Cybersecurity in 2024: Top Stories that Rocked the Digital World
Over 4,000 Compromised Systems Exposed Through Hijacked Web Backdoors
Desperate Job Seekers Targeted by WhatsApp Employment Scams
Voice Phishing Rings Target Crypto Investors Using Apple Support Line
Neglected Domains Fuel Rise in Malicious Email Campaigns
Cybersecurity in 2024: Top Stories that Rocked the Digital World
The year 2024 was marked by an unprecedented wave of cybersecurity incidents, from devastating data breaches to crippling ransomware attacks. As new threat actors emerged and vulnerabilities were exploited, both private and public organizations struggled to keep pace. BleepingComputer highlighted the most impactful stories, and here’s a summary of some of the year’s most critical incidents:
Major Cyberattacks and Data Breaches
Internet Archive Breach – In October, a dual attack hit the Internet Archive, exposing the data of 33 million users and forcing service disruptions. Threat actors exploited an exposed GitLab configuration file to gain access.
National Public Data Leak – A staggering 2.7 billion personal records, including Social Security numbers, were leaked in August. The breach impacted millions, with hackers later leaking the data for free on a hacking forum.
Microsoft Email Breach by Russian Hackers – Russian-backed group Midnight Blizzard infiltrated Microsoft’s corporate email, stealing sensitive communications and source code. The breach extended to U.S. federal agencies, raising national security concerns.
Industry-Wide Disruptions
Faulty CrowdStrike Update Crashes Millions of Devices – A botched update from cybersecurity giant CrowdStrike in July led to 8.5 million Windows devices crashing worldwide. Cybercriminals capitalized on the chaos by distributing malware through fake repair tools.
CDK Global Ransomware Attack – A Black Suit ransomware attack on auto-industry SaaS provider CDK Global disrupted operations for car dealerships across the U.S., halting sales, financing, and service.
UnitedHealth Ransomware Incident – A February ransomware attack on Change Healthcare, a UnitedHealth subsidiary, affected the healthcare sector nationwide. The company paid a $20 million ransom to restore operations, but extortion attempts continued.
Government Actions and Security Reforms
Kaspersky Banned in the U.S. – The Biden administration banned Kaspersky antivirus in June, citing national security concerns. A forced migration to UltraAV left users outraged.
Telecom Hacks by Chinese Group Salt Typhoon – Chinese state-sponsored hackers breached major U.S. telecom providers, stealing call data and infiltrating surveillance platforms. The attacks prompted legislative action to improve telecom cybersecurity standards.
LockBit Ransomware Disrupted – In February, international law enforcement seized LockBit’s infrastructure, but the ransomware group re-emerged days later with renewed threats. Despite efforts to return to prominence, LockBit struggled under continued pressure from global authorities.
Emerging Threats
Rise of Infostealers – Information-stealing malware campaigns surged, targeting everything from browser data to cryptocurrency wallets. Cybercriminals used infostealers to breach corporate networks and financial accounts, prompting renewed calls for two-factor authentication.
North Korean IT Worker Scheme – North Korean operatives posed as remote IT workers to infiltrate U.S. companies and fund their nation’s operations. A high-profile arrest in August highlighted the growing threat, with several companies unknowingly hiring such agents.
Looking Ahead
As cyber threats grow more sophisticated, 2024 underscores the critical need for robust cybersecurity measures. Organizations must strengthen defenses, governments must implement stricter regulations, and individuals must adopt best practices like multi-factor authentication to mitigate risks in an increasingly digital world.
Over 4,000 Compromised Systems Exposed Through Hijacked Web Backdoors
https://www.bleepingcomputer.com/news/security/over-4-000-backdoors-hijacked-by-registering-expired-domains/
Security researchers at WatchTowr Labs have discovered thousands of active web backdoors hijacked by registering expired domains used to control them. These backdoors, found on systems belonging to governments, universities, and other organizations, provide persistent access for malicious actors.
By registering expired domains associated with these backdoors, researchers gained control and observed communication from over 4,000 compromised systems. This included systems within government networks in China, Nigeria, and Bangladesh, as well as educational institutions in Thailand, China, and South Korea.
