Worst Hacks of 2024

Every year has its mix of digital security issues, from the silly to the sinister, but 2024 has been marked by a surge in cybercriminals and government-sponsored espionage groups who repeatedly exploit the same weakness or type of target to increase their mayhem. For the attackers, the process is ruthlessly efficient, but for the organizations they replaced, and the people they serve, the chaos had real consequences for people’s privacy, security, and safety.

As political unrest and unrest increase around the world, the year 2025 will be the most difficult and dangerous year for the Internet. But first, here’s WIRED’s look back at this year’s worst breaches, leaks, government-sponsored money laundering campaigns, ransomware attacks, and digital theft cases. Stay alert, and stay safe out there.

Espionage operations are a fact of life, and China’s relentless cyber campaigns have been going on for years. But a Chinese-linked spy group known as Salt Typhoon carried out a notorious operation this year, hacking several US phones including Verizon and AT&T (as well as others around the world) for several months. And US officials told reporters earlier this month that many of the affected companies are still trying to remove the hackers from their networks.

The attackers targeted a small group of people – fewer than 150 at the current count – but included former US law enforcement officials and State Department officials as well as members of the Trump and Harris campaigns. In addition, texts and phone calls from other people who were in contact with the Salt Typhoon targets were also affected by the spying process.

Throughout the summer, the attackers were on the rampage, breaching well-known companies and organizations that were customers of the cloud data storage company Snowflake. The breach also does not qualify as hacking, as cybercriminals simply used stolen passwords to log into Snowflake accounts that lacked two-factor authentication. The result, however, was a surprising amount of stolen data from victims including Ticketmaster, Santander Bank, and Neiman Marcus. Another victim, telecom giant AT&T, it said in July that “almost all” records related to customers’ calls and text messages from seven months in 2022 he was stolen from the entry related to Snowflake. Security company Mandiant, which is owned by Google, he said in June that the destruction affected about 165 people.

In July, Snowflake added a feature to allow account administrators to verify two-factor authentication for all users. In November, suspect Alexander “Connor” Moucka was He has been arrested by Canadian police on suspicion of leading a web browsing operation. He was indicted by the US Department of Justice for Snowflake’s tears and faces extradition to the US. John Erin Binnswho was arrested in Turkey in connection with the breach of telecom T-Mobile in 2021, was also indicted on charges related to the breach of Snowflake customers.

In late February, medical billing and insurance company Change Healthcare was hit by a hack that caused chaos in hospitals, doctor’s offices, pharmacies, and other medical facilities around the US. The attack is one of the largest healthcare breaches, affecting more than 100 million people. The company, which owns UnitedHealth, is the largest healthcare provider in the US. It said that a few days after the attack began, it believed that ALPHV/BlackCat, a well-known Russian-speaking ransomware group, was behind the attack.

Information stolen in the attack included patient phone numbers, addresses, bank and other financial information, as well as health records including diagnoses, prescriptions, and medical information. The company paid $22 million to ALPHV/BlackCat at the beginning of March in order to solve the problem. Payment is visible encouraged attackers to achieve medical goals on a larger scale than usual. As it continues, more than 100 million people have been informed – while others are still being identified – cases and other problems have been increasing. This month, for example, the government of Nebraska sued Change Healthcaresaying that the “failure to implement preventive measures” made the attack worse than it should have been.

Microsoft he said in January that it was hacked by the Russian “Midnight Blizzard” hackers in an incident that compromised corporate email accounts. The group is attached to the Kremlin’s foreign intelligence agency SVR and is primarily linked to SVR’s APT 29, also known as Cozy Bear. After the first intrusion in November 2023, the attackers targeted and compromised Microsoft test accounts that allowed them to gain access to what the company said was “a very small subset of Microsoft corporate accounts, including members of our management team and employees at our operations.” on cybersecurity, legal, and more.” From there, the team released “some emails and attached documents.” Microsoft said the attackers were looking for more information about the company – in other words, Midnight Blizzard is doing Microsoft’s research on this group.

The National Public Data records company was compromised in December 2023, and this incident was first exposed to the cybercriminal game in April 2024. Various changes to the data were made repeatedly during the summer, which reached public confirmation. company breach in August. The stolen information included names, Social Security numbers, phone numbers, addresses, and dates of birth. Since National Public Data did not confirm the breach until August, speculation about the situation grew for months and included speculation that tens or hundreds of millions of Social Security numbers were at stake. Although the breach was massive, the actual number of people affected appears to be, mercifully, very small. The company was reported in the file to Maine officials that the breach affected 1.3 million people. In October, National Public Data’s parent company, Jerico Pictures, filed for Chapter 11 bankruptcy Reorganization in the Southern District of Florida, citing state-by-state investigations into violations and several lawsuits the company is facing over the incident.

Honorable mention: North Korean Cryptocurrency Theft

Many people steal a lot of cryptocurrency every year, including North Korea cyber criminals who is responsibility to support the fund the hermit kingdom. A report from the cryptocurrency tracing firm Chainalysis which was released this month, however, emphasizes how hackers supported by Pyongyang have been. The researchers found that in 2023, criminals linked to North Korea stole more than $660 million in 20 attacks. This year, they stole about $1.34 billion in 47 incidents. The 2024 figures represent 20 percent of all transactions tracked by Chainalysis this year and 61 percent of all funds reported. he stole them all.

The authority itself is impressive, but the researchers emphasize the seriousness of the crimes. “U.S. and international officials have determined that Pyongyang uses the crypto it steals to finance its mass destruction weapons and ballistic missile programs, endangering international security,” Chainalysis said.