Full Report
The year 2024 was full of cybersecurity news. It was a year of data breaches, ransomware, the rise of quantum computing, and much more.
Analysis Summary
# Main Topic
The cybersecurity landscape of 2024 was defined by significant shifts, including record-high ransomware payments, massive data breaches, the escalating trend of third-party supply chain attacks via browser scripts, and the emerging potential of AI in social engineering alongside the background development of quantum computing.
## Key Points
- **Ransomware Costs Skyrocketed:** Ransomware payments reached record highs, totaling approximately $459.8 million in the first half of 2024.
- **Largest Data Breach:** The "Mother of All Breaches" occurred in January, exposing 26 billion records, which carries long-term implications given the advent of quantum computing.
- **Browser-Side Supply Chain Attacks:** Vulnerable third-party website scripts (used for analytics, payments, etc.) became a primary threat vector, exemplified by the high-profile Polyfill attack affecting half a million websites mid-year.
- **Cost of Breaches Increased:** The global average cost of a data breach rose by 10% to $4.88 million, with public cloud breaches costing an average of $5.17 million. Shadow data involvement was noted in 35% of breaches.
- **AI in Fraud:** AI capabilities demonstrated the ability to clone a person's voice from just three seconds of audio, increasing the sophistication of imposter and phishing scams.
- **IoT Growth:** The number of connected IoT devices globally reached an estimated 18.8 billion in 2024, presenting a growing attack surface.
## Threat Actors
- **Dark Angels Ransomware Group:** Received the largest single disclosed ransom payment in 2024 ($75 million) from an undisclosed Fortune 50 company.
- **BlackCat/ALPHV:** Attributed to the highly disruptive Change Healthcare data breach.
## TTPs
- **Ransomware Deployment:** BlackCat/ALPHV infiltrated the Change Healthcare network, exfiltrated data over nine days, and subsequently deployed ransomware.
- **Third-Party Script Compromise:** Exploiting vulnerable third-party scripts embedded in websites to redirect users or capture payment information (Browser-side supply chain attacks).
- **Voice Cloning/AI Impersonation:** Using AI to clone an individual's voice for highly convincing imposter scams (e.g., distressed grandchild scams or potential whale phishing).
## Affected Systems
- **General Systems:** Organizations globally due to ransomware and data breaches.
- **Healthcare Sector:** Significantly impacted by the Change Healthcare breach, affecting millions of individuals and their sensitive medical records.
- **E-commerce/Websites:** Environments utilizing third-party scripts, particularly payment portals, were vulnerable to browser-side attacks (e.g., 500,000 websites affected by the Polyfill attack).
- **IoT Ecosystem:** Estimated at 18.8 billion connected devices facing increased security challenges due to scale.
## Mitigations
- **Enhanced Script Monitoring:** Organizations, especially MSPs, must implement robust monitoring and detection strategies for third-party scripts, particularly on payment pages, in preparation for PCI DSS v4.0.1 requirements implementation in March 2025.
- **Zero Trust Adoption:** Continued adoption of Zero Trust architecture observed throughout the year as a key security strategy.
- **Anti-Phishing Measures:** Increased vigilance against sophisticated voice-based social engineering attacks.
- **Data Security:** Addressing the 35% of breaches involving "shadow data" through better data governance and security hygiene.
## Conclusion
The threat environment in 2024 demonstrated a significant escalation in financial impact from ransomware and data breaches, coupled with the emergence of highly sophisticated, automated attack vectors like browser-side supply chain compromise and AI voice cloning. Organizations must prioritize defense-in-depth strategies, focusing heavily on third-party risk management and next-generation anti-phishing defenses to manage the expanding attack surface presented by cloud environments and IoT growth.