2024: A Retrospective of the Year’s 5 Biggest Cyber Threats

In 2024 cyberattacks hit harder, faster, and with more devastating precision than ever. Critical infrastructure, government agencies, and private enterprises found themselves in the crosshairs of increasingly sophisticated attackers.  

Why did these breaches happen, and what can we learn as we prepare for 2025? Let’s dive into five of the most significant cyber incidents of 2024 and the lessons they hold for all of us.

Top 5 Major Cyberattacks of 2024

1. Salt Typhoon Cyber Espionage on Global Telecommunications

Salt Typhoon, a suspected Chinese hacking group, targeted major U.S. telecommunications providers like AT&T and T-Mobile in a relentless pursuit of high-value data. By exploiting public-facing server vulnerabilities and blending into legitimate system operations, they gained long-term access to critical networks.  

Despite the best efforts of agencies like the FBI and CISA, Salt Typhoon remains a lurking threat. Their reach extends far beyond telecoms, with attacks spanning industries and continents.

Since 2020, Salt Typhoon has infiltrated over 20 organisations across industries such as technology, consulting, chemicals, and transportation, affecting regions from the U.S. to the Middle East and South Africa. Rumoured to be connected to the Chinese government, the gang is a major player in the hacking world.

2. Ransomware Attack on London’s Healthcare Services

In June 2024, a ransomware attack attributed to the Russian-speaking cyber gang Qilin disrupted London’s hospital services. The target, Synnovis, a pathology lab provider for National Health Service (NHS) hospitals, suffered severe disruptions, leading to hundreds of cancelled operations, appointments, and tests.

Qilin is a criminal organization that offers ransomware as a service. In this instance, they deployed ransomware using a blend of phishing emails and vulnerabilities in exposed applications like remote desktop protocols. The gang also used a double-extortion tactic, stealing and publishing nearly 400GB of sensitive healthcare data to pressure Synnovis into paying a ransom.

This attack was a grim reminder of how dependent healthcare is on digital infrastructure—and how dangerous it is to leave that infrastructure exposed.

Peter Mackenzie, Director of Incident Response at Sophos, noted that healthcare organisations remain prime targets because their critical services put immense pressure on them to recover quickly¹.

3. Cyberattack on Japan’s Niconico and Kadokawa

Also in June, The BlackSuit ransomware gang disabled operations at Japan’s popular video platform, Niconico, and its parent company Kadokawa. Using phishing attacks to infiltrate the system, they demanded millions in ransom.

If you're interested in cybersecurity, it's likely that you've heard about BlackSuit before. According to certain accounts, they appear to have strong ties to the Royal ransomware gang, which was founded from the remains of the infamous Conti group.²

The attackers remotely disabled both companies’ servers and restarted them to spread malware, leading to a breach of data from over 254,000 users. The attack caused major service suspensions, disrupted scheduled programming, and delayed distributions.

In exchange for the stolen information, BlackSuit demanded $8.25 million in ransom, but agreed to a settlement of $3 million.  

Despite this, some of the stolen information was still released³. In the aftermath, Kadokawa issued a statement revealing that it anticipates a loss of around $15 million due to the cyberattack’s impact.

With cybercrime on the rise and a longstanding criticism of the country’s cybersecurity capabilities—attacks have surged 35-fold over the past decade—the Japanese government has now elevated cyberdefence to a national security priority.⁴

4. Iranian Cyber Activities Targeting U.S. Political Entities

Throughout 2024, Iranian-backed hackers ramped up their focus on U.S. political targets.  

For instance, the Mint Sandstorm grouplaunched a spear-phishing attack targeting a high-ranking official in the U.S. presidential campaign. Using social engineering tactics, these hackers compromised personal and professional accounts, particularly those linked to national political organisations and Middle Eastern affairs.  

Iranian-run news networks also disseminated disinformation to polarize American voters. This blend of hacking and geopolitics underscores the reality: cyber warfare isn’t coming—it’s here. These operations reflect a broader global trend of, with Iranian hackers being involved in another infamous cyberattack against Sweden in the spring of 2023⁵.

5. Cyberattack on Transport for London (TfL)

In September, Transport for London faced a damaging cyberattack that exposed the personal data of thousands. While initial reports suggested no significant disruption, it was later revealed that data of approximately 5,000 individuals might have been leaked.  

Legacy systems, including those still compatible with Internet Explorer, left the organization wide open to exploitation. According to a London Centric article, after the original incident, other hackers rushed to exploit the newly discovered vulnerabilities, hitting TfL with a new wave of previously unreported attempted attacks.

Even though the attack prompted a full IT system reset for TfL staff, this incident raised concerns about the security of critical urban infrastructure and highlighted the persistent risks posed by legacy software and a liability it can be.

What Can We Learn

Cyberattacks have evolved far beyond mere technical disruptions; they are now critical issues with profound societal and geopolitical implications. The incidents of 2024 underline the urgency of shifting from reactive approaches to proactive, globally coordinated defences.  

Our systems are only as strong as their weakest link, whether that’s human error, outdated software, or fragmented accountability.

• Social engineering remains a top tool for hackers, leveraging human error to bypass technical defences. Verizon’s 2023 Data Breach Investigations Report revealed that up to 74% of breaches involve human interaction, often starting with phishing emails⁶. This highlights the critical need for user education and awareness as part of any cybersecurity strategy.

• Third-party vendors also pose significant risks, with over 60% of organisations reporting a third-party data breach or cybersecurity incident⁷. Cybercriminals exploit less-protected networks of suppliers and contractors to infiltrate primary targets, bypassing their more advanced security measures. These indirect attacks show how important it is to take into account the security practices of all entities in a supply chain.

• Legacy systems and poor maintenance exacerbated vulnerabilities, as seen in attacks on organisations like NHS and TfL that are still reliant on outdated technology with known weak spots. Technical and security debt, stemming from poor system design and deferred maintenance, only deepens the risk.

Conclusion

The lessons from 2024 make one thing clear: cybersecurity must be treated as a shared, ongoing responsibility across all levels of an organisation and beyond.  

Whether it’s ransomware, state-sponsored espionage, or opportunistic hacking, the threats are evolving just as fast as software development is. Factors such as artificial intelligence, automation, and inadequate cyber hygiene amplify the challenge of staying