Cybersecurity Trends 2024: Are You Ready?
As technology progresses, threat actors continually adapt their tactics. What considerations should your cybersecurity team prioritize to effectively address the evolving cyber landscape in 2024?
The GRAMAX CYBERSEC presents insights into forthcoming cybersecurity trends, offering frontline intelligence from our experts. The year ahead will be a crucial one in the realm of cybersecurity, with the emergence of new trends that will revolutionize the way organizations shore up their defenses. In this age of interconnected systems, cybersecurity trends emerging in 2024 will transform defense mechanisms significantly and pave the way for a more robust and proactive approach to countering cyber risk.
Gramax Cybersec: A Review of Cybersecurity Landscape in 2023.pdf
1. A Review of Cybersecurity Landscape in
2023
As we wrap up 2023, it’s time to pause and reflect on the dynamic landscape of cybersecurity.
The cyber landscape has been far from calm, witnessing a series of impactful incidents that
demand our attention. To help make sense of it all, the Gramax Cybersec team has put together
a comprehensive blog to review the major cybersecurity attacks and breaches faced in 2023.
Let's explore key cyber incidents, lesson learned, and trends that shaped the year, aiming to
equip ourselves for more effective cyber risk management in the next year.
NOVEMBER
Tri-City Medical Centre Ransomware Attack
On November 9, Tri-City Medical Center fell victim to a ransomware attack, causing a
significant disruption to its emergency services. While the scale of the attack may not have
been massive in terms of the number of affected individuals, the impact was noteworthy. The
hospital, facing unauthorized activity on its computer network, had to shut down critical
equipment, leading to the inability to accept patients through the 911 system. This incident
reveals the heightened vulnerability of medical facilities, with potentially life-threatening
consequences due to cybercriminal activities targeting older software systems crucial for
patient care.
OCTOBER
2. Largest-Ever DDoS Attack
October witnessed the largest distributed denial of service (DDoS) attack, with internet giants
including Google and Amazon issuing warnings about the escalating sophistication of such
attacks. The DDoS attacks reached an unprecedented peak of 398 million requests per second,
exploiting a zero-day vulnerability and employing a novel HTTP/2 "Rapid Reset" technique.
These attacks pose a severe threat to internet-facing websites and services, aiming to
overwhelm them with fake data requests.
SEPTEMBER
DarkBeam Data Leak
On September 18, 2023, the CEO of cyber security news site SecurityDiscovery, Bob
Diachenko alerted DarkBeam, a digital protection company of a massive data leak. An
unprotected Elasticsearch and Kibana interface exposed a staggering 3.8 billion records.
Intriguingly, these records were compiled from previous data breaches, serving as a repository
for informing DarkBeam's customers about potential security incidents. Although originating
from previous breaches, the sheer volume of exposed data posed a substantial risk for potential
phishing campaigns and identity-related scams.
AUGUST
UK Electoral Commission Cyber-Attack
In a notable incident on August 8, 2023, the UK's Electoral Commission fell victim to a
"complex cyber-attack." Malicious actors gained unauthorized access to the electoral registers,
compromising personal information of approximately 40 million individuals. The breach
involved accessing Electoral Commission servers containing emails, control systems, and
copies of electoral registers from 2014 to 2022. The registers included voters' names, addresses,
and birthdates. Security researcher Kevin Beaumonton revealed that the Commission was
running an unpatched version of Microsoft Exchange Server, making it vulnerable to
ProxyNotShell attacks during the incident.
JULY
Tigo Video Chat Platform Data Leak
In July, the Chinese video chat platform Tigo experienced a significant data breach, impacting
over 700,000 users. The compromised data included names, genders, email addresses, IP
addresses, profile pictures, and private messages. The breach raised concerns about data
privacy practices and potential misuse of the exposed information.
JUNE
Oregon and Louisiana Department of Motor Vehicles Compromise
In June 2023, both the Oregon and Louisiana Departments of Motor Vehicles (DMVs) reported
cyber-attacks resulting from a MOVEit software vulnerability. Louisiana's OMV disclosed that
at least six million records, including driver's license information, were stolen. The breach,
attributed to a third-party software provider, left the full extent of the damage undetermined.
3. On the other hand, the Oregon DMV revealed that an estimated 3.5 million driver's licenses
and identity card details were compromised.
May
Luxottica Cyber-Attack
Luxottica, the world's largest eyewear company, fell victim to a major cyber-attack in May.
The breach exposed 74.4 million unique email addresses and 305 million records, including
customers' full names, email addresses, home addresses, and dates of birth.
APRIL
Shields Healthcare Group Cyber-Attack
In late April, Shields Health Care Group, a Massachusetts-based medical services provider,
reported a cyber-attack that compromised the personal data of 2.3 million people. The stolen
data included patients' social security numbers, dates of birth, home addresses, healthcare
provider information, and billing details.
MARCH
Latitude Financial Data Breach
In March 2023, Latitude Financial, a Melbourne-based financial services company, suffered
the largest confirmed data breach of the year. Over 14 million records were compromised,
including almost 8 million driver's licenses, 53,000 passport numbers, and numerous financial
statements. The company initially reported only 300,000 affected individuals, revealing a poor
understanding of the breach's scope.
FEBRUARY
PeopleConnect Data Breach
PeopleConnect, a background check services provider, along with TruthFinder and Checkmate,
confirmed a data breach affecting 20 million individuals. The leaked 2019 backup database
contained hashed passwords, email addresses, and full names. This incident exposed sensitive
personal information, heightening concerns about data security and the potential for identity
theft.
JANUARY
Twitter Data Breach
The year started with a notable cyber incident as the criminal hacker 'Ryushi' leaked over 400
million Twitter users' email addresses. While no other personal information was compromised,
the exposure of email addresses raised significant privacy risks, especially for high-profile
individuals susceptible to phishing or privacy invasions.
Beyond the Headlines!
While the comprehensive review of cybersecurity incidents in 2023 outlined major monthly
attacks, it is crucial to acknowledge that the landscape is even more extensive, with additional
incidents shaping the ever-evolving threat environment. Beyond the monthly highlights, the
4. cybersecurity landscape witnessed prominent cloud infrastructure exploits, compromising
databases and applications hosted by leading cloud service providers. Additionally, a surge in
healthcare ransomware attacks disrupted critical medical interventions, underscoring the
vulnerability of the healthcare sector to cyber threats. The year also saw the emergence of AI-
powered phishing campaigns, where malicious actors harnessed artificial intelligence to
orchestrate highly sophisticated attacks that outpaced conventional security measures. These
incidents, although not explicitly mentioned in the monthly breakdown, further emphasize the
diverse and pervasive nature of cyber threats that organizations across industries must confront
and fortify against for robust cybersecurity in the coming years.
What Needs to Be Done?
To navigate the complexities of the digital realm in the coming years, organizations must
prioritize a multi-faceted approach. Firstly, investing in cutting-edge cybersecurity
technologies, such as advanced threat detection systems and artificial intelligence-driven
security measures, is crucial to stay ahead of increasingly sophisticated attacks. Additionally,
fostering a culture of cybersecurity awareness and education among employees is paramount,
as human error remains a significant vulnerability. Regularly updating and patching software
vulnerabilities, as highlighted by incidents like the UK Electoral Commission breach, is a non-
negotiable aspect of cyber hygiene. Collaborative efforts between governments, industries, and
cybersecurity experts can further enhance information-sharing and collective defense
strategies. As we step into 2023, a commitment to staying agile, informed, and collaborative
will be key to navigating the ever-changing cybersecurity landscape successfully