This month, we’re looking back at some of the key events and trends that emerged in the cyber landscape in 2024. The year saw major attacks on the UK’s critical national infrastructure such as the NHS and Transport for London. State actors from Russia, China and other hostile countries as well as financially motivated cyber criminals continued their incursions, with British organisations increasingly finding themselves in the crossfire.
The National Cyber Security Centre (NCSC) in its annual review reported a three-fold increase in nationally significant severe incidents compared to the previous year.
Dr Richard Horne, the new CEO of the NCSC has warned of a widening security gap between the threats the UK faces and the defences available. He has also highlighted the need to improve the resilience of our national infrastructure, supply chains, private and public sector and the larger economy. “We need organisations – public and private […] to view cyber security not just as a ‘necessary evil’ or compliance function but as a business investment, a catalyst for innovation and an integral part of achieving their purpose.”
The top cyber crime strategies
Ransomware emerged as one of the most favoured attacks this year. We saw it deployed against NHS blood testing platform Synnovis and across the pond against US health insurance giant UnitedHealth. While Synnovis (rightly) refused to pay, UnitedHealth coughed up nearly $22 million only to be caught out in an exit scam. The payment did nothing to protect the stolen data. The advice from the NCSC is clear: paying ransoms to cyber criminals is no guarantee that your data will be safe.
Phishing campaigns became more sophisticated and went beyond using the humble email as bait. We saw QR codes, SVG images, clean URLs as well as Microsoft Word’s file recovery feature all being exploited to deliver malicious code. There was also an increase in man-in-the-middle and reverse proxy attacks, where criminals intercept and change communications between two parties to steal sensitive data. SIM swapping, where hackers take control of your phone number by transferring it to their SIM card, was also on the rise this year.
The biggest attacks and disruptions
Two of the most disruptive cyber incidents of 2024 were caused by Russian ransomware. The attack on NHS blood-testing platform Synnovis severely disrupted services across six trusts and led to a nationwide O‑type blood shortage. Russian Ransomware-as‑a Service was behind the UnitedHealth attack, where the personal data of 100 million people in the US was exposed. The incident also led to the tragic shooting of UnitedHealth CEO Brian Thompson.
Back home, the Transport for London hack cost TfL £30 million to clean up and months to restore services. Thousands of TfL employees had to report in person to head office to have their digital identities verified after systems went down. A 17-year-old boy was arrested, then bailed. We are awaiting further information.
When it came to critical national infrastructure, lax security at the Sellafield nuclear facility meant that 75% of its security systems were identified as being vulnerable to cyber attacks. The facility was accused of endangering national security and fined nearly £400,000.
The third party factor: an open door for bad actors
Targeting poorly-protected third-party suppliers was a lucrative strategy for cyber criminals this year. Incidents involving third-party cloud storage particularly hit the headlines. Vulnerabilities in these services allowed hackers to access sensitive data from multiple organisations. An example is the AT&T data breach, where hackers stole records of calls and texts from AT&T customers stored on the insecure third-party cloud storage company Snowflake. Other affected companies included Ticketmaster and Santander, highlighting the domino effect of relying on third-party providers.
What we can learn
Again (and again), some of the most high-profile organisations in the world fail to have basic cyber security in place. For instance, UnitedHealth’s Change Healthcare Citrix portal did not have basic multi-factor authentication.
Based on what we’ve learned from criminal activity this year, this is what you can do to make sure you’re protected.
- Ensure that your organisation has regular gap analysis and cloud security reviews to help you understand your current security posture.
- Implement security controls such as DMARK (to prevent email spoofing) and conditional access polices in MS365 (to ringfence sensitive data and applications).
- Carry out regular penetration tests to expose unknown security gaps in your systems.
- Invest in a continued programme of user education and awareness to foster a culture of security within your organisation.
- Have an up-to-date disaster recovery ‘playbook’ to help a swift recovery should the worst happen.
- Get Cyber Essentials certification. This government-backed scheme is a great starting point for protection against a variety of the most common cyber attacks.