“I’d rather have a root canal than go through one of these attacks again.” – Rich Krueger, President & CEO, Suncor Energy
While the analogy is a bit extreme, tragically, nowadays it isn’t a question of if, but rather when will you be attacked. In fact, in the time you read this sentence, another business has already fallen victim to a cyberattack. With an average of 2200 daily attacks or 1 attack every 39 seconds, the burgeoning $8 trillion cybercrime industry hardly comes as a surprise.
But beyond the sheer financial and reputational losses lies a chilling reality: no entity —not even governments— is immune to this growing headache. The Costa Rican nation, for instance, was in a state of emergency for almost the entirety of 2022 and 2023, thanks to repetitive cyber attacks that crippled its critical infrastructure.
But are there any common patterns that dominated 2023-2024? Let’s take a look!
What are the recent cybercrime trends?
1. Politically motivated attacks
Unfortunately, 2023 witnessed numerous political conflicts erupt around the world, ranging from the invasion of Ukraine and the humanitarian crisis in Yemen to the coup in Suda and the Hamas-Palestine conflict. With the evolution and adoption of AIML, governments, and politically influenced organizations have started weaponizing hacking as a means to fulfill their respective political agendas.
As such, the year was defined by ideologically motivated and legally sanctioned attacks on government agencies and critical infrastructure to gain the upper hand.
2. Ransomware attacks are still the dominant threat
Ransomware, or the digital equivalent of a bank heist has surprisingly (or not) emerged as a dominant threat for nearly the 8th year in a row, starting since 2016-17.
Businesses and government assets alike are being held hostage repetitively, with paralyzed operations, encrypted data with the threat of public release, and exorbitant ransoms such as in the Cloud Pipeline attack.
3. Supply chain attacks are on the rise
The interconnectedness and dependence of the global supply chain have also created paths to global vulnerabilities. Cybercriminals today can infiltrate multiple organizations by simply compromising a single supplier causing widespread disruption, thanks to the accompanying domino effect. The MOVEit software vulnerability was the primary example in 2023.
4. AIML on the rise
Artificial intelligence and machine learning, the revolutionary technologies of 2023 are now also being leveraged by cyber attackers to identify patterns and develop more automated attacks. For example, even the most randomly generated digital passwords often follow a pattern.
AIML equips these malicious attackers to not only identify such patterns but also create autonomous attacks that leverage such information. From writing mass phishing emails that mimic the phrasing and writing style of a colleague to AI-powered ransomware, the possibilities are terrifyingly limitless.
5. Attack surfaces are expanding
The fast adoption and explosion of IoT (Internet of Things), cloud computing, and several other technologically powered automation advancements have given way to a wider attack surface for cyberattacks.
Moreover, AI-powered attack vector programs now help these bots to not only use the most mundane house gadgets to not only spy on you and your business but also map possible psychological manipulation methods and sell the information on black markets.
Seems like something out of a futuristic sci-fi right? Well, here are some of the most recent cyber attacks that traumatized governments and businesses alike in 2023-2024.
Recent Cyber Attacks in 2023-2024
November
November proved to be another grim month in the ongoing cyberwar, with several successful attacks ranging from ransomware to data breaches. Based on a recent report by IBM, each breach came at a steep price, averaging $4.45 million in losses. Let’s delve into some of the attacks that dominated the fall headlines:
| Date | Attack Type | Target | Perpetrators | Impact |
| 19 Nov | Ransomware | Toyota Financial Services (TFS) | Medusa Ransomware | Data breach with unauthorized activity in select locations |
| 17 Nov | Ransomware | Chicago Trading Company and Alphadyne Asset Management | Lockbit Ransomware | Data breach and financial loss |
| 16 Nov | Ransomware | Yamaha Motor | INC Ransom gang | Data breach with partial leakage of employee info |
| 15 Nov | Ransomware | Hopewell Area School District | Medusa Ransomware | Disruption of school operations |
| 14 Nov | Ransomware | BITZER | Akira Ransomware | Data breach worth 70 million |
| 13 Nov | Data Breach | McLaren Health Care | BlackCat | Data breach of 2.2 million patient records |
| 11 Nov | Data Breach | Idaho National Laboratory (INL) | SiegedSec | Data breach of 100,000 employee records |
| 10 Nov | Ransomware | Poloniex | Unknown | Theft of $156+ million in cryptocurrency |
