{"id":122200,"date":"2025-01-22T11:43:07","date_gmt":"2025-01-22T17:43:07","guid":{"rendered":"https:\/\/arcticwolf.com\/2024-data-breaches-in-review\/"},"modified":"2025-01-31T13:38:39","modified_gmt":"2025-01-31T19:38:39","slug":"2024-data-breaches-in-review","status":"publish","type":"page","link":"https:\/\/arcticwolf.com\/uk\/2024-data-breaches-in-review\/","title":{"rendered":"2024 Data Breaches in Review"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Arctic Wolf Presents<\/span><\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

The Biggest Breaches of 2024<\/span><\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Our annual recap of the most noteworthy, high-profile, and damaging cybercrimes of the year. <\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

For cybercriminals, 2024 was a story of evolution and adaptation.<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Threat actors ensured that accidental insiders paid dearly<\/a> for their mistakes, infostealer malware attacks surged<\/a> around the globe, unremediated vulnerabilities<\/a> provided new, novel paths past defences, and ransomware continued its reign<\/a> as the cyber attack most likely to disrupt businesses and destroy reputations by making double extortion the rule, rather than the exception.<\/p>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\tExplore the list<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Top Data Breaches of 2024<\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
Explore the nine most noteworthy data breaches of the year, enhanced by novel insights from our elite team of security researchers, data scientists, and security development engineers. <\/h5>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t
<\/div>\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Ransomware Attack Impacts At Least One-Third of the U.S. Population <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\tA massive attack on a major healthcare organisation could have been prevented by the implementation of multi-factor authentication.\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Data Breach At A Glance<\/span><\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"Threat<\/figure>

Threat Actor:<\/span>BlackCat\/Alphv Affiliate <\/span><\/h3><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"Healthcare<\/figure>

Industry Impacted:<\/span>Healthcare<\/span><\/h3><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"Impacted<\/figure>

Impacted Org:<\/span>Change Healthcare <\/span><\/h3><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\"\"<\/figure>

Region:<\/span>North America<\/span><\/h3><\/div><\/div>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\n\n\t\t
\n\t\t\t
\n\t\t\t\t<\/i><\/span>View Full Details<\/span>\t\t\t<\/div>\n\t\t<\/div>\n\n\t\t
\n\t\t\t
\n\t\t\t\t
\n
<\/div>\n
\n
\n
\n
\n

Ransomware Attack Impacts At Least One-Third of the U.S. Population<\/h2>\n

A massive attack on a major healthcare organisation could have been prevented by the implementation of multi-factor authentication.<\/p>\n\n

\n

Data Breach at a Glance<\/span><\/h4>\n<\/div>\n
\n
\n\n\n
Threat Actor:<\/span><\/h6>\n
BlackCat\/Alphv Affiliate<\/h5>\n<\/div>\n
\n\n\n
Industry Impacted:<\/span><\/h6>\n
Healthcare<\/h5>\n<\/div>\n
\n\n\n
Impacted Org:<\/span><\/h6>\n
Change Healthcare<\/h5>\n<\/div>\n
\n\n\n
Region:<\/span><\/h6>\n
North America<\/h5>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n
\n
\n
\n

Attack Details:<\/h4>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

An affiliate of Alphv\/BlackCat, one of the cybersecurity world\u2019s most notorious ransomware gangs, struck Change Healthcare \u2014 a provider of revenue and payment cycle management that connects payers, providers, and patients within the US healthcare system \u2014 in February.<\/p>\n

According to reports, initial access was obtained through the compromised credentials of a customer support employee obtained from a Telegram group that traffics in stolen credentials. These credentials were then used to access the Change Healthcare network via a remote access service that did not have multi-factor authentication (MFA) enabled.<\/mark><\/p>\n

After gaining access, the affiliate remained in the network for nine days, conducting lateral movement and exfiltrating data before finally encrypting systems, making off with the personal, health, and financial information of an estimated 100 million people.<\/p>\n\n<\/div>\n<\/div>\n

\n
\n
\n

Fallout:<\/h4>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

A $22 million (USD) ransom was paid to secure the data, however Alphv\/Blackcat pulled an \u201cexit scam,\u201d posting a message claiming they had been shut down by law enforcement, while most likely pocketing the funds, stiffing their partners, and resuming activity under a new name. Meanwhile, the recovery, remediation, and reputational cost of the ransomware attack has reached nearly $2.5 billion (USD), according to quarterly earnings reports.<\/p>\n\n<\/div>\n<\/div>\n

\n
\n
\n

Arctic Wolf Insight:<\/h4>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n

The Arctic Wolf Labs 2024 Threat Report<\/a> found that 46.3% of non-business email compromise (BEC) attacks were driven by compromised credentials, with 7.3% of them being instances where historically compromised credentials were used to gain direct access to a victim\u2019s environment. It\u2019s imperative organisations not just implement modern MFA but enforce its use \u2014 particularly the passwordless approaches based on the FIDO2 set of specifications<\/a>.<\/p>\n\n<\/div>\n<\/div>\n

\n
\n
\n

Sources<\/h4>\n<\/div>\n<\/div>\n<\/div>\n
\n
\n