Home
Blog
Lessons from 2024’s Most Significant Cyberattacks

Lessons from 2024’s Most Significant Cyberattacks

Avatar photo
Hwei Oh
01/28/2025
Share this article:

Cyberattacks in 2024 confirmed many of the predicted cybersecurity trends. The year also highlighted new risk vectors due to AI and more sophisticated attack methods.

A cyberattack doesn’t only affect a company’s bottom line. It affects people, too. The year saw millions of highly sensitive medical records, social security numbers, and other private data leak into threat actors’ possession. This type of information can lead to wide-scale fraud or harassment at a personal level and can also be used to impact organizations.

In this article, we explore 2024’s most significant attacks, what we can learn from them, and how you can prepare yourself for 2025.

Ransomware continues to disrupt the healthcare and other industries

Ransomware was an immensely disruptive form of cyberattack in 2024, especially in healthcare, where we saw some of its most devastating consequences.

Change Healthcare, a core healthcare services provider loses millions

The attack on Change Healthcare was so disruptive that the President of the American Hospitals Association called it “the most significant and consequential incident of its kind against the U.S. healthcare system in history.” And Congress said the attack was as if the hackers had attacked the health system directly.

Change Healthcare serves a key role in the U.S. healthcare system, verifying patient coverage and processing claims.

The ALPHV/BlackCat ransomware gang hacked Change Healthcare and stole a mind-boggling 6TB of data, then extorted an alleged payment of $22 million in ransom. Learning of the hack, Change Healthcare took its systems offline, which resulted in “massive economic and legal shockwaves across the U.S.” Some affected health systems lost as much as $100 million a day during interruptions.

Countless healthcare providers have been financially endangered by this hack because of delays in treatment and patients’ inability to obtain reimbursement. Healthtech provider Optum tried to step in to help healthcare facilities with funding but didn’t have enough cash flow. Change Healthcare’s own backup funding program was also found to be inadequate in supporting the affected institutions.

Since then, Change Healthcare has been hit with myriad lawsuits and it’s also being investigated for potential HIPAA compliance violations.

By October 17, the total costs of the incident had risen to nearly $2.5 billion.

Synnovis, a critical supplier of pathology services in the UK delays key procedures and operations

In the UK, hackers installed ransomware at Synnovis, a core supplier of pathology services to UK hospitals. The attack resulted in thousands of canceled healthcare appointments and delayed key services such as blood transfusions and test results. The stolen data allegedly included patient names and blood test descriptions.

Both attacks led to disruptions, canceled medical procedures, and hampered the entire industry. The incidents showed the true power of ransomware when deployed successfully.

loanDepot, one of the USA’s largest retail mortgage lenders takes systems offline

The healthcare sector wasn’t the only one that suffered from devastating ransomware attacks. The loanDepot attack resulted in millions of leaked records and disrupted mortgage payments.

On January 8, 2024, loanDepot had to take some of its systems offline after it had been hit by a “significant ransomware breach.” In total, hackers took 16.6 million records of loanDepot customer information, which included financial account details and social security numbers (SSNs). The incident cost loanDepot $26.9 million, including legal and remediation fees.

Key predictions and lessons:

Ransomware attacks are likely to get worse as RaaS (ransomware as a service) picks up pace. Businesses’ lack of urgency in protecting themselves against ransomware makes it a golden opportunity for cybercriminals.

Tools and services do exist that protect against ransomware, and 2025 is a crucial time to implement them.

Lessons from 2024’s Most Significant Cyberattacks - SolCyber

Supply chain attacks are getting worse, with zero-day attacks falling into the mix

Supply chain attacks—when hackers target the weakest link in a chain of services—worsened in 2024, a year that saw massive vulnerabilities exploited to attack major organizations.

MOVEit zero-day attack

The notorious MOVEit attack occurred in 2023, but the fallout was still felt in 2024.

The original hack occurred when a hacker group exploited a zero-day flaw that allowed the group to perform an SQL injection. In November 2024, a hacker with the alias “Nam3L3ss” released the data from the attack on the dark web, exposing millions of breached records.

What made this hack significant is that it gave hackers a backdoor into thousands of organizations, including large corporations and even government agencies. 

One news outlet described the hack as “carnage.” The hack affected around 2,620 organizations and 77.2 million people, including the U.S. Department of Energy, John Hopkins University, and the Office of Motor Vehicles in Georgia.

Ivanti zero-day attack

In January 2024, hackers exploited two zero-day vulnerabilities in Ivanti products, which are also used by government agencies. To make matters worse, Chinese espionage groups quickly began exploiting the vulnerabilities.

The attack impacted customers in numerous sectors, including military, finance, and aerospace.

Snowflake accounts compromise

Mandiant researchers revealed in June 2024 that a threat actor was “systematically” accessing Snowflake customer instances through stolen credentials. Several high-profile breaches were later attributed to this account breach, including a breach on banking giant Santander, AT&T, and Ticketmaster.

Predictions and lessons:

The supply chain attack pattern is a troubling one. Threat actors exploit supply chains—both physical and digital ones—because they know they can get access to data belonging to organizations with much stronger cyber resilience.

The situation is likely to get worse as reliance on third-party services increases. Companies must not only consider their security posture but also that of their vendors and suppliers.

