Cybersecurity Highlights: 2024 Wrap-Up

Blog By Daniel Michan Published on December 25, 2024

Unprecedented cyber incidents, persistent nation-state threats, and significant shifts in global cybersecurity strategies marked 2024. From the United States and Europe to Asia and beyond, private corporations and government agencies were attacked by sophisticated adversaries, many of whom leveraged new technologies, including artificial intelligence (AI), to breach defenses.

Ransomware groups grew bolder, targeting critical infrastructure, smaller municipalities, and schools, illustrating that no entity was too big or small to be victimized. Regulatory bodies worldwide responded with new rules, requiring faster disclosure of breaches and more thorough risk assessments.

Meanwhile, law enforcement agencies increasingly disrupted high-profile cybercriminal enterprises. Below is a comprehensive look at some significant cyber incidents, trends, and developments in 2024.

Key Incidents and Trends

Ransomware Takes Center Stage

Ransomware attacks remained the most visible and impactful form of cybercrime throughout 2024. Groups like LockBit, BianLian, and Phobos executed extensive campaigns against critical infrastructure and private industry. In February, an international law enforcement operation called Operation Cronos successfully infiltrated LockBit’s core infrastructure, seizing decryption keys and arresting multiple threat actors across Europe and the United States. Despite this, LockBit resurfaced months later, demonstrating ransomware groups’ resilience and ability to rebrand.

Critical Infrastructure Under Fire

Energy grids, telecommunications, and healthcare facilities were repeatedly targeted. The U.S. healthcare system experienced major disruptions when Change Healthcare was hit by a cyberattack in February, halting electronic payments and medical claims processing nationwide.

The Federal Reserve was under siege by LockBit in June, with attackers claiming to have stolen 33 terabytes of sensitive data. Meanwhile, Chinese state-sponsored hackers, sometimes called “Salt Typhoon,” focused on U.S. telecommunications, infiltrating major internet service providers like AT&T, Verizon, and T-Mobile.

Government Agencies as Prime Targets

Government agencies worldwide were not spared. Multiple incidents showed the growing risk to public institutions, from disrupting the British Library’s services in January to breaches at the Czech National Cyber and Security Information Agency and the Dutch Police Network.

In the U.S., the FBI announced multiple takedowns of Chinese hacking operations, and even the Cybersecurity and Infrastructure Security Agency (CISA) was breached in March. In Europe, Denmark raised its cyber threat level, and Transport for London fell victim to cyberattacks, underscoring that government networks are perpetually attractive targets for espionage and destructive attacks.

Supply Chain and Third-Party Risks

Events like the data breaches at Evolve Bank & Trust and CDK Global demonstrated how attackers exploit complex webs of third-party services. The automotive supply chain saw disruptions after CDK Global’s systems were compromised, halting services to dealerships, repair shops, and parts suppliers. In manufacturing, German battery maker VARTA halted production following a cyberattack, signaling that no sector is immune to the ripple effects caused by supply chain compromises.

AI: Both a Shield and a Sword

Artificial intelligence took on a twofold role in 2024. Cybersecurity companies and government agencies deployed AI-enhanced threat detection tools to respond faster to novel attacks.

Simultaneously, threat actors used AI to automate phishing campaigns, create more convincing deepfake content, and pinpoint zero-day vulnerabilities in widely used software. The World Economic Forum’s Global Cybersecurity Outlook 2024 highlighted the pressing need for international collaboration to address AI-driven threats.

Notable Disruptions and Data Breaches

The year was peppered with massive data spills, such as the 26-billion-record breach discovered in February, dubbed the “Mother of All Breaches.” “RockYou2024,” a leaked repository containing nearly 10 billion passwords, posed a massive risk to password security worldwide.

Financial services were among the most brutal hit: Bank of America, Fidelity Investments, and Prudential Financial reported large-scale breaches, indicating systemic vulnerabilities across the finance sector.

Increasing Regulatory and Legal Measures

Regulatory bodies intensified requirements for transparency and accountability. The U.S. Securities and Exchange Commission (SEC) mandated publicly traded companies disclose material cybersecurity incidents within four business days.

In Europe, the European Union Agency for Cybersecurity (ENISA) noted a surge in disruptive cyberattacks, prompting stricter compliance measures. International law enforcement cooperations bore fruit with heightened arrests of cybercriminals, and new disclosure rules emboldened corporations to report incidents faster.

Law Enforcement Victories

The year saw growing international collaboration against cybercriminals. Operation Cronos, which dismantled LockBit, was a prime example. The FBI made headlines for acquiring 7,000 LockBit decryption keys and disrupting Chinese hacker botnets used to attack U.S. critical infrastructure. Europol acknowledged breaches of its portal, but also confirmed successful takedowns of criminal operations and the seizure of illicit online platforms.

Geopolitical Cyber Tensions

Cyber espionage and sabotage between major powers intensified in 2024. The U.S. and its allies collectively warned about China’s infiltration of critical infrastructure, while Russian-backed groups ramped up DDoS attacks in Europe and targeted technology giants like Microsoft. Iranian hackers, identified as APT42, allegedly targeted U.S. presidential campaigns. These incidents illustrated that nation-state actors viewed cyberspace as a legitimate and critical battlefield for intelligence gathering and strategic disruption.

The Human Element and Social Engineering

Despite technological advancements, social engineering remained a potent tool for attackers. Phishing campaigns, spear phishing, and business email compromise schemes proliferated. The compromise of Microsoft email accounts, including that of senior leadership, underscored the ongoing vulnerability of human error. Law enforcement agencies reported increasing use of psychological tactics to disrupt cybercriminal communities, mirroring the attackers’ own reliance on exploiting human weaknesses.

Conclusion and Key Takeaways

Cybersecurity in 2024 was characterized by high-profile breaches, increasingly sophisticated nation-state campaigns, and a rapid escalation in ransomware operations. At the same time, global cooperation among law enforcement agencies proved that cybercriminal enterprises could be infiltrated and dismantled, albeit only after significant damage had already been inflicted. Regulatory frameworks evolved, compelling organizations to disclose breaches quickly and improve security posture. Meanwhile, AI emerged both as a powerful defensive tool and a potent weapon in the hands of adversaries.

Looking back, 2024 underscored the harsh reality that cybersecurity is no longer just an IT issue but a strategic concern at the highest levels of government and industry. The most critical lesson learned was the importance of resilience: preparing for attacks, detecting them swiftly, and recovering faster. Whether through zero-trust architectures, more advanced threat intelligence, or better coordination between private companies and government agencies, the drive to stay ahead of rapidly evolving threats became a priority. These developments set the stage for the challenges and opportunities defining cybersecurity in 2025 and beyond.