23 December 2024

Wrapping Up 2024: The Year’s Biggest Cyber Security Breaches and What We Learned

As the year draws to a close, it’s the perfect time to look back on the current cyber security landscape. The past year brought us a number of headline-grabbing cyber incidents, from data breaches to service outages. These incidents highlight how cyber threats are continuing to affect businesses of all sizes, in every sector. In this blog, we’ll reflect on some of the biggest cyber security stories of 2024, look at what went wrong, and explore how to strengthen your defences in 2025.

CrowdStrike Outage

This dramatic incident in July was one of the biggest cyber security stories of 2024, sending shockwaves around the world. CrowdStrike, a leading endpoint protection provider, experienced a major service outage in the early hours of the 19th July. The issue was caused by an unanticipated flaw in the deployment of a system update. This caused widespread disruption for the customers relying on CrowdStrike’s cloud-based threat intelligence and monitoring capabilities. It’s estimated that 8.5 million Windows devices were affected by the incident, causing havoc in airports, hospitals, supermarkets, and more.

The root cause of the incident was insufficient testing of the system update under real-world conditions. This, coupled with a lack of redundancies in critical areas, allowed the failure to disrupt businesses around the world. To prevent incidents like this happening in your own organisation, we advise organisations to rigorously stress-test updates – including in live environments – to ensure smooth implementation of the updates. It’s important to build resilient networks with fail-safe mechanisms and robust backup systems. This helps maintain the continuity of your operations whenever you uninstall an update.

Snowflake Data Breach

Snowflake, the cloud-based data storage company, faced an unprecedented data breach that hit the headlines earlier this year. A misconfigured access control in one of their cloud storage systems allowed unauthorised parties to access their systems. The team didn’t catch this oversight in time, allowing the attackers to steal sensitive client data, including financial records and proprietary information. Some of the businesses affected included Santander, Neiman Marcus Group, and Ticketmaster. Around 560 million Ticketmaster customers had their data stolen.

This breach shows the importance of understanding the cloud security shared responsibility model. Although cloud providers will secure their infrastructure, users are in turn responsible for securing their own data and configurations. To prevent similar incidents, we recommend businesses employ automated tools to continuously monitor their networks for misconfigurations and anomalies within cloud environments. This way, you can ensure the quick detection and mitigation of any potential vulnerabilities.

Blue Yonder Ransomware

Blue Yonder, one of the world’s leading supply chain software providers, was hit by a ransomware attack in November. The incident caused widespread disruption to its operations and impacted major retailers in the US and the UK. The attack, which targeted Blue Yonder’s managed services hosted environment, severely disrupted the supply chains of companies including Morrisons, Sainsbury’s, and Starbucks. The attack highlighted the vulnerabilities of the supply chain sector – although some companies like Tesco and DHL weren’t impacted, others such as Morrisons had to rely on backup systems to maintain operations.

For businesses, this attack underscores the importance of developing strong cyber resilience strategies. Organisations must ensure that their supply chain partners have robust cyber security measures in place. Any vulnerability can have knock-on effects, leading to significant disruptions up and down the supply chain. Businesses should also prioritise implementing backup systems that can be activated in case of a cyber incident – the regular testing and updating of these systems is essential in order to minimise downtime.

Lessons for 2025 – and Beyond

Reflecting on the cyber security stories of 2024, they offer a number of lessons for businesses looking to boost their security. One key takeaway is the importance of proactive threat hunting. Rather than waiting for an attack to happen, companies should conduct regular penetration testing and threat-hunting exercises to identify vulnerabilities before cybercriminals exploit them. Something else to consider is adopting a zero trust architecture, where every entity, whether internal or external, is assumed to be potentially compromised. This approach limits the damage that can occur in the event of a breach. 

Using AI and automated tools can also play a key role in enhancing your cyber security. These tools can analyse threats in real time and respond autonomously. They can also reduce the time it takes to detect a threat and stop it in its tracks. By adopting these strategies, businesses can build a more resilient cyber security posture and prepare themselves for the challenges ahead.

As the past 12 months show, no sector or business is immune to cyber attacks. From the disruption caused by CrowdStrike to cloud security breaches and ransomware attacks, these incidents show there are vulnerabilities to watch out for.

With 2025 fast approaching, the lessons learned from these incidents should serve as a guiding light for any business. We advise adopting a proactive and resilient approach to your cyber security strategy. This way, you can stay one step ahead of criminals, protecting your business – and your reputation – in the years to come.

Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.

Get in touch with us to find out more about how we can help you.

