By Editorial Desk, 63SATS
The cyber threat landscape in 2024 showcased escalating risks, with India ranking second globally in cyberattacks, targeting sectors like finance and healthcare. From unencrypted email servers exposing sensitive data to phishing campaigns compromising millions of Chrome extensions, the digital world grappled with vulnerabilities. High-profile breaches, including Rhode Island citizens’ data leaks and Thomas Cook India’s shutdown following a cyberattack, highlighted the growing need for robust defenses across industries.
On a positive note, crypto scams witnessed a significant decline, reflecting improved security measures. Meanwhile, regulatory efforts like the U.S. proposal to secure drone IT systems and MeitY’s initiatives in India emphasized proactive approaches to safeguarding digital ecosystems. From breaches in educational and healthcare sectors to advances in blockchain security, 2024 underscored the urgency of collective vigilance and innovation in cybersecurity.
Here’s our weekly recap of stories that made headlines.
India Emerges as Second Most Targeted Nation for Cyber Attacks in 2024
India ranked second globally for cyber attacks in 2024, with 95 organizations falling victim to data theft, according to CloudSEK’s ThreatLandscape Report.
The report revealed the United States faced the highest number of attacks (140), attributed to its vast digital infrastructure. In India, sectors like finance and banking (20 attacks) were most affected, followed by government (13), telecommunications (12), healthcare (10), and education (9). Israel ranked third, with 57 attacks. Rapid digitization and geopolitical factors contributed to these trends, highlighting the need for robust cybersecurity measures in vulnerable industries.
Millions of Mail Servers Vulnerable Due to Lack of TLS Encryption
Over three million IMAP and POP3 mail servers are exposed online without TLS encryption, leaving them susceptible to eavesdropping attacks. IMAP synchronizes emails across devices, while POP3 downloads emails locally. Without TLS, sensitive information, including login credentials, is transmitted in plaintext, making it easy prey for cybercriminals.
Experts stress the urgency of enabling TLS to protect email communications and prevent data interception. As the reliance on digital communication grows, securing these protocols becomes a critical priority for organizations worldwide.
Hackers Leak Rhode Island Citizens’ Data on Dark Web
Hackers have leaked sensitive personal data of Rhode Island citizens, confirmed Governor Dan McKee. The breach stemmed from an attack on the RIBridges social services portal, managed by Deloitte.
Compromised data likely includes personally identifiable information (PII) of individuals who applied for health or human services programs. Authorities urge affected residents to freeze credit, monitor accounts, and remain vigilant against fraud and social engineering attacks. The state is collaborating with Deloitte to assess the breach’s scope and notify impacted individuals. This incident underscores the growing risks to government systems and citizen data.
Crypto Scams Decline as December 2024 Sees Lowest Losses
Losses from crypto scams, hacks, and exploits dropped significantly in December 2024, totaling $28.6 million compared to $63.8 million in November, reports CertiK.
Exploits accounted for $26.7 million, including a $2.1 million DeFi platform GemPad breach and a $1 million FEG token bridge hack. Improved vigilance and security measures contributed to this decline. Blockchain security firm PeckShield recorded similar findings, with a 71% drop in losses. Experts stress the importance of continued investment in blockchain security to maintain this downward trend in crypto-related exploits.
Crown Mortgage Faces Data Breach Exposing Client Information
Crown Mortgage Company reported a data breach compromising sensitive information, including names and Social Security numbers, of its clients. The breach, attributed to unauthorized access, may involve ransomware activity. Impacted individuals received notification letters detailing the compromised data.
Crown Mortgage advises victims to take precautions against identity theft and fraud. The breach raises concerns about safeguarding sensitive financial data, particularly in industries managing critical consumer information. As investigations continue, cybersecurity experts emphasize proactive defense strategies for financial institutions.
US Proposes Stricter Rules for Foreign IT in Drone Supply Chains
The U.S. Commerce Department has proposed new regulations to mitigate national security risks posed by foreign IT in drones, particularly from China and Russia. The rule aims to prevent adversaries from remotely accessing and manipulating drone systems.
Commerce Secretary Gina Raimondo stressed the importance of securing the unmanned aircraft systems supply chain to safeguard sensitive data. This follows earlier moves to protect connected vehicles from foreign software and hardware vulnerabilities. Public feedback is sought to shape the final rule, emphasizing the growing focus on supply chain security in emerging technologies.
MeitY Enhances Cybersecurity and Empowers Citizens via CSC Initiatives
In 2024, MeitY introduced critical measures, including updated CCTV regulations under the Comprehensive Regulatory Order (CRO), ensuring stronger cybersecurity standards. With 138.34 crore Aadhaar numbers issued and 556 crore DIKSHA learning sessions conducted, MeitY also supported education and health with 67 million Ayushman Bharat Health Account (ABHA) numbers.
The Cyber Surakshit Bharat program trained 350 officials to combat threats, while nearly 6 lakh CSCs bridged rural digital divides. By empowering traders and citizens through welfare camps and providing access to over 2,000 government services, MeitY solidified its role as a driver of digital governance and cybersecurity in India.
Thomas Cook India Shuts Down Systems After Cyberattack
On December 31, 2024, Thomas Cook India revealed a cyberattack on its IT infrastructure in a BSE filing. The company promptly shut down affected systems and launched an investigation with cybersecurity experts to mitigate the breach’s impact.
Thomas Cook assured stakeholders of its proactive response, emphasizing its commitment to secure its digital operations. The breach highlights growing cybersecurity risks for travel and hospitality firms, underscoring the need for robust defenses against evolving threats. Investigations continue as Thomas Cook works to restore full functionality while prioritizing data security.
Chrome Extensions Targeted in Massive Phishing Campaign
A phishing campaign compromised over 35 Chrome extensions, affecting approximately 2.6 million users. Cybercriminals injected data-stealing code into extensions, including one by cybersecurity firm Cyberhaven.
Starting in December 2024, the campaign used fake violation notices to lure developers into phishing traps, granting attackers control of the extensions. Earlier traces of the campaign date back to March 2024. Developers are urged to verify links and review extension updates vigilantly. This breach underscores the growing threat to browser security, emphasizing the importance of developer and user awareness.
Indiana University Health Reports Data Breach via Compromised Email
Indiana University Health (IU Health) disclosed a data breach on December 17, 2024, resulting from a compromised employee email account. Between October 4 and October 18, unauthorized parties accessed emails containing sensitive data, including names, addresses, medical record numbers, and health information.
IU Health secured the account and initiated an investigation with external cybersecurity experts. Affected individuals were notified, and resources were provided to mitigate risks of fraud or identity theft. The incident highlights vulnerabilities in email systems and the urgent need for robust protective measures in healthcare IT environments.