Businesses should adopt a far more rigorous due diligence process before entering into supply chain contracts that involve sensitive customer data. It’s certainly not too much to ask potential vendors to provide you with a detailed breakdown of what cybersecurity measures they have in place, including tools, response teams, and policies.

Lessons from 2024’s Most Significant Cyberattacks - SolCyber

AI aided cyberattacks highlight the connection between consumer and organizational risk

Even though AI didn’t result in the doomsday scenario of developing new strains of advanced malware, it did make it easier for amateur hackers to start playing in the malware Big Leagues.

For example, AI makes it easier for cybercriminals to create compelling emails without typos that they can use in phishing attacks. It can also be used for sophisticated social engineering conversations on social media that fuel pig-butchering attacks.

Although such attacks target consumers, they endanger businesses as well. Consumers might be using the same password across various services, including their work login details. They might also be using business devices when visiting a personal social media site. Hackers might also use personal data to blackmail consumers and extort sensitive business data from them.

A prime example of this is the cyber attack on Muah.ai, an “AI companion platform” that generates anything from AI-powered “therapists” to “NSFW” companions. The breach led to a ton of sensitive data being exposed, specifically names, emails, and people’s activity on the site, which was troubling as it showed that many members engaged in serious criminal activity. The nature of the site fueled extortion attacks against people involved in the leak, which could also lead to blackmail and corporate risks.

Predictions and lessons:

Cybercriminals will continue to push the limits of AI to improve their ability to trick users. Deepfakes will get better, and companies will need to improve their internal processes when it comes to verifying identities.

The first line of defense in this new AI world is awareness training—and plenty of it. AI-generated text can be incredibly convincing, but it does have telltale signs that give it away. Simply educating people will go a long way to helping spot AI-generated content.

Data breaches are leading to irrecoverable damage for companies

We often write about the costs of data breaches because they significantly impact whether a business can continue operating. This year saw high-profile companies being hit hard and suffering major financial losses.

Jerico Pictures

One example was Jerico Pictures, the parent company of a data broker called NPD that suffered a massive data breach in early 2024. Jerico Pictures filed for bankruptcy in advance, citing they’d be unable to pay for the expected liability costs, credit monitoring, and penalties in over 20 states.

Lessons from 2024’s Most Significant Cyberattacks - SolCyber

Medisecure

Another example was Mediscure, a medical prescription provider in Australia. The company became the victim of a cyberattack that exposed data from over 12 million people. When Mediscure asked the Australian government for help with costs—such as response and investigation costs—the government denied the request. This forced Mediacure to go into liquidation.

Predictions and lessons from bot hacks:

The main lesson here is that data breaches and attacks can no longer be swept under the rug. Many jurisdictions have strict rules in place about disclosures, as well as the fines they’re ready to hand out when a leak happens. As more regulations arise, the risk increases that organizations can’t cover the costs of penalties, response, and remediation.

Trying to operate in such an environment without comprehensive cybersecurity coverage could be considered reckless.

The silver lining is that it’s now easier than ever to obtain comprehensive coverage without paying an arm and a leg by investing in a managed security service.

Lessons from 2024’s Most Significant Cyberattacks - SolCyber

Cyber resiliency is crucial to comprehensively protect organizations

Despite the significant impact the above attacks had, little changed in terms of innovation. AI’s primary contribution was to make it easier for hackers to carry out traditional attacks such as social engineering and phishing. However, AI didn’t spring up and deliver world-dominating malware code—and the current iteration of AI likely never will.

The good news is that we don’t need new tools to defend against current trends. Existing tools suffice if they’re used properly —and used abundantly. For example, awareness training has always existed, but organizations will likely need to up its quality and quantity in light of the new AI threat.

Because the threats we saw last year are largely the same as we’ve seen before, one doesn’t have to invest in an array of new tools and technologies or devise brand-new strategies to address the threats. Combatting the existing threats only requires effective foundational elements, such as:

Many organizations don’t have the resources to do all of this in-house. It’s important to leverage managed services and allow an experienced partner to serve as a key resource.

SolCyber provides comprehensive managed security services for companies of all sizes and across all sectors.

To learn more about our services, contact us today for a no-obligation chat.

Photo by Danil Aksenov on Unsplash

Avatar photo
Hwei Oh
01/28/2025
Share this article:

Table of contents:

The world doesn’t need another traditional MSSP 
or MDR or XDR.

What it requires is practicality and reason.

Related articles

Businesses don’t need more security tools; they need transparent, human-managed cybersecurity and a trusted partner who ensures nothing is hidden.

It’s time to move beyond the inadequacies of current managed services and experience true security management.
No more paying for useless bells and whistles.
No more time wasted on endless security alerts.
No more dealing with poor automated services.
No more services that only detect but don’t respond.
No more breaches caused by all of the above.

Follow us!

Subscribe

Join our newsletter to stay up to date on features and releases.

By subscribing you agree to our Privacy Policy and provide consent to receive updates from our company.

CONTACT
©
2025
SolCyber. All rights reserved
|
Made with
by
Jason Pittock

I am interested in
SolCyber XDR++™

I am interested in
SolCyber MDR++™

I am interested in
SolCyber Extended Coverage™

I am interested in
SolCyber Foundational Coverage™

I am interested in a
Free Demo

10460