The cyber security landscape in 2024 is packed with stories that are impossible to ignore, especially with ongoing developments in artificial intelligence. But instead of getting lost in the fears surrounding AI, let’s delve into some pressing issues like data privacy, major data breaches, and the security challenges posed by popular open-source software.
Cyber security firms themselves aren’t immune to scrutiny. Companies like Ivanti, Microsoft, Okta, and CrowdStrike made headlines for all the wrong reasons as weaknesses in their products opened the door for attacks on their customers. Here’s a closer look at the top ten cyber security stories of the year.
-
Historic Data Leak: In January, researchers found a massive data dump containing 26 billion records—more than 25GB of information. Touted as the largest leak ever, it mostly involved data from Chinese social media but also included records from major platforms like Adobe, Dropbox, and LinkedIn. This collecting of data likely served as a tool for identity theft and phishing schemes.
-
Okta’s Security Commitment: In February, Okta announced it would double its investment in security over the next year, launching a Secure Identity Commitment. This move followed earlier breaches where attackers exploited its services. Company leaders recognized the urgent need to fortify the identity data they safeguard.
-
Ivanti’s Vulnerabilities: Ivanti faced backlash after vulnerabilities in its network access and secure socket layer products allowed threat actors to gain access to sensitive data. These serious issues raised alarms across various organizations as attackers took advantage of the security gaps.
-
XZ Utils Backdoor Incident: In April, the open-source XZ Utils library faced a crisis when a backdoor was discovered in its code. This malicious entry point, embedded in versions 5.6.0 and 5.6.1, risked unauthorized access to several Linux distributions, highlighting the vulnerabilities in widely used open-source components.
-
Microsoft’s Initiative Expansion: In May, Microsoft bolstered its Secure Future Initiative in response to a critical US government report. The company acknowledged its crucial role in the IT ecosystem and the growing threats, committing to enhancing software security and vulnerability management.
-
CrowdStrike Outage: On July 19, IT professionals worldwide stumbled into chaos when a faulty update from CrowdStrike caused critical systems to crash. While there were no major security breaches tied to this incident, the repercussions led to legal actions against CrowdStrike and called the reliability of their software into question.
-
Reform in UK Cyber Laws: The CyberUp campaign continued its push for modernizing the Computer Misuse Act of 1990. With Keir Starmer taking office, campaigners rallied for change, arguing that outdated laws put UK security experts at risk of prosecution simply for doing their jobs.
-
Celebrating a Milestone: The National Cyber Security Centre celebrated its eighth anniversary this year, ushering in new leadership with Richard Horne. Over the years, the cyber security environment has evolved significantly, and the NCSC aims to navigate future challenges as technology and threats become more intertwined.
-
Rise in Zero-Day Exploits: In November, both the NCSC and CISA revealed concerning data trends, showing that the majority of exploited vulnerabilities were zero-days. The report underscored the need for defenders to ramp up their vulnerability management strategies against familiar bugs like Log4Shell and Citrix.
- TikTok Ban Looms: As 2024 wrapped up, news broke that TikTok might get banned in the US after a court ruled against the platform’s appeal. Concerns over its data practices and potential exploitation by the Chinese government positioned this ban with broad implications for millions of users and businesses. Ironically, former president Donald Trump, who once sought to ban the app, could play a critical role in its fate in 2025.