2024 may go down as one of the most active years we’ve seen in recent history in terms of the amount of disruptive online activity and data breach attacks. We are not even halfway through the year and have already seen a laundry list of massive data breaches across numerous industries.  

• In January, we started off the new year with one of the largest data breaches ever seen, dubbed by some the “Mother of All Breaches” (or MOAB). This breach involved a staggering 12 terabytes (TB) of data consisting of 26 billion user data records stolen from LinkedIn, X (formerly Twitter), Weibo, Tencent, and other online platforms. 

• February didn’t turn out much better. In that month, UnitedHealth Group experienced a serious outage and data breach after they were hit by the notorious “Blackcat” ransomware gang (also known as “ALPHV” or “Noberus”).  

• Then came March, when AT&T had to notify millions of current and former customers that their data had been stolen and leaked online. This data breach affected 7.6 million current AT&T customers and an additional 65.4 million former account holders. 

• Fast forward to late April, when US health insurance giant Kaiser Permanente had to notify millions of current and former members that they had suffered a data breach after finding that “certain online technologies, previously installed on its websites and mobile applications, transmitted personal information to third-party vendors.” This information included member names and IP addresses, as well as information about whether members were signed into a Kaiser Permanente account or service and how they “interacted with and navigated through the website and mobile applications, and search terms used in the health encyclopedia.” 

• In mid-May, we’ve seen yet another serious healthcare-focused cyberattack involving the Ascension health system. Operating 140 hospitals in 19 states, the US health system giant was forced to divert ambulances, postpone patients’ medical tests, and even had to block online access to patient records in response. As a result, their operations were seriously affected, as was the health and well-being of many Ascension patients. 
  
  

As already stated, 2024 so far has seen organizations around the world hit with serious data breaches and cyberattacks. Unfortunately, it looks like we only have more of this to look forward to in the remainder of the year—but what are the exact threats you should expect to see, and more importantly, what can be done about them?  

UDT’s elite cybersecurity team has been actively monitoring the situation. We have gathered our insights here so you know what to look out for and how to protect yourself and your organization in the coming months. Let’s dig in. 

The Current Threat Landscape: Top Attack Vectors Right Now 

Here at UDT, members of our UDTSecure™ Cybersecurity and Threat Intelligence (CTI) Team have observed a significant uptick in attack vectors focused on disrupting services, compromising data, extracting data for extortion purposes, and ultimately causing chaos during the upcoming election season.  

We want to make sure the public at large knows to be especially vigilant for the following threats, each of which has been personally flagged by our CTI Team: 

• Exploitation of firewall vulnerabilities; 

• Exploitation of VPN infrastructures, often using previously stolen credentials; 

• Brute force and password spray attacks intended to steal credentials; 

• Increases in phishing and vishing (voice phishing, now often using AI to replicate voices) to gain credentials, steal funds, and/or deliver malicious payloads; 

• Web application hacking, such as Cross-site scripting (XSS) and SQL injection attacks, which exploit vulnerabilities in the code itself; and 

• DDoS attacks meant to disrupt services and to make the victim restart their systems so a pre-delivered malicious payload script can be launched. 

Who’s On The Hit List? Education & Public Entities 

My team has already observed hackers and cybercriminals employing the above attack vectors across multiple industries; however, many of these bad actors appear to be focusing their attacks on two of the most vulnerable target sectors—education and public entities (city, municipality, and state agencies).  

In the education sector specifically, hackers are attacking individual schools because there is a lot of interconnectivity between a school infrastructure into a city network, for instance, and they are often unprotected or, at best, poorly protected from common attack vectors. The same unfortunately tends to go for public entities: there is usually little to no network segmentation within public networks, which allows a bad actor who gains unauthorized access to Network A to then be enabled to traverse across other interconnected networks. 

Another compounding factor in this current surge of cyberattacks is that 2024 is an election year. Our threat intelligence—combined with attacks we’ve personally observed—has identified that the primary groups of cybercriminals tend to be made up of well-organized “Hacktivists” and state-sponsored cybercriminals from China, Eastern Europe, Russia, and North Korea. The latter group is known to be rewarded for carrying out attacks that disrupt or influence the US government, its infrastructure, and its democratic processes. 

How to Protect Your Organization From Attack 

To keep individuals, businesses, schools, and governmental organizations safe during this period of higher-than-normal cyber risks, UDT’s CTI Team recommends taking the following actions, which may seem obvious but are often overlooked: 

1. Web Application Penetration Testing (or “pen testing”) – Due to the increased frequency of API exploitation we are seeing, we highly recommend performing pen testing of all web applications—especially those accessible through the internet—to spot vulnerabilities before bad actors have a chance to take advantage of them. 
2. GEO Configuration Settings – Review the “GEO” blocking configuration settings for your firewalls and email platforms. Identify which countries these platforms are allowing telemetry data to come in or transmit to. We often see these settings go unreviewed periodically. 
3. Increased Security Training & Education – No amount of technology can offer complete protection of an organization’s data if its people are not properly trained. This means more than just the old method of having them “watch a video and take a quiz.” Every organization should be conducting real-world training by employing proven methods, such as sending out test phishing emails once a quarter instead of annually to see which employees click links, download attachments, or enter credentials, as they will require more training. Better to have them get caught up by a fake phishing email than a real one. 

Things Are Bad (and Will Get Worse)… But We Can Survive This 

No doubt, 2024 is going to be a very rough year for cybersecurity; however, there have been surges in cyberattacks in years past and we have survived them, some better than others. While the game has changed a bit with the rise of artificial intelligence (AI) and the increased presence of state-sponsored hackers, understanding which threats can impact your organization and fortifying the resiliency of mission-critical systems will make it harder for any organization to fall victim to a cyberattack during the next 8-12 months. If you can stay ahead of threat intelligence and prioritize your security posture, then you will be well on your way to avoiding headlines as the next big cybersecurity story of 2024. Stay safe out there!