{"id":1364,"date":"2024-12-31T06:00:00","date_gmt":"2024-12-31T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1364"},"modified":"2024-12-31T06:00:00","modified_gmt":"2024-12-31T06:00:00","slug":"top-12-ways-hackers-broke-into-your-systems-in-2024","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1364","title":{"rendered":"Top 12 ways hackers broke into your systems in 2024"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

In 2024, hackers had a field day finding sneaky ways into systems \u2014 from convincing phishing scams that played on human curiosity to brutal software flaws that exposed gaps in tech upkeep. It was a year of clever breaches, showing just how wide the gap is between user habits and security practices.<\/p>\n

\u201cWhile every year brings new types of attacks, it\u2019s important to realize that hackers are always going to look for the easiest ways to get in, and that means areas where security teams lack the visibility or control, they need to mitigate risks,\u201d said Melinda Marks, senior analyst at Enterprise Strategy Group.<\/p>\n

Let\u2019s deep dive into the top ways attackers slipped past defenses this year.<\/p>\n

X-days kept users on their patching toes<\/h2>\n

The year 2024 saw some of the most devastating zero-day and N-day exploits in recent memory,\u00a0with a few of them even picked up by high-profile attackers to breach critical systems and launch nation-state level persistence.<\/p>\n

Quoting a ransomware study for the year, Dave Gruber, principal analyst at Enterprise Strategy Group said, \u201cFrom our research, software and configuration vulnerabilities were a big initial point of compromise. For smaller organizations, initial points of compromise were more likely to be through a business partner vs. larger organizations where initial compromise was more likely related to a software vulnerability.\u201d<\/p>\n

While patching efforts kept security teams busy, a few of these exploits stood out as particularly disruptive.<\/p>\n

1. Fortinet flaw Zero-day\u2019ed by nation state actors<\/strong>: In October 2024, Fortinet\u00a0warned<\/a>\u00a0about a critical (CVSS 9.8\/10) RCE vulnerability, tracked as CVE-2024-47575,<\/strong>\u00a0in its FortiManager platform, actively exploited by attackers to exfiltrate sensitive data like IP addresses, credentials, and configurations. No malware or backdoors were found. This flaw, exploited in the wild, has been linked to nation-state actors, such as China-backed Volt Typhoon, who have\u00a0used similar Fortinet vulnerabilities<\/a>\u00a0for cyber espionage.<\/p>\n

2. Check Point bug enabled Iranian hacks<\/strong>: In August, CISA\u00a0issued a warning<\/a>\u00a0about a critical flaw (CVE-2024-24919) in CheckPoint\u2019s security gateway software. The vulnerability, which had a high CVSS score (8.6\/10), allowed attackers like Pioneer Kitten and Peach Sandstorm, Iranian hacker groups, to exploit information disclosure weaknesses in the company\u2019s security solutions. Active exploitation in the wild was reported, with attackers leveraging the flaw to access sensitive data from systems using VPN and mobile access blades.\u00a0<\/p>\n

3. Ivanti Connect flaws found Chinese abuse<\/strong>: In December 2023, researchers uncovered two chained zero-day vulnerabilities<\/a>, CVE-2023-46805 and CVE-2024-21887, in Ivanti\u2019s Connect Secure and Policy Secure gateways, exploited by Chinese state-sponsored actors. These flaws allowed unauthenticated remote code execution, enabling attackers to steal configurations, alter files, and set up reverse tunnels from compromised VPN appliances. Targeting critical sectors like healthcare and manufacturing, the attackers leveraged advanced lateral movement and persistence techniques to access intellectual property and sensitive data. The campaign highlighted the risks of unpatched enterprise software, with Ivanti scrambling to release mitigations while working on patches.<\/p>\n

4. Cleo\u2019s crown fell to persistent hackers<\/strong>: In December,\u00a0a flaw in Cleo\u2019s LexiCom, VLTrader, and Harmony systems<\/a>\u00a0allowed hackers to exploit an incomplete patch, affecting over 10 businesses. Attackers used the vulnerability to upload and run malicious code, exposing sensitive data. Huntress detected the breach and advised disconnecting systems until a complete fix was released. <\/p>\n

5. MOVEit impact bled well into 2024<\/strong>: The MOVEit vulnerability (CVE-2023-35708), exploited by the Clop ransomware group, caused widespread data breaches starting in 2023, with significant effects persisting into 2024. This SQL injection flaw in Progress Software\u2019s MOVEit Transfer enabled attackers to exfiltrate sensitive data from over 2,600 organizations worldwide, targeting industries like government, healthcare, and education. Clop shifted tactics by foregoing ransomware and relying on data theft and public exposure to pressure victims. The attack underscored the critical need for timely patching and robust data security in the face of evolving cybercriminal methods.<\/p>\n

In 2024, both patched and unpatched vulnerabilities caused widespread issues, highlighting how software flaws remain a key entry point for hackers. However, a bit of good news came from a report suggesting that improved patching practices helped tip the scales, with zero-day exploits outnumbering and surpassing<\/a> N-day attacks in impact and severity during the year.<\/p>\n

Phishing hooks grew tighter<\/h2>\n

Phishing remained a top hook in 2024, with miscreants using AI to whip up super-convincing scams that even top-notch detection tools couldn\u2019t always catch.\u00a0This year\u2019s phishing hall of shame had a few significant campaigns.<\/p>\n

