The increasing risks of cyber attacks come with our growing dependence on and ever-evolving need for new and more sophisticated technology. These attacks are not always due to malicious intent but can be due to the negligence of developers and upper management.
There is no doubt that these technologies make our lives easier but just like there are two sides to any coin, there’s always a flip side that this same technology that makes our life easier can make it just as inconvenient and difficult. In this article, we will explore some of the major breaches and attacks in 2024.
Mother Of All Breaches (MOAB)
Bob Diachenko from Security Discovery found the “Mother of All Breaches” in January 2024, exposing 12 terabytes of around 26 million records. The breach collected data from various popular sites like Meta (formerly Facebook), X (formerly Twitter), and LinkedIn. It was a compilation of records, not from a single site. Although unrelated to direct cyber attacks, this breach exposed significant amounts of data, including credentials and Personally Identifiable Information (PII) from millions of users. This incident emphasizes the need to regularly change passwords, use strong passphrases, and enable Multi-Factor Authentication. You can check if your password is compromised using sites like haveibeenpwned.com.
| Websites | Leaked Records |
| Tencent | 1.5 billion |
| 504 million | |
| MySpace | 360 million |
| Twitter/X | 281 million |
| 251 million | |
| Adobe | 153 million |
| Canva | 143 million |
| AdultFriendFinder | 220 million |
| Dropbox | 69 million |
| Telegram | 41 million |
WazirX Multi-million Dollar Multi-Sig Wallet Attack
In July 2024, WazirX suffered one of the largest crypto breaches in history, losing nearly half of its digital assets, valued at approximately $230 million. Although no group claimed responsibility, similarities to past attacks suggest that the Lazarus Group, a North Korean state-sponsored hacking group, may be involved. The decentralized nature of cryptocurrency made it harder to track or identify the attackers. This breach highlights that even distributed technologies like blockchain, built on trustless networks, are vulnerable to cyber attacks.
United Nations Development Programme Attack
The United Nations Development Programme (UNDP), the UN’s lead agency on international development, confirmed a data breach on March 27, 2024. This shows that hackers are no longer afraid of attacking massive international organizations as a part of their operations. A few days later, on April 3, 8Base posted UNDP as a victim in the list of its successful cyber attacks. Security experts have ranked 8Base among the top 5 ransomware groups currently in operation. The group employs various initial access methods, frequently delivering cyber attacks through phishing emails or leveraging initial access brokers (IABs) to infiltrate systems. However, one thing that has become evident after this attack is the need for stronger security measures.
International Monetary Fund (IMF) cyber attack
The International Monetary Fund (IMF) confirmed on February 16, 2024, that a cybersecurity breach affected 11 of its email accounts. The IMF, an international organization with 190 member countries, aims to boost global growth and prosperity. Independent cybersecurity experts launched an investigation to assess the scope of the attack and determine necessary actions. The IMF stated that it re-secured the compromised email accounts and found no further breaches. The IMF confirmed that it uses the Microsoft 365 cloud-based email platform. It also stated that none of its high-level accounts were compromised during the breach. Additionally, the IMF emphasized the need for stronger security measures across the financial sector.
American Express Third-Party Breach
In March 2024, American Express discovered a third-party breach that exposed credit card information for over 50,000 users. The breach revealed card account numbers, expiration dates, and customer names. American Express confirmed that a service provider used by multiple merchants had experienced unauthorized access. The investigation confirmed that both current and previous card details were compromised. While the exact tactics of the attackers remain unknown, American Express stressed that its internal network was secure. The company also sent emails to affected users, advising them to monitor their accounts for fraudulent charges and to change their passwords. It recommended enabling Two-Factor Authentication for extra security.
Conclusion
In conclusion, 2024 has been a stark reminder of the evolving landscape of cyber threats. The “Mother of All Breaches” (MOAB) exposed an unprecedented amount of data. The WazirX multi-million-dollar attack also demonstrated the sophistication of modern cyber threats. Breaches targeting international organizations like the United Nations Development Programme and the International Monetary Fund (IMF) further highlight the scale of these attacks. Financial companies, such as American Express, faced severe risks due to third-party vulnerabilities. These incidents emphasize the increasing interconnectivity and vulnerability of global cybersecurity systems.
These incidents highlight the urgent need to advance cybersecurity measures. The private and public sectors must collaborate more effectively and enforce stricter data protection practices. As cybercriminals become more skilled, organizations must invest in strong cybersecurity strategies. They need to focus on securing data and fostering a culture of cyber resilience. Emerging technologies and the speed at which companies and governments adapt to evolving threats will shape the future of cybersecurity.
Leave a Reply