Biggest Cyber Attacks in 2024 Worldwide

What cybersecurity decision did you take today? While you're deciding, hackers might have already found your hidden vulnerabilities! Hard to believe? Are you aware that a small hacker group stopped the operation of Russia’s largest delivery company for days at a stretch? How the citizens of a nation were exposed due to a virtual compromise of a Bitcoin wallet. All was not well in 2024! Where do you stand in 2025? With one cyberattack every 39 seconds, are you sure you are on the safe side?

Before that, let’s find out what happened in 2024. In the first quarter, over 500 million cyberattacks were recorded. With 1,636 attacks per week per organization, the second quarter witnessed a 30% increase in cyberattacks compared to 2023 Q2.

While in Q3, the number of incidents was less than in Q2, it was a skimpy 4%. Yet, compared to the previous year the count increased by 15%. Malware shined among all the attack vectors with a successful breach count of 65% in organizations. In India, 761 cyberattacks were attempted every minute on average. Of all such attacks, affect of 70% of them were categorized under ‘significant’ or ‘very significant’.

Let’s recap the year once again for the very last time with one major cyberattack each month and see what it taught us.

12 Months, 12 Hacks, and the Defense Playbook You Need!

Jan’24: Attack on Banking and Financial Sector

Monobank, a popular online bank in Ukraine was hit with a massive “Distributed Denial-of-Service” attack in the third week of January. The bank operates through a mobile app and hacker group UAC-0006 attempted to cause havoc in their online service operations by flooding it with internet junk. Over 580 million service requests were sent over within three days. The hacker group is known to use malware to execute their plan and has been active for over a decade.

Attack Type: DDoS Attack

Threat Actor: UAC-0006

Impact: 580 million service request in 3 days

Lessons Learned:

Keep your organization's assets free from vulnerabilities. Web and mobile applications have a higher chance of being hacked, therefore, regular web and mobile application security testing is a must for those operating solely through apps like Monobank. Make use of VMDR and pentesting tools available that help in vulnerability management and scanning with various features like real-time monitoring, multi-assets scanning, multi-integration, user-friendly UI, and many more.

Ensure that you are compliant with the required regulatory standards. One of the major reasons behind the success of DDos Attack is non-compliance. Statistics state that the average cost of cybercrime for non-compliant organizations is $5.05 million, a substantial 12.6% higher than the average. Monobank did its vulnerability scanning through a bug bounty program after the attack; where two high-severity vulnerabilities were identified. The attack could have been avoided if there had been a regular vulnerability scanning practice in place.?

Feb’24 - Attack on Entertainment Industry

IntelBroker, the threat actor, claimed responsibility for leaking 2,00,000 Facebook Marketplace user records in a hacking platform. The threat actor further claimed that someone with the name 'algoatson' on Discord stole the database after infiltrating a Meta contractor’s system. The database contained PII’s like names, phone numbers, Facebook IDs and profiles, email addresses, and many more. IntelBroker is a known name linked to cyber-incidents related to the DC Health Link breach, US Cellular data breach, ‘Weee!’ breach among others.

Attack Type: Third-Party Attack

Threat Actor: IntelBroker; 'algoatson' on Discord

Impact: 2,00,000 user records leaked

Lessons Learned:

Conduct vendor risk assessments. Performing appropriate checks regarding third-party security practices will help reduce the risks associated with third-party apps. In case of data breaches, have a robust incident response plan to minimize the loss. Also, regular vulnerability assessment and penetration testing will help spot hidden vulnerabilities and patch them at the earliest.

Along with social engineering, the leaked information can be used to steal MFA codes that are sent via text messages, thus providing access to target accounts. This is how the outcome of a cyberattack is. An attack can break the weaker cyber security shields at ease. Therefore, it is a must for organizations to work together to strengthen their cybersecurity posture at all times because it cannot be foretold how impactful the next cyberattack can be!

Mar’24 - Attack on News Media

No matter how strong your social impact is, your organization will not be spared. This incident screams the same. Known for providing a cost of living to the homeless on the streets of the UK, Big Issue became a ransomware attack victim in the third month of the year. A RaaS operation, Qilin, also referred to as Agenda, stole 550 GB of personnel and commercial operations and uploaded it to the gang’s darknet extortion site. The site uploaded driving license, salary, banking, and passport details of the CEO as proof and claimed to have employees' full names, email and home addresses, and banking information as well as passport scans.