6. Microsoft users duped by Russian phishers:\u00a0<\/strong>One of the most impersonated brands, thanks to its dominance in corporate environments, Microsoft became a prime target in major phishing campaigns like the one\u00a0spearheaded by Russia\u2019s Midnight Blizzard<\/a>. The APT group targeted over 100 organizations, using fake emails to lure victims into downloading malicious RDP files. These files granted attackers access to sensitive corporate data,\u00a0highlighting<\/a>\u00a0the increasing sophistication of phishing tactics and the pressing need for defenses like MFA and better endpoint security.<\/p>\n

7. New phish enters the fray<\/strong>: In November,\u00a0a clever phishing campaign<\/a>\u00a0was seen exploiting DocuSign\u2019s Envelopes API to send fake invoices that appeared legitimate, tricking recipients into approving unauthorized payments. Attackers used paid DocuSign accounts to bypass security filters, crafting documents mimicking brands like PayPal and Norton. Victims unknowingly signed off transactions, leading to major financial losses and highlighting the need for stronger verification and multi-factor authentication to counter such creative exploits.<\/p>\n

8. Alibaba and Adobe users tricked into coughing up credentials<\/strong>: Other significant\u00a0campaigns in 2024<\/a>\u00a0targeted two phishing debutants, Alibaba and Adobe, employing somewhat similar tactics. The Alibaba scam tricked businesses with fake emails about order disputes to steal credentials, while Adobe users faced phishing emails mimicking document-sharing requests, leading to credential theft.\u00a0<\/p>\n

In 2024, phishing ended up driving a whopping 36% of all breaches<\/a> worldwide, proving yet again why it\u2019s the classic go-to move for hackers looking to stir up chaos.<\/p>\n

Supply chains went off the rails<\/h2>\n

The year saw several large supply chain attacks that caused significant and lasting damage, some of which will likely be felt into 2025. Hackers got more inventive, targeting trusted platforms and third-party suppliers, disrupting industries globally. Here\u2019s a quick look at two of the most impactful hacks of the year, which have created ongoing cybersecurity challenges.<\/p>\n

9. Vetted bots hit Discord users<\/strong>: In March, the Top.gg bot community with over 170,000 Discord members was hit by a supply chain attack<\/a>\u00a0when Colorama, a third-party bot verification tool, was compromised. Attackers injected malicious code into the tool\u2019s update, gaining access to bot permissions. This allowed them to scrape user data, hijack tokens, and spread phishing links<\/strong>\u00a0across verified bots, causing rapid disruptions and eroding trust within the community.<\/p>\n

10. Massive PyPi hack uncurled<\/strong>: In November,\u00a0attackers were found targeting PyPI<\/a>, the popular Python package repository, using typosquatting and dependency confusion tricks. They uploaded malicious packages disguised as trusted libraries, fooling developers into downloading them. Once installed, these packages unleashed keyloggers, backdoors, and tools for stealing data, putting thousands of developers and their projects at risk. The breach spread quickly, affecting both enterprise and open-source applications.\u00a0<\/p>\n

In addition to these attacks, the year also saw continued fallout from the SolarWinds<\/a> and MOVEit<\/a> supply chain breaches, with both incidents affecting over hundreds of organizations.<\/p>\n

\u201cAttackers are looking into areas that are scaling, such as APIs, and the software supply chain with the increase in usage of third-party and open-source code with potential for tampering,\u201d Marks said. \u201cThese are not easy for security teams to manage without the right tools and processes in place to help them work efficiently.\u201d<\/p>\n

2024 Cyber \u201cOops\u201d that let hackers in<\/h2>\n

In 2024, insider risks and app misconfigurations opened the door for some serious cyber mayhem. Whether it was leaked employee data or cloud setups gone wrong, these gaps gave hackers an easy entry. Here\u2019s a rundown of the biggest letdowns from the year.<\/p>\n

11. Fake jobs, real data heists<\/strong>: Fourteen North Korean operatives\u00a0posed as IT workers<\/a>, using stolen identities and fake setups to land remote jobs. Over six years, they pulled in $88 million, stealing sensitive data and extorting employers. In another\u00a0twist<\/a>, fake North Korean freelancers helped bypass sanctions and leaked business info, proving how insider risks can be a goldmine for the DPRK regime.\u00a0<\/p>\n

12. Customers\u2019 AWS blunder for data spill:\u00a0<\/strong>In December, misconfigured AWS instances left sensitive data like customer credentials and proprietary code exposed. Hackers\u00a0targeted millions of public-facing sites<\/a>, exfiltrating data from thousands of misconfigured setups. The breach underscored the critical need for robust cloud configuration practices.\u00a0<\/p>\n

Aside from the main entry points above, the year also saw hackers target compromised human and machine credentials for secondary infections, leading to breaches like the New York Times source code<\/a> hack and the Internet Archive<\/a> incident.<\/p>\n

\u201cNon-human identities are a rapidly growing piece of the attack surface that got more attention in 2024,\u201d said Todd Thiemann, senior analyst, at Enterprise Strategy Group. \u201cOur research in this area showed that even as organizations said they lack visibility into their non-human identities, 72% either know or suspect that they have had non-human accounts or credentials compromised.\u201d<\/p>\n

While 2023 saw Okta and Cloudflare encounter high-profile incidents, 2024 saw incidents relating to non-human identity compromises like the Internet Archive and the Sisense customer data breach<\/a>, he added.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

In 2024, hackers had a field day finding sneaky ways into systems \u2014 from convincing phishing scams that played on human curiosity to brutal software flaws that exposed gaps in tech upkeep. It was a year of clever breaches, showing just how wide the gap is between user habits and security practices. \u201cWhile every year […]<\/p>\n","protected":false},"author":0,"featured_media":1365,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1364"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1364"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1365"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}