Threat Pulse – December 2024

Each month, DigitalXRAID’s Security Operations Centre (SOC) analysts share the top threats affecting businesses globally. Take action to protect your organisation against these prolific threats. 

If you’ve been affected by any of these threats, we’re here to help. You can call our Cyber Emergency line any time of the day or night for help with active cyberattacks.

DigitalXRAID’s SOC analysts constantly monitor for zero-day threats and update our signature databases using the largest Open Threat Exchange database available. 

Snowflake Data Breach

In December 2024, hackers were seen to be exploiting stolen credentials to access data from companies such as Ticketmaster, Santander Bank, and AT&T. The hackers were able to gain access through the Snowflake platform, leading to significant data losses for any company that has been targeted by this attack.

Midnight Blizzard Email Compromise

The Russian threat actor known as Midnight Blizzard has compromised a number of email accounts of Microsoft Executives.

While this attack centred on senior leaders in a specific organisation, all companies should be protecting against account compromise attacks, either through email security measures or for defence in depth protection, with 24/7 security monitoring.

BeyondTrust Software Breached in US Treasury Department Attack

In December 2024, the US Treasury Department reported a significant cybersecurity breach attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) group.

The attackers exploited vulnerabilities in third-party software, specifically from BeyondTrust, used for remote technical support, allowing unauthorised access to unclassified documents and workstations.

The breach was detected on December 8 2024, and has since been contained, with no evidence of continued unauthorised access. The Treasury Department is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and other intelligence entities to assess and mitigate the impact of the breach.

This incident underscores the persistent threat posed by APT groups to public sector organisations, highlighting the critical need for robust cybersecurity measures and vigilant monitoring to protect sensitive information and maintain operational integrity.

SRP Federal Credit Union Data Breach

SRP Federal Credit Union reported a data breach affecting over 240,000 members. The breach involved the exposure of sensitive information, including Social Security numbers and financial account details. A ransomware group named Nitrogen claimed responsibility, alleging the theft of 650 GB of customer data.

Ascension Health Ransomware Attack

Ascension Health, a prominent healthcare organisation, suffered a ransomware attack that compromised patient data and disrupted services. The attackers demanded a substantial ransom, emphasising the healthcare sector’s vulnerability to cyber threats.

US Government Assistance Programmes Shutdown And Data Breach

The Rhode Island government in the US experienced a data breach affecting hundreds of thousands of residents. Compromised data included Social Security numbers and financial details. Hackers targeted users of government assistance programmes, leading to a temporary shutdown of the RIBridges system and highlighting the impact of cyberattacks on public services.

Volkswagen’s Cariad Cloud Misconfiguration

Volkswagen’s software subsidiary, Cariad, faced a security incident due to misconfigured cloud storage. This misconfiguration led to the exposure of sensitive data, underscoring the importance of proper cloud security configurations to prevent unauthorised access.

Texas Tech University Ransomware Attack

Texas Tech University was targeted in a ransomware attack that disrupted its IT systems and compromised sensitive data. The incident affected academic operations and highlighted the education sector’s susceptibility to cyber threats.

Unitronics Programmable Logic Controllers (PLCs) targeted in critical infrastructure sector attacks

Between November 2023 and January 2024, CyberAv3ngers targeted US-based Unitronics Programmable Logic Controllers (PLCs) used in critical infrastructure sectors, including energy.

They exploited default or weak passwords to gain unauthorised access, compromising at least 75 devices, including at least 34 in the Water and Wastewater Systems (WWS) sector in the United States.

The attackers displayed defacement messages on compromised devices, such as, “You have been hacked, down with Israel. Every equipment ‘made in Israel’ is Cyberav3ngers legal target.”

Increase in Cyber Incidents in the UK

The United Kingdom’s National Cyber Security Centre (NCSC) reported a 16% rise in cyber incidents in 2024, reflecting a growing intensity and sophistication of hostile cyber activities. This trend underscores the need for enhanced cybersecurity measures across all sectors.

These incidents from December 2024 highlight the diverse and persistent nature of cyber threats, affecting sectors ranging from government and finance to healthcare and education. They underscore the critical importance of robust cybersecurity measures and proactive threat management to safeguard sensitive information and maintain operational integrity.

DigitalXRAID exists to ensure that the bad guys don’t win. We’re driven and motivated to protect customers. Our expertise and unrivalled service means we can take care of your security, whilst you take care of business.    

Talk to the team to see how you can start protecting your business against cyberattacks today.