Attack Type: Ransomware

Threat Actor: Qilin RaaS (Agenda)

Impact: 550 GB of Confidential Data Stolen

Lessons Learned:

Restrict access to your organization platforms and implement zero-trust architecture. In case an employee is not associated with a certain platform or assets, he/she should not be authorized to access the same. To prevent ransomware attacks, network penetration testing has proven to be useful. It helps patch the vulnerabilities present within the network, secure remote access, and strengthen firewalls and intrusion detection systems.

The way we discuss strengthening our cybersecurity practices and implementing new ones to protect and fight back, our bad adversaries do the same. They upgrade and invent new ways to strike. For instance, Qilin sends ransomware written in Rust and Go. This malicious software is built using these modern programming languages to encrypt data and demand ransom. It has been widely used due to its ability to bypass conventional security practices along with strong security features and high performance.

Apr’24 - Attack on IT Industry

The world witnessed a chilling breach in April where almost the entire population was affected by the virtual compromise of biometric data. Hackers infiltrated El Salvador’s national cryptocurrency wallet, Chivo, exposing 144 GB of sensitive data belonging to over five million citizens. The threat actor, known as ‘CiberinteligenciaSV,’ leaked the massive trove on Breach Forums. Among the leaked data were names, addresses, phone numbers, and over five million high-resolution headshots tied to document IDs. This biometric breach has placed millions at risk of identity theft and fraud. In a further blow, Chivo’s source code and VPN credentials for Bitcoin ATMs were also dumped online. This breach in El Salvador, the first country to accept Bitcoin as a legal tender and Chivo as the official wallet, has shattered the future of recasting cryptocurrency as legal money.

Attack Type: Unauthorized Access/Insider Threat

Threat Actor: CiberInteligenciaSV

Impact: PIIs of 80% of El Salvador’s Population Leaked

Lessons Learned:

Ensure all sensitive data including biometric records is encrypted both in transit and at rest. Other necessary measures include replacing sensitive data with tokens and storing data across segmented servers. To prevent unauthorized access, enforce multi-factor authentication (MFA) in all critical platforms and privileged accounts in the case of cryptocurrency trading wallets. Implementing zero-trust policies and biometric encryption are a few other preventive measures.?

VAPT, SDLC Gap Analysis, API Security, real-time monitoring using VMDR tool, and compliance with Data Protection Laws are a few other steps that can ensure that the sensitive data of clients that an organization is accountable for is secure and protected. Adopt a multi-layered security approach. Prior to the breach, users reported multiple bugs and technical glitches in the BTC wallet. However, no steps were taken to address these issues. Or, else, the scenario could have been avoided.?

May’24 - Attack on Transportation Industry

Hierarchy does not work when it comes to cyberattacks. It does not need a big or experienced hacker group to attack a large company as was the case in this attack. CDEK is one of Russia’s largest delivery agents. The company was left crippled for days by a not-so-famous Russian hacker group ‘Head Mare’. They not only encrypted their servers with ransomware but also wiped out their backup systems - one of the recent advancements in ransomware. As operations ground to a halt, the company initially reported a "massive technical failure," but days of disrupted services revealed the extent of the breach. Customers faced delays, and trust eroded. That is what a ransomware attack can do!

Attack Type: Ransomware

Threat Actor: Head Mare

Impact: Total disruption in operations for days

Lessons Learned:

To ensure endpoint security, implement advanced endpoint detection and response systems. Educating staff on suspicious activities as well as phishing is a must. Limit access across networks to minimize the probability of potential security breaches. Network segmentation along with Network Penetration Testing is an effective defense measure against such attacks.?

Organizations that have been a victim can usually start their operation to some extent. However, in this case, the attack left them crippled. The new upgrade in ransomware attacks where the threat actors delete the backup calls for the need to store backups offline as well as conduct routine recovery tests. The degree of attack impact highlights the absence of a proper incident response plan. If a robust cyber incident protocol had been developed and rehearsed, the fallout could have been a mere hiccup - barely worth a headline, let alone a full-blown crisis!

Jun’24 - Attack on Healthcare

Ascension is one of the largest healthcare systems in the US. BlackBasta claimed responsibility for the attack on the healthcare system, where it gained access after an employee downloaded a malicious file identical to a legitimate one. The threat actors downloaded files from seven servers for routing operations. The attack's impact was also seen when accessing the electronic health record system - MyChart, systems, and phones used to book tests, medicines, etc. Some of the devices had to be taken offline.

