The Biggest Cyber Attacks of 2024: Key Lessons for Businesses

Cybersecurity threats are evolving rapidly, and 2024 witnessed some of the most significant and impactful attacks to date. Today's post will take a closer look at recent cyber attacks, including strategies used by hackers, key consequences, and what businesses can do to create a safer, more prepared technology infrastructure in 2025.

1. Massive Phishing Campaign: Chrome Extensions Compromise

One of the most recent cyber attacks is estimated to have already reached 2.6 million users. In December, malicious versions of over 35 popular Chrome extensions, including Cyberhaven, were used to steal social media login info. Hackers gained access by phishing company employees, then manipulating the code and launching the harmful version of the extension.

What We Can Learn

This attack reminds us that even widely trusted companies and tools can be exploited in large-scale attacks—and even small vulnerabilities, like a single set of login info, can escalate into huge compromises. It's crucial for businesses to consistently monitor third-party tools and educate employees on safe extension use, as well as how to spot and avoid phishing attempts.

2. Taking Advantage of Downtime: Phishing Campaigns During the CrowdStrike BSOD Incident

In July, one of CrowdStrike's automatic updates contained an error that caused the blue screen of death (BSOD) on some Windows computers. Hackers took advantage of the downtime and companies' scramble to get back online, impersonating CrowdStrike's help sites and support channels in order to steal credentials.

What We Can Learn

From this recent cyber attack, we're reminded that scammers will take advantage of any vulnerability, including non-malicious disruptions. Organizations must stay especially alert and calm during incidents, implementing anti-phishing measures during downtime, monitoring for fraudulent domains and impersonation attempts, and educating employees on how to identify threats.

3. Ransomware Attack: Blue Yonder Supply Chain Breach

In November, Blue Yonder, a supply chain company, was hacked by the ransomware group Termite, disrupting big clients like Starbucks and Microsoft, among over 3000 others. Termite used a double extortion tactic: they encrypted systems and demanded a ransom in order to regain access, all while holding 680GB of sensitive stolen data and threatening to leak it.

What We Can Learn

The impact on big-name companies and entire industries raised awareness about both the danger of ransomware attacks and the new norm of sophisticated double extortion. Businesses were inspired to strengthen third-party and supply chain risk management, conduct frequent vendor security audits, and invest in key ransomware defenses like encryption and backups.

4. Malicious Redirects: The Polyfill Supply Chain Attack

polyfil.io provides a library of JavaScript codes that provide modern functionality on older browsers. When Funnull got a hold of one of the open-source projects, they altered it to include malicious scripts that redirected users to harmful sites. It's estimated that over 100,000 sites were affected, including some associated with Hulu, Warner Bros, and Mercedes-Benz.

What We Can Learn

Similar to the Blue Yonder incident, Polyfill's recent cyber attacks remind us of the cascading impact of supply chain attacks and the trend of using third parties as an entry point for cyberattacks. It's more important than ever for businesses to conduct thorough, ongoing security evaluations of their external partners and constantly monitor services for signs of compromise.

5. Telecom Espionage: Salt Typhoon Hacking Campaign

The Chinese state-sponsored advanced persistent threat (APT) group Salt Typhoon has been targeting US telecom companies in one of the most recent cyber attacks that's still unfolding. Hackers accessed texts, voicemails, calls, and other data of customers of providers like AT&T, Verizon, etc., and even compromised wiretap information from law enforcement investigations.

What We Can Learn

The severity and magnitude of this incident make sense. State-sponsored attacks are going to target high-value infrastructures, like telecom, in order to cause the most damage, like widespread espionage and data breaches. It's a hard-earned lesson in the importance of strong cybersecurity, including patches and regular audits, for big industries that house sensitive data.

Prioritize Cybersecurity in 2025 with ICS

These recent cyber attacks are concerning, and it's important to take the time to learn about them so you can strengthen your defenses and be prepared to protect your company in the coming year.

At ICS, we value your safety and success, and it's our mission to help you develop customized, proactive, and comprehensive cybersecurity strategies. We prioritize learning from current trends and using the most effective solutions to meet your needs and respond to recent threats. For a complimentary consultation and a closer look at your cybersecurity, set up a meeting with our team.

Get started today with the right managed service provider for your business! Schedule a free assessment for your business today!