The research highlights the ongoing threat posed by abandoned infrastructure. Even after initial attacks, expired domains associated with backdoors can still be exploited by other cybercriminals. This underscores the importance of proper security measures and the need for organizations to regularly review and update their security posture.
WatchTowr Labs, in collaboration with The Shadowserver Foundation, is now monitoring these hijacked domains to prevent their re-use by malicious actors.
Desperate Job Seekers Targeted by WhatsApp Employment Scams
Australians struggling to find work are falling victim to sophisticated employment scams operating on platforms like WhatsApp, costing individuals and businesses thousands of dollars.
These scams often involve impersonating legitimate businesses and offering enticing work-from-home opportunities. Victims are then lured into making upfront payments under false pretenses, with the promise of high returns that never materialize.
One such scam targeted the business of Gareth, a marketing agency owner, who received numerous messages from individuals who had been defrauded by scammers impersonating his company. Victims reported losing significant sums of money, with some even facing financial ruin.
The scams often involve complex schemes, with victims required to make multiple payments to "unlock" higher earning potential. These schemes prey on the desperation of job seekers, particularly those facing financial hardship.
While platforms like WhatsApp offer encryption, they have been criticized for their limited efforts to combat these scams. Experts argue that these platforms have a responsibility to detect and prevent fraudulent activity, such as blocking accounts involved in scams and removing misleading advertisements.
The Australian government is taking steps to address the issue, including proposing new legislation to hold social media companies accountable for scams facilitated on their platforms. However, the fight against these sophisticated scams continues.
This article highlights the urgent need for increased vigilance and stronger measures to protect individuals from falling victim to online employment scams.
Voice Phishing Rings Target Crypto Investors Using Apple Support Line
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/
A new report reveals how sophisticated voice phishing gangs are exploiting legitimate services from Apple and Google to steal millions from cryptocurrency investors. These groups, operating within secretive online communities, utilise advanced social engineering techniques and exploit vulnerabilities in security measures.
One key tactic involves abusing Apple's support line. By spoofing the victim's phone number, attackers can initiate a call to Apple support and request a notification to be sent to all the victim's Apple devices. This seemingly legitimate notification, which appears to originate from Apple, builds trust and allows the attackers to guide the victim through a series of steps, ultimately leading them to a fraudulent website where they enter their login credentials.
These groups meticulously research their targets, leveraging data brokers to gather personal information and identify high-value individuals. They employ sophisticated tools and techniques, including "autodoxers" that automate data collection and verification, to refine their target lists and increase their chances of success.
The internal dynamics of these groups are characterised by a precarious balance of collaboration and betrayal. Members often compete for rewards, leading to internal conflicts and the rapid dissolution of groups. This volatile environment creates a constant churn, with new groups forming and disbanding frequently.
While companies like Apple are taking steps to enhance security measures, the sophistication of these attacks continues to evolve. This highlights the urgent need for increased vigilance and a multifaceted approach to combatting these sophisticated cyber threats.
Neglected Domains Fuel Rise in Malicious Email Campaigns
https://thehackernews.com/2025/01/neglected-domains-used-in-malspam-to.html
Cybersecurity researchers have uncovered a concerning trend where cybercriminals are increasingly exploiting neglected domains to evade email security measures and deliver malicious payloads.
By spoofing sender addresses with domains that lack active DNS records, attackers can bypass security checks like SPF and DMARC, which rely on domain authentication mechanisms. This allows them to deliver malicious emails containing phishing links, malware attachments, and extortion threats with greater success.
One such observed campaign leverages old, disused domains to deliver emails with QR codes that, when scanned, redirect victims to phishing sites. Other campaigns impersonate legitimate brands like Amazon and Mastercard to steal login credentials.
Furthermore, the rise of generic top-level domains (gTLDs) like .top, .xyz, and .shop has provided cybercriminals with readily available and inexpensive options for establishing malicious infrastructure. These domains, often lacking robust registration requirements, are increasingly used for hosting phishing sites and distributing malware.
Beyond email-based attacks, the threat landscape is evolving with the emergence of new tactics. These include the use of trusted platforms like Canva and Dropbox to redirect users to malicious sites, and the development of malicious WordPress plugins designed to steal payment information.
These findings underscore the need for continuous vigilance and robust security measures to combat the ever-evolving tactics of cybercriminals.
Share this post