When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Security breaches wreak havoc, not just for businesses, but for their customers.
So far in 2024, around 20 major breaches have already occurred, all attributed to cyber attacks.
It includes a VPN, antivirus, fireball, and USB protection all controlled through a central dashboard.
Save 20% and keep your business safe by trying Avast Premium today.
What country is the biggest cybersecurity threat?
Cyber attacks dont just have a target.
The origin of the attacks is also significant.
Data breaches and denial of service attacks are launched from some of the worlds most powerful countries.
The assumption is that the USAs place on the list is due to organized crime on American soil.
More recent research (2024) fromOxford Universityhas been compiled into a Cybercrime Index.
What are the main causes of data breaches?
When private data is observed by a third party, it can be designated as a breach.
Small breaches can usually be easily dealt with.
Larger breaches that make headlines are another matter.
Stolen devices and insider activity may play a role, but breaches are almost always remotely coordinated.
UnitedHealths $872 Million Cyberattack
Be in no doubt that ransomware continues to be a massive problem.
UnitedHealths ChangeHealthcare platform was impacted by the attack.
This payment platform handles transactions between doctors, pharmacies, and healthcare professionals across the USA.
The attack is currently believed to have been executed via a vulnerable Citrix portal.
IMF
No one is safe from cyberattacks, not even the International Monetary Fund.
The IMF has 190 member countries and works to improve growth and prosperity around the world.
The organization has 2,400 employees, and in February 2024 it announced that 11 email accounts had been compromised.
This discovery was made during investigations into a cyber incident.
While there is no indication of any financial attack or loss, the official line is interesting.
Microsoft Office 365 accounts were targeted by a Russia-linked intelligence organization in January 2024.
However, the IMF hasstatedthat the incident does not appear to be part of Microsoft targeting."
All of which suggests a targeted attack on individuals at the IMF.
England and Wales Cricket Board Coaching Platform
Grassroots sport is an unlikely target for hackers.
But wherever there is data, so there is potential profit.
The icoachcricket platform was the target, an online coaching tool hosted and run by a third party.
It was laterestablishedthat the IntelBroker criminal operation was the likely culprit.
Email addresses, hashed passwords, backup password information, and other registration details are in the leaked database.
Cannes Hospital
Healthcare providers are increasingly targets of cybercrime.
As a major hospital in the region, Simone Veil handles 150,000 outpatient appointments and 50,000 emergencies a year.
While the majority of services were able to continue, communication and data handling were limited to legacy methods.
While initially suspected to be a ransomware attack, several weeks passed before clarification was issued.
On April 30, the hospital confirmed the LockBit 3.0 ransomware group was attempting to extort the establishment.
It appears attempts are being made to decrypt the targeted data.
Cencora is a pharmaceutical services company, providing distribution services for healthcare operations.
[…]data from its information systems had been exfiltrated, some of which may contain personal information.
No information has yet been released confirming a ransomware incident.
Similarly, the stolen data does not yet seem to have been leaked.
Significantly, Cencora has stated that it doesnt believe the attack is related to the UnitedHealth Group attack.
It seems multiple actors are targeting the healthcare sector.
Spoutible
Twitter alternative Spoutible was launched in February 2023 with over 150,000 users and various security issues.
By June 2023, the user count was around 240,000 users as the service launched Android and iOS apps.
Security researcher Troy Huntwas contacted in January 2024 with information concerning an API exploit, which he then investigated.
Along with email address and profile information, the API hack enabled the retrieval of bcrypt hashed passwords.
Tangerine Telecom
Australian ISP Tangerine wasbreachedon February 18, 2024, with over 200,000 records stolen by hackers.
This doesnt seem to be the usual external cyberattack attempt, however.
Instead, it seems to have been traced to either a known individual or someone with their credentials.
Tangerine has informed the relevant authorities of the breach, along with all of the affected customers.
It seems likely that leaked emails will be targeted by phishing operations.
Trello owner Atlassian claimed that the leak was not due to unauthorized access.
While accurate, the leak can still be attributed to poor Trello security.
The hacker apparently employed a public API to match an existing database of 50 million emails with Trello accounts.
Access to Trello is largely via private and corporate email addresses.
Exposing access to the service potentially offers a Trello-themed attack vector for a phishing operation.
This incident followed the November 2023 discovery of a zero-day vulnerability in Atlassians Confluence suite.
VARTA
A cyber attack on February 12th, 2024 caused German battery manufacturer VARTA tohalt production.
Affecting IT systems and related production equipment, the attack resulted in five plants closing.
VARTA produces batteries for EVs and ICE vehicles, as well as domestic batteries and industrial cells.
Detection of the attacks evolution didnt occur until April.
Suspicious activity was detected on NERVE, with a foreign-nation state threat actor confirmed as the culprit.
MITREs initial reaction was to take NERVE offline temporarily, before contracting Digital Forensics Incident Response personnel.
No details of the events outcome have been shared publicly.
However, MITRE hasrevealedthe attack vector.
EquiLend
While attacks on healthcare providers and suppliers might be surprising, attacks on financial technology institutions are not.
Securities lending infrastructure platform EquiLend wasdisruptedby unauthorized access on January 22, 2024.
It was established and revealed relatively quickly that this was a ransomware incident.
The immediate response was to take some services offline, with the platform returning to action by January 30.
The LockBit group claimed responsibility for the attack, although no data has been offered as proof.
While transaction and customer data was not acquired in the leak, it did include employee data.
EquiLend issued aletterto affected personnel, with the offer of complimentary identity theft protection.
Names, DOBs, and Social Security numbers were included in the leak.
The file is also believed to be distributed via Telegram.
It seems the victims of the leaks paid for the honor.
Cutout.Pros response has been muted.
Refusing initial requests for confirmation from specialists, they eventually replied to one website with a denial.
No information has been offered as to whether employee data was taken, or customer data.
Given the initial impact and response, the loss of customer data seems more likely.
Automotive Body Solutions, the specific target, halted production when the intrusion was detected.
ThyssenKrupp reports that the event did not impact the supply chain.
Similarly, no statement indicating the culprit or jot down of threat actor has been made.
ThyssenKrupp has been the victim of previous cyber incidents.
Notable attacks came in 2013, 2016, 2020, and 2022.
Based on details uploaded to the hackers leak site, the breach resulted in sensitive data being stolen.
This included personal data, certificates, contracts, invoices, receipts, and more.
Other United Nations agencies are not thought to have been affected.
8Base is known to use a variant of the Phobos ransomware and comes off as prolific at hacking.
It lists over 350 victims on its website.
US Local Governments
Local governments and associations around the world are routinely victims of cyberattacks.
Often the fallout impacts taxpayers and the people who use the services provided.
In addition, the city of Wichita, Kansas, has been hit.
All appear to be coordinated ransomware attacks, confirmed within days of each other.
To date, no further information has been divulged, and emergency dispatch services were not affected.
A ransomware attack hit Hernando County government infrastructure, an event that was confirmed on April 4, 2024.
By April 12, the event was confirmed as a ransomware attack that knocked public and internal-facing services offline.
Unfortunately, this confirmation doesnt extend to any real details about the attack.
The county administrationconfirmedit had identified significant disruptions within its IT systems, potentially attributable to a ransomware attack.
This included online payment networks for utilities, transport tickets, and other items.
No information about the ransomware attacks scale, or the suspected attacker, has been released.
Detailed assessments of these types of incidents take time.
We thank you for your patience, understanding, and respect for the integrity of this review process.
At the time of writing, no further details have been announced about any of these cyberattacks.
A 2023 study bySophosrevealed an increase from 58% to 69% in local government-targeted cyberattacks and incidents.
Such a report would indicate that Fujitsu believes personal information may have been stolen in the breach.
(Fujitsu statementtranslated from Japanese).
The SECfilingoutlines the details.
Originally, there was no indication that customer or client data was taken.
However, a subsequentfilingrevealed that 36,545 people had been affected.
Names, addresses, driving license numbers, and other ID were taken in the data breach.
The ALPHV ransomware group claimed responsibility for the attack and uploaded data to its dark web portal.
If true, this would have ramifications for its European operations.
A source knowledgeable about the incidentclaimsthat BlackSuit ransomware was to blame.
This can then be distributed as the attacker feels necessary.
Currently, the organization has refused to publicly confirm details of the cyber attack.
LoanDepot
On January 8, 2024, loan and mortgage company LoanDepotannouncedit was dealing with a cyber incident.
This was later confirmed to involve the theft of data pertaining to 16.6 million customers.
While the company was coy about the details of the cyberattack, its regulatory post-attackfilingrevealed more.
LoanDepot […] recently identified a cybersecurity incident affecting certain of the Companys systems.
It also indicated that the attack was ransomware.
[…]the unauthorized third party activity included access to certain Company systems and theencryption of data.
(Our emphasis.)
How does 2024 compare so far with other years?
What we can say is that things appear to be increasingly challenging.
Meanwhile, estimated losses increased from $0.5 billion in 2017 to almost $2.5 billion in 2021.
There is no reason to expect this figure to have declined significantly.
What happens to data leaked in breaches?
The value of data depends on what information is included, and how recent it is.
Using a resource likehaveibeenpwned.comis a good way to verify if your details have been leaked.
This website, maintained by Troy Hunt, is a searchable record of leaked data.
TechRadar Pro created this content as part of a paid partnership with Avast.
The content of this article is entirely independent and solely reflects the editorial opinion of TechRadar Pro.