| 9 Nov | Phishing | Czechia | Europol and Eurojust | Disruption of phishing operation worth €8 million |
| 8 Nov | Supply Chain Attack | SIRVA | LockBit | Data breach of 1.5TB of data |
| 7 Nov | Data Breach | Allen & Overy | LockBit | Data breach on select storage servers |
| 6 Nov | Data Breach | Cozwolle | Black Basta | Data breach using QakBot Malware |
| 5 Nov | Ransomware | Medina Hospital in Ohio | ALPHV/BlackCat ransomware group | Disruption of hospital operations |
October
October yielded a golden harvest for the world of cybercrime. This rise in ransomware attacks, as well as data breaches, was driven by several factors, including the increasing sophistication of cybercriminals and the growing reliance of businesses and individuals on technology. Some significant head-turners include:
| Date | Attack Type | Target | Perpetrators | Impact |
| 31 Oct | Ransomware | Südwestfalen-IT | Unknown | 110 municipalities and organizations affected |
| 28 Oct | Ransomware Attack | British Library | Rhysida | Disruption of services for 2+ weeks and 11 Million+ compromised files |
| 25 Oct | Ransomware | Hillel Yaffe Medical Center | Unknown | Data breach of patient records |
| 24 Oct | DDOS Attack | Czech Republic | NoName057 | Disrupted access to the websites of the Interior Ministry, police force, Prague Airport, and the houses of parliament. |
| 24 Oct | Cyber Attack | BitKeep | Unknown | Data breach with 10 million+ in losses |
| 19 Oct | Google Cloud, Cloudflare, and AWS | Marina Bay Sands | Unknown | Unauthorized Third Party Access |
| 10 Oct | DDOS Attack | Google Cloud, Cloudflare and AWS | Unknown | 398 million requests per minute due to a Zero Day Vulnerability |
| 6 Oct | Credential Stuffing | 23andMe | Golem | Genetic data profiles of 6.9 million people leaked |
| 1 Oct | DDOS Attack | UK Royal Family | KillNet | Disruption of official website for 90+ minutes |
September
Cybersecurity awareness month brought renewed focus on the importance of online safety. However, cybercriminals continued to exploit vulnerabilities, with a series of attacks targeting international commissions and MNCs alike. Some of the most surprising ones include:
| Date | Attack Type | Target | Perpetrators | Impact |
| 30 Sep | Ransomware Attack | Motel One | ALPHV/BlackCat ransomware group | Data breach of 24.45 million customer records |
| 27 Sep | Ransomware Attack | Johnson Controls | Dark Angels | Disrupted operations, stole 27 TB of data, and encrypted VMWare ESXi VMs |
| 26 Sep | Ransomware Attack | Sony | RansomedVC and MajorNelson | Compromised systems and 3.14 GB of data leaked |
| 18 Sep | Data Breach | DarkBeam | Unknown | 3.8 billion records exposed |
| 14 Sep | Data Breach | International Joint Commission (IJC) | NoEscape | Records of contracts, geological files, conflict of interest forms and more stolen, approx 80GB of data. |
| 14 Sep | Data Breach | International Criminal Court (ICC) | Unknown | A targeted and sophisticated attack with the objective of espionage |
| 11 Sep | Cyber Attack | Save the Children | BianLian | 6.8TB of personal and business data stolen |
| 6 Sep | Data Breach | Sabre | Dunghill Leak ransomware gang | 1.3 terabytes of data stolen |
| 4 Sep | DDOS Attack | BaFin | Unknown | Records of contracts, geological files, conflict of interest forms, and more stolen, approx 80GB of data. |
August
Although August gave a bit of respite to companies to re-evaluate their security measures, it also witnessed emergence of emergence of new CVEs and threats, including deepfakes and cryptojacking. Some of the headlines included:
| Date | Attack Type | Target | Perpetrators | Impact |
| 28 Aug | Data Breach | PurFood | Unknown | 1.2+ Million users’ data compromised |
| 10 Aug | Ransomware | The Belt Railway Company of Chicago | Akira Ransomware gang | 85 GB of data compromised |
| 10 Aug | Ransomware | The California city of El Cerrito | LockBit Ransomware gang | Loss of data |
| 7 Aug | Ransomware | Prospect Medical Holdings | Rhysida | 500,000+ Social Security numbers, financial, legal and medical files compromised |
| 3 Aug | Phishing | Discord | Akhirah | 760,000 users’ data compromised |
July
As temperatures soared, so did digital data breaches. However, July also witnessed the launch of new cybersecurity awareness initiatives, empowering individuals and organizations to take proactive steps to protect themselves online. Some noteworthy events included:
| Date | Attack Type | Target | Perpetrators | Impact |
| 21 Jul | Data Breach | 7 million unique Social Security numbers compromised | Unknown | 7 million unique Social Security number compromised |
| 19 Jul | Data Breach | Roblox | Unknown | Exposed 4000+ developer accounts and data |
| 19 Jul | Data Breach | Estée Lauder | Unknown | Exposed sensitive data of employees and customers |
| 18 Jul | Data Leak | Kotak Life Insurance, State Bank of India | Clop Ransomware Group | Leaked sensitive data of customers of over 104GB |
