Top 10 Cyberattacks of 2024

Hello Cyber Safe Readers,

?I hope you all have had a wonderful Christmas and a fantastic Holiday Season!?Since we are nearing the end of 2024 I thought I would work with our favorite AI researcher, ChatGPT, and gather a list of the top 10 Cyberattacks including the method the bad actors used as well as the impact and the estimated recovery costs (if known) for the top ten.?I searched a few different ways and this was the list that I thought most fitting for the end of the year TOP 10.?A few things to note:?This top ten list included Healthcare (3 instances), Technology (2 Instances), Fast Food (2 Instances), Financial (1 Instance) and Pharmacy (2 Instances).?Also note the Crowd Strike was not a True Cyber Attack, it was classified as an Upgrade Failure” that caused a ton of disruption but it is still worth mentioning because it reminds us the a solid backup and failover must be included in our Cyber Security Plan!?

?All the best to you!?Here is to a CYBER SAFE 2025!!

?Paul Riedl, Jr.?

#Cybersecurityevangelist? ??

?

1. Change Healthcare Cyberattack (February 2024)

• Method: Ransomware attack via phishing email.
• Impact: Disrupted electronic payments and medical claims processing.
• Recovery Costs: Over $6 billion advanced to healthcare providers; daily losses estimated at $100 million.

2. CrowdStrike Software Upgrade Failure (July 2024)

• Method: Exploitation of vulnerabilities introduced during a flawed security software update.
• Impact: Global IT outages affecting 8.5 million Windows devices.
• Recovery Costs: $200 million in New South Wales alone; total costs in billions globally.

3. LoanDepot Data Breach (January 2024)

• Method: Credential-stuffing attack leveraging weak password management.
• Impact: Breach of 16.6 million customer accounts.
• Recovery Costs: $26.9 million, including remediation, legal fees, and customer support.

4. Krispy Kreme Cybersecurity Incident (November 2024)

• Method: Supply chain attack targeting third-party software.
• Impact: Disrupted online ordering systems and operational delays.
• Recovery Costs: Financial details not fully disclosed but expected to impact revenue significantly.

5. Panda Express Data Breach (Early 2024)

• Method: Malware introduced through a compromised point-of-sale (POS) system.
• Impact: Compromise of customer payment information.
• Recovery Costs: Estimated in tens of millions for legal actions and remediation.

6. Microsoft Service Disruption (March 2024)

• Method: Distributed Denial of Service (DDoS) attack by nation-state actors.
• Impact: Major outages of cloud services globally.
• Recovery Costs: Not disclosed, but likely hundreds of millions in downtime and recovery efforts.

7. UnitedHealth Group Cyberattack (April 2024)

• Method: Exploitation of zero-day vulnerability in third-party software.
• Impact: Disruption of services, including claims processing.
• Recovery Costs: Estimated at over $500 million due to the scale of operations.

8. CVS Health Cyber Incident (May 2024)

• Method: SQL injection attack on web applications.
• Impact: Breach of sensitive patient data.
• Recovery Costs: Estimated between $100–150 million for remediation and legal penalties.

9. Walgreens Data Breach (June 2024)

• Method: Phishing campaign targeting internal employees.
• Impact: Exposure of customer personal and medical data.
• Recovery Costs: Likely over $200 million, including regulatory fines.

10. BlueCross BlueShield of Montana Cyberattack (August 2024)

• Method: Advanced Persistent Threat (APT) using spear-phishing emails.
• Impact: Long-term infiltration and data exfiltration.
• Recovery Costs: Estimated at $300 million, including IT infrastructure overhaul.