Attack Type: Human Error/Ransomware

Threat Actor: BlackBasta?

Impact: Malicious file downloaded on company device by employee thinking it to be legitimate.

Lessons Learned:

Employees are considered the ‘weakest link’ for a reason. Mistakes are not always intentional, and it is difficult to identify legitimate and fraudulent files. This calls for security awareness training. Email Filtering, Threat Detection, and Attachment Sandboxing, where attachments are automatically opened and scanned before sending, are important to avoid such attacks.?

Endpoint Detection and Response (EDR) helps identify malicious files. Through automated isolation, responses are automatically generated as soon as any suspicious activity is detected. Apart from that, having a proper incident response plan is important. Restrictions in file download, MFA, File Verification, and Third Party Risk Management help identify any unusual activity fast with enough time to block the attack.

Jul’24 - Attack on Cybersecurity Industry

Auth, a mobile application that generates MFA for websites, fell into the trap of the threat actor ShinyHunters through an unsecured API endpoint. This vulnerability led to an attack in which a CSV file containing 33,420,546 rows was leaked. The file contained the registered phone numbers of 33 million users. Apart from that, it also had details like account ID, account status, and device count.?

Attack Type: API-related cyberattack

Threat Actor: ShinyHunters?

Impact: Leaked a CSV text file with 33 million phone numbers

Lessons Learned:

To prevent API-related cyberattacks, use strong authentication through mechanisms such as OAuth 2.0, JSON Web Tokens, or API keys. Implement Role-Based Access Control (RBAC), and use HTTPS (SSL/TLS) to encrypt the communication between the client and the API server help prevent man-in-the-middle (MITM) attacks. Implement Rate Limiting and Throttling to prevent DDoS attacks.?

Other security measures include implementing security headers, hiding internal API endpoints, and using API Gateways and Firewalls to help stop such attacks. There are many VMDR and Pentesting tools available like AutoSecT helps identify vulnerabilities like SQL Injection, Cross-Site Scripting (XSS), Broken Authentication, and more.?

Check out this webinar on - Common Mistakes That Make APIs Vulnerable

Aug’24? - Attack on Transportation Industry

Toyota’s North American branch was affected by a third-party data breach causing them to compromise sensitive data of the customers as well as the car company itself. ZeroSevenGroup claimed to be behind the breach. It leaked 240 GB of data containing customers’ contracts and financial information on a hacking forum. The threat actor also announced of having additional information related to the company’s network infrastructure through the open-source ADRecon tool. The tool helps extract information from active directory environments.

Attack Type: Third-Party Data Breach

Threat Actor: ZeroSevenGroup

Impact: 240 GB Data Stolen

Lessons Learned:

To prevent devastating third-party breaches, adopt a zero-trust approach to vendor access and data security. Assess third-party vendors, ensure they comply with stringent security frameworks like ISO 27001 or SOC 2. Active Directory (AD) environments, often targeted by tools like ADRecon, need to be hardened through read-only domain controllers (RODCs), enhanced logging, and aggressive monitoring for unusual activity.?

Threat intelligence services can monitor the dark web for leaked corporate data, while honeypots and decoys can help detect unauthorized scans on AD environments. Companies should also engage in regular penetration testing and red teaming to uncover vulnerabilities before attackers do. Weeks after the initial breach, Toyota discovered yet another unsettling twist - two additional misconfigured cloud services had been quietly leaking customer data for over seven years. In response to these back-to-back incidents, Toyota took decisive action, rolling out an automated monitoring system

Sep’24 - Attack on Healthcare

A ransomware attack in NHS London Hospitals leaked sensitive information of close to 1 million patients. The individuals were targeted to extort money using data that included patients’ sensitive medical conditions, including cancer and STIs. The impact of the attack was gruesome. Its consequences included replacing the critical pathology services and reducing blood stocks across the UK to such an extent that blood transfusions were limited to only the most critical patients. There was a nationwide demand for O+ and O- blood groups.

Attack Type: Ransomware Attack

Threat Actor: Qilin

Impact: ?Around 1,000,000 Individuals Targeted

Lessons Learned:

Preventing ransomware attacks like the one that struck NHS London hospitals requires a multi-layered defense strategy. Addresses vulnerabilities at every level from network security to employee awareness. Implement robust endpoint detection and response (EDR) systems to detect ransomware in its early stages, combined with network segmentation to prevent the spread of malware.?