| 14 Jul | Ransomware | Shutterfly Business Solutions (SBS) | Unknown | Disrupted operations and encrypted data |
| 10 Jul | Data Breach | HCA Healthcare | Unknown | Exposed sensitive data of 11 million patients |
| 9 Jul | Malware | Alberta Dental Service Corporation (ADSC) | Unknown | 1.5 million accounts compromised |
June
The summer sun brought a surge in online activity, creating fertile ground for cybercrime. From Microsoft to legal departments across the world, all fell victim to cyber-attacks. Moreover, several Android apps fell prey to spyware and ended up being banned, as given below:
| Date | Attack Type | Target | Perpetrators | Impact |
| 29 Jun | Ransomware | Illinois Department of Innovation & Technology (DoIT) | CL0P ransomware gang | Disrupted state government systems and leaked data |
| 27 Jun | Ransomware | Serco | Clop Ransomware | 10,000+ individuals were affected as a domino effect of MOVE iT. |
| 26 Jun | DDoS | Microsoft | Anonymous Sudan | 18,000 users couldn’t access Outlook due to what eventually came to light as a DDoS attack |
| 24 Jun | Cyber attack | Suncor Energy | Unknown | Disrupted fuel payments at 1500+ Petro-Canada gas stations across Canada |
| 21 Jun | Data Breach | Hot Topic | Clop Ransomware | 500,000 customers affected |
| 15 Jun | DDoS | 10,000+ individuals were affected as a domino effect of MOVE iT. | NoName | Disrupted government websites ahead of Ukrainian President Volodymyr Zelensky’s address to the Swiss parliament |
| 10 Jun | Spyware | Android apps | Unknown | Affected 190 Android apps on the Google Play Store with estimated over 400 million downloads |
| 5 Jun | Ransomware | Progress MOVEit | Lace Tempest, a group affiliated with Clop ransomware | Affected 190 Android apps on the Google Play Store with an estimated over 400 million downloads |
| 2 Jun | Ransomware | Spanish bank Globalcaja | Play ransomware group | Disrupted bank operations and stole encrypted data including an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts, and more. |
| 2 Jun | Ransomware | YKK | LockBit | Encrypted data and disrupted operations |
May
Cybercriminals turned their attention to exploiting vulnerabilities in the global supply chain. Although many saw a slight dip in cybercrime, a series of coordinated attacks across various critical infrastructures, caused significant delays and disruptions, impacting businesses and consumers worldwide, as detailed under:
| Date | Attack Type | Target | Perpetrators | Impact |
| 29 May | Unauthorised Access | Skolkovo Foundation | Ukranian hacktivists | Limited access to certain information systems, including file hosting service on physical servers. |
| 28 May | Price manipulation | Jimbos Protocol | Unknown | Steal 4000 ETH worth nearly $7.5 Million |
| 26 May | Ransomware attack | City of Augusta | BlackByte | Compromised data with PII, with 10GB released as sample |
April
April showers brought a surge in social engineering attacks. The American government turned out to be an unfortunate favorite for cybercriminals. The month also saw a rise in ransomware attacks as given below:
| Date | Attack Type | Target | Perpetrators | Impact |
| 20 Apr | Data Breach | American Bar Association | Unknown | Compromised the Bar Association’s network and gained access to older credentials for 1,466,000 members. |
| 13 Apr | Ransomware | NCR | BlackCat/ALPHV | Impacting a limited number of ancillary Aloha applications for a subset of our hospitality customers |
| 12 Apr | Ransomware | US Navy Contractor Fincantieri Marine Group | Unknown | Temporary disruption to certain computer systems running on its network |
| 12 Apr | Data Breach | Hyundai | Unknown | Customer data of owners in Paris and France leaked |
| 6 Apr | Data Breach/Ransomware | MSI | Money Message | Intel Boot Guard private keys and leaked over 500 GB of data |
March
Spring brought a series of attacks on government departments, exposing the vulnerability of personal data stored online. In a concerning development, hackers infiltrated the systems of a prominent healthcare organization, potentially jeopardizing patient records. Cyber attacks on tax authorities and financial institutions also ramped up, capitalizing on the annual tax season. Learn more below:
| Date | Attack Type | Target | Perpetrators | Impact |
| 29 Mar | Exposure and Ransomware | BMW, France | Play ransomware | Contract information, financial information, and PII stolen |
| 21 Mar | Data Breach | Shields Healthcare Group | Individual hacker | Sensitive information of 2.3 million patients stolen |
| 21 Mar | Data Breach | UK’s Criminal Records Office | Undisclosed | Disrupted operations – other effects unknown. |
| Mid-March | Ransomware | Yellow Pages | Black Basta gang | Stolen social security numbers, scans of passports, IDs, and assorted tax documents of approx 3,00,000 users‘. |
| 8 Mar | Data Breach | Minneapolis Public Schools | Medusa Hacker Collective | Personally Identifiable Information of students and staff stolen and leaked |
February
Love was in the air, but so were cybercriminals seeking to exploit the season’s romance. They targeted cloud spaces and banks, causing financial losses and heartbreak for victims. At the same time, some government agencies faced a serious ransomware attack, disrupting essential services and raising worries about national security. Let’s take a deeper look:
| Date | Attack Type | Target | Perpetrators | Impact |
| 23 Feb | Data Breach | Dish Network | Unknown | Some data was extracted and Dish’s share price fell by 6.5% |
| 17 Feb | Ransomware | US Marshals Service | Unknown | Sensitive law enforcement data exposed |
| 14 Feb | HTTP DDoS | CloudFlare | Unknown | Cloudflare thwarted one of the largest known DDoS attack peaking at 71 million requests per second. |
| 3 Feb | ESXiArgs Ransomware Attack | VMware ESXi | Nevada | Nearly 1000 ESXi servers have been infected |
| 3 Feb | Credential Theft | Bank Accounts Hacked in Nepal | 8 individuals in Kathmandu | Several million rupees stolen |
| 2 Feb | Ransomware | Tallahassee Memorial | Unknown | Surgeries were rescheduled, patients were re-directed, and IT systems were shut down for weeks. |
January
The icy grip of winter brought a chilling wave of cybercrime. Hackers leveraged the holiday season rush and post-vacation chaos to unleash a flurry of phishing attacks and malware campaigns. Social media platforms became battlegrounds for disinformation and fake news, further amplifying the confusion and chaos.
| Date | Attack Type | Target | Perpetrators | Impact |
| 31 Jan | Ransomware | ION Group | LockBit | 42 Financial Institutions in the US and Europe |
| 30 Jan | DDoS attack | US hospitals | Killnet | Outage in IT services and electronic health records |
| 26 Jan | Information theft | Yandex | Allegedly former Yandex employee | Unconfirmed – Code repositories amounting to 44.7GB were published as a Torrent on a hacker forum recently. |
| 20 Jan | Ransomware | Schools in Tucson, Arizona, and Nantucket | Royal Ransomware gang | 42000 students and 7000 staff members are affected. |
| 18 Jan | Credential stuffing | PayPal | Unknown | Hackers had access to the personal data of 34,942 PayPal users for 2 days |
| 16 Jan | Third-party data breach | Nissan North America | Unknown individual | Personally Identifiable Information of 17,998 customers was exposed |
| 11 Jan | Data Breach through social engineering | Mailchimp | Unknown | Unauthorized access to 133 Mailchimp accounts |
| 10 Jan | Zero Day | Windows ALPC | Unknown | Privilege escalation |
| 9 Jan | Data breach | AirFrance and KLM | Unknown | Exposure of email IDs, user names, earned miles balance |
| 5 Jan | API data breach | T-Mobile | Unknown | Limited types of information were exposed affecting 37 million users |
How can You Protect Yourself?
While the current cyber threat landscape is gloomy and quite frightening, you can take some fairly simple steps to decrease the risk of being victimized by a cyber attack.
- Implement multifactor authentication & encryption for all your accounts
- Stress on using vendors that offer multifactor authentication Implement proper input validation on all customer-input-enabled areas on your website
- Keep all extensions, appliances, and applications up-to-date
- Do not delay implementing patches
- Practice regular security testing – vulnerability assessment and penetration testing
- Leverage AI to identify rare attack vectors
- Adopt a zero-trust architecture
- Collaborate and share information on complex threats
- Draft and execute robust response plans
How can Astra Help?
Astra is a leading SaaS company specializing in providing innovative web security solutions. Our comprehensive suite of cybersecurity solutions blends automation and manual expertise to run 8000+ tests and compliance checks, ensuring complete safety, irrespective of the threat and attack location.
With zero false positives, seamless tech stack integrations, and real-time expert support, we strive to make cybersecurity simple, effective, and hassle-free for thousands of websites & businesses worldwide.
Moreover, our industry-specific AI test cases, world-class Astranaut Bot, and customizable reports are designed to make your experience smoother while saving you millions of dollars proactively.
Conclusion
The best you can do to run a secure business in 2024 is to make life really hard for hackers. While you may not have control over zero-day exploits, you can ensure that you never run a vulnerable appliance for which a patch was available.
Educate your teams, and make cybersecurity an integral part of your business functionality by adopting security-first approaches such as vulnerability assessment and penetration testing.
Nivedita James Palatty