11 December 2024

The Biggest OT Security Incidents of 2024: Lessons for Critical Infrastructure

Operational Technology systems, or OT systems, are crucial when it comes to managing critical infrastructure such as energy grids, transportation networks, and manufacturing plants. It’s no surprise then, that they’re a prime target for cyber criminals, and they faced unprecedented cyber threats in 2024. Criminals are increasingly targeting these systems and exploiting their vulnerabilities to disrupt essential services and demand ransoms. In this blog, we’ll be taking a closer look at some of the biggest OT security incidents of 2024, what caused them, and suggest how to ensure you’re protecting your critical infrastructure.

The Importance of OT Security

Operational Technology (OT) systems control physical processes that keep our society running – from keeping the electricity on to managing water treatment facilities, and keeping transportation networks operational. A successful attack on these kinds of systems can result in catastrophic consequences, including power outages and even deaths. Unlike other cyber security incidents, attacks on OT systems directly impact physical infrastructure. In February, it was reported that OT security incidents impacted 46% of organisations around the world – meaning that it’s a matter of national and global importance. Below are some of the major OT security incidents of the last twelve months.

Russian Sabotage of Water Facilities

Cyber attacks on Ukrainian critical infrastructure helped pave the way for Russia’s invasion in 2022. However, it was discovered this year that Russian-backed hackers have also been active in other countries. Earlier this year, Mandiant reported that Sandworm, a Russian military intelligence hacking group, was the likely culprit behind attacks on critical infrastructure in the USA, Poland, and France. The group targeted a water treatment facility in Texas, causing overflow but no service disruption. This was an escalation of Russian cyber activities, and was the first suspected Sandworm-linked attack on American soil. Although no damage was done, next time they could do much more damage.

American Water Hit by Cyber Attack

In October, American Water, the largest water and sanitation utilities company in the US, suffered a cyber attack. The business, which serves 14 million people across 24 states, reported no impact on water quality or distribution. However, customer portals and billing services were disrupted. Experts suspect that state-backed attackers were behind the incident. Despite this, their motives (and the true extent of any data stolen) remain unknown. Speaking about the attack, Sean Deuby from Semperis pointed out that, “One common thread across all these campaigns is the use of identity for initial access, propagation, privilege escalation and persistence. Organizations should prioritize protecting these mission-critical systems.”

Volt Typhoon Stepped Up Its Efforts

The Chinese state-sponsored hacking group known as Volt Typhoon has been linked to OT security breaches, cyber espionage, and the hacking of US critical infrastructure. In the past, it has infiltrated sectors such as communications, energy, transportation, and water. The group’s activities are intended to disrupt critical services during any potential tensions or conflicts between China and the US. In January, an American law enforcement operation disabled hundreds of compromised routers – however, in November, it was revealed that the group was up and running again.

What Can Make OT Systems Vulnerable?

Many OT systems rely on outdated hardware and software that simply wasn’t designed with cyber security in mind. These systems often lack basic features like encryption or access controls, making them easy targets for attackers. With the increasing integration of IT and OT networks, however, this vulnerability is getting worse. Integration improves efficiency, but it also expands the attack surface. Any breach in an IT network can now offer criminals a way into the less secure OT systems that previously wouldn’t have been connected to the internet. 

Compounding the issue is the limited awareness and training in many businesses. Staff lack expertise in OT security, and can accidentally expose these systems to threats by failing to recognise phishing attempts or ignoring security protocols. Poorly segmented networks can also allow attackers to move across systems, turning what would have been a minor breach into a major incident.

Lessons Learned for Securing Critical Infrastructure

With cyber threats growing ever more sophisticated, protecting OT environments has become a top priority – both to ensure uninterrupted services and protect people’s lives. At Infosec K2K, we recommend a comprehensive approach to OT security. Organisations should conduct comprehensive risk assessments of their OT environments to find any vulnerabilities. Regular evaluations, like the assessments we offer, can help to tackle risks before attackers can exploit them. 

Equally important is patching and updating software. Unpatched vulnerabilities are a common entry point for attackers. Security professionals should establish patch management protocols and ensure timely updates – even for legacy systems such as OT networks. Limiting access to OT systems through strict controls, MFA, and the principle of least privilege also helps reduce your exposure to attacks. Proper segmentation of IT and OT networks, and tools like firewalls and virtual LANs (VLANs), helps to contain data breaches.

The Road Ahead For OT Security

The consequences of ignoring cybersecurity in OT environments are too severe to overlook. Thankfully, while attacks are becoming more sophisticated, the strategies to counter them are also evolving. Investing in OT security shouldn’t be thought of as optional, but rather a key part of any organisation’s security strategy. Here at Infosec K2K, we understand securing OT systems isn’t just about protecting your data. It’s about ensuring the safety of our society.

Whatever solution you’re looking for, we can help. The experts at Infosec K2K can offer you specialist guidance, and help you find the product that’s the best fit for you.

Get in touch with us to find out more about how we can help you.