Critical systems, like pathology services, should operate on isolated networks with limited external access to minimize exposure. Regular offline backups and encrypted copies of sensitive data are essential. Frontline staff should be trained to recognize suspicious links and report anomalies immediately. Implement zero-trust architecture, collaborate with cybersecurity specialists to conduct regular medical device security testing and identify vulnerabilities before attackers do.?

Oct’24 - Attack on Healthcare

In an unfortunate circumstance, Change Healthcare became the face of the largest healthcare data breach in recent years. A network server was breached by ALPHV affecting over 100 million people. Among the compromised information was personal information of patients and healthcare-related data.?

Attack Type: Ransomware Attack

Threat Actor: BlackCat - ALPHV

Impact: ?I/3rd of America’s Health Data Stolen

Lessons Learned:

Preventing large-scale data breaches like the one that hit Change Healthcare requires a comprehensive cybersecurity strategy that prioritizes proactive threat detection and resilience. Implement network segmentation to isolate sensitive healthcare data from external-facing systems, limiting the attack surface. Critical servers should be equipped with multi-factor authentication (MFA) and strict access controls to ensure that only authorized personnel can interact with them.?

Deploying advanced threat detection systems that utilize AI to monitor unusual activity can help identify breaches in real time. To further reduce risk, encrypt all sensitive data both at rest and in transit. Regular vulnerability assessments and penetration testing, incident response planning, and cybersecurity awareness through continuous employee training help mitigate such attacks.

Nov’24 - Attack on Public Sector (Municipal Service)?

The ransomware attack on the city of Columbus, Ohio, was more than just a breach, it was a digital hostage situation that put half a million residents’ personal information at risk. The Rhysida ransomware group struck hard, claiming to have stolen 6.5 terabytes of sensitive data, including emergency services records and access to city surveillance cameras. Apart from the staggering amount of data compromised, the city’s critical infrastructure and public safety systems were potentially exposed.??

Attack Type: Ransomware Attack

Threat Actor: Rhysida

Impact: ?Data of 500,000 + Residents Stolen/6.5 TB Data

Lessons Learned:

Implement layered security measures that protect both data and critical infrastructure. Network segmentation is a must. Isolate sensitive systems, such as emergency services and surveillance networks. Implement multi-factor authentication (MFA) to restrict access to high-value systems. Regular patching and updates of software and operating systems can close known vulnerabilities that ransomware groups often exploit.

Invest in real-time monitoring and threat detection systems that can identify suspicious activity. Regular offline backups of critical data are essential, allowing rapid recovery without paying ransoms. Conduct cybersecurity awareness training for employees, as phishing remains a common entry point for ransomware. Having a well-rehearsed incident response plan so that the damage can be swiftly contained and protect the personal information of residents.

Dec’24 - Attack on Telecom Industry

Namibia’s state-owned telecom giant routine day turned into a national security nightmare on the last month of the year. Hackers from the group Hunters International infiltrated Telecom Namibia’s systems, exfiltrating nearly 500,000 sensitive records comprising of personal and financial data. What made this breach even more alarming was that the stolen information reportedly included the details of senior government officials and key ministries, raising fears of potential espionage and blackmail.

Attack Type: Ransomware Attack

Threat Actor: Hunters International

Impact: ?Personal Data of 500,000 + Individuals Compromised

Lessons Learned:

Strengthen your cybersecurity infrastructure by deploying advanced firewalls, intrusion detection systems, and endpoint protection. Regular VAPT and ensure all sensitive data is encrypted. Implementing multi-factor authentication for employees, especially those with access to high-level data. Employee training on recognizing phishing and social engineering attempts is essential.

Adopt strict access control policies, follow the principle of least privilege, and establish a comprehensive incident response plan for continuous monitoring to help detect and mitigate threats early on. Ensuring third-party vendors comply with security protocols alongside collaboration with national cybersecurity agencies, could minimize the breach's severity and prevent the exposure of sensitive government data.

Takeaway

2024 has been a wake-up call for businesses and governments alike, illustrating just how vulnerable we are to cyberattacks. From devastating ransomware breaches to third-party compromises, the scale and frequency of these incidents highlight the critical need for comprehensive cybersecurity strategies. The key takeaway is clear: robust systems, proactive risk management, and continuous vigilance are the pillars of defense against evolving cyber threats. As we move into 2025, organizations must adapt quickly, not just by implementing cutting-edge technologies, but by fostering a culture of cybersecurity awareness and resilience.

Time to Act! In 2025, Will You Be the Target or the Defender?