massive data exposures —– Have you covered your SaaS?
Data exposure poses serious risks for businesses of all sizes, especially when 10% of cloud data is accessible to all employees, which increases the chance of accidental or malicious misuse. The Great SaaS Data Exposure report revealed that each terabyte of cloud storage holds over 6,000 sensitive files and nearly 4,000 folders that are shared with people outside the company, which can result in unauthorized access if they aren’t controlled or monitored.
This highlights the critical need for robust data protection strategies, such as strict access controls and encryption, to safeguard sensitive information and prevent data breaches that could harm a company’s operations and reputation.
Security methods, such as multifactor authentication (MFA), are critical in combating cyberattacks. However, MFA is only useful when enabled. Surprisingly, the report also found that, on average, companies had 4,468 user accounts without MFA. Threat actors can easily access these accounts. They only require a username and password, which they can exchange or purchase on dark web forums and marketplaces.
Another alarming revelation from the report is that typically, organizations had 33 administrative accounts with special privileges for managing user accounts, systems and settings. Of these accounts, over 50% did not have MFA enabled, making it easier for threat actors to gain unauthorized access.
Data can also be exposed through link sharing and incorrect permissions. While sharing links is essential for collaboration, it can also put critical data at risk of loss or exposure. The ease of sharing files makes it difficult to keep sensitive information secure, especially when links are overshared or not properly managed. This can expose data to unauthorized users, leading to theft. Many organizations have thousands of sharing links in Microsoft 365, with a large number open to all employees, increasing the risk of data breaches.
When organizations use SaaS and Infrastructure-as-a-Service (IaaS) applications, the potential for exposure increases since data can be shared not just within the company but globally. Many businesses struggle to control this access properly, with some having tens of thousands of sensitive records, including those protected by laws like HIPAA, GDPR and CCPA publicly available, which significantly heightens security risks.
Microsoft Quick Assist abused for social engineering in ransomware attacks
In April 2024, cybercriminals were able to exploit Windows Quick Assist, a tool designed for remote assistance, through social engineering attacks. The attackers, identified as Storm-1811, posed themselves as IT support staff and tricked the victims into granting them access to their devices through vishing (voice phishing). Once they were granted access, they deployed malicious software and installed Black Basta ransomware. Then, the attackers took control of the target’s device and moved across networks, enabling them to steal data and execute further malicious activities.
Session hijacking and MFA bypass
Session hijacking, previously linked to network-based man-in-the-middle (MiTM) attacks, now focuses on identity-based threats. Traditionally, this technique involved intercepting data between users and servers by exploiting unsecured networks or poorly encrypted sessions. However, attackers are now turning to identity-based tactics to execute session hijacking more effectively and bypass MFA.
Identity-based attacks trick users into handing over their authentication tokens, credentials or session cookies, allowing threat actors to bypass network security measures, including MFA. The new session hijacking method focuses less on breaking into networks and more on stealing session tokens through modern phishing techniques and malicious tools like infostealers.
Cloud platforms like Google Workspace, Microsoft 365 and Salesforce are heavily used for collaboration and data storage, making them attractive targets for session hijacking.
A strategic approach is essential when dealing with cybersecurity incidents to quickly mitigate threats, recover data and restore normal operations. Here are a few crucial steps to prevent data breaches and mitigate the impact of cybersecurity incidents.
Lesson 1: Incident response — Why waiting could be fatal
Having a robust incident response (IR) plan is critical for detecting, responding to and recovering from cyberattacks, such as data breaches and ransomware incidents. A well-prepared plan enables your company to respond to cybersecurity incidents quickly, helping to prevent further damage, minimize downtime and mitigate the costly fallout from breaches.
In the event of a ransomware attack, a quick and coordinated response can prevent malware from spreading across systems. IR planning helps identify and isolate threats early, preventing attackers from causing further damage and enabling you to restore business operations quickly.
Lesson 2: Employee training and phishing simulations — Strengthening your first line of defense
In 2023, about 9 million phishing-related cases were reported globally. In the first quarter of 2024 alone, nearly 1 million distinct phishing websites were identified across the globe.
Phishing is one of the most common attack methods, targeting employees with deceptive emails or websites designed to steal credentials or install malicious programs. Therefore, employee training is crucial to strengthening your first line of defense and preventing data breaches. Well-designed training and awareness programs, such as phishing simulations, help employees identify phishing schemes, social engineering attacks and other malicious activities.
With cyberattacks becoming more sophisticated, organizations are adopting AI and automation to strengthen their cybersecurity posture. According to the Cost of a Data Breach Report 2024, organizations that deployed AI security solutions and automation into their strategy saved an average of $2.22 million compared to those organizations that didn’t.
Lesson 3: Backup and disaster recovery — Your last line of defense
Backup and disaster recovery solutions are your organization’s last line of defense against data loss, ransomware and other cyber incidents. While preventive measures, such as firewalls, antivirus software and employee training, are crucial for avoiding threats, they are not foolproof. A comprehensive backup and disaster recovery strategy ensures that, even if preventive defenses fail, critical data can be recovered and business operations can resume with minimal or no disruption.
Regular backups protect your data from permanent loss in the event of a ransomware attack, sync error, hardware failure or accidental deletion. Storing backups in secure, off-site locations, such as cloud services, adds an extra layer of security.
Disaster recovery, on the other hand, not only helps in quick data restoration but also ensures the continuity of operations. It includes policies, processes and tools to recover infrastructure, applications and systems in the event of a disaster.
The future of resilience — Be prepared for 2025
Your Google Workspace, Microsoft 365 and Salesforce environments contain the lifeblood of your business operations — don’t let them fall victim to the terrors of the data monsters. Protect your mission-critical data with Spanning Backup, a secure, affordable and easy-to-use backup solution purpose-built for SaaS data protection.
Spanning Backup provides highly available and resilient backup for Google Workspace, Microsoft 365 and Salesforce data. Our automated solution makes backup effortless and eliminates the risk of data loss due to malware, ransomware, misconfigurations, natural disasters or accidental deletions.
Your valuable data is stored off-site in an immutable cloud storage, which means it cannot be altered or deleted. Spanning Backup protects data at rest with 256-bit AES object-level encryption and data in transit with Secure Socket Layer (SSL) encryption.
Spanning’s end-user self-service restore feature enables end users to quickly find and restore data to its original state with just a few clicks, reducing the burden on IT teams.
Spanning Backup for Google Workspace and Microsoft 365 offer integrated dark web monitoring for stolen or compromised credentials, enabling you to secure at-risk accounts before data loss occurs.
Cyberthreats are poised to become even more sophisticated in 2025. Are you ready? Level up your organization’s resilience with Spanning Backup. Request a personalized demo today to discover how Spanning Backup eliminates the fear and uncertainty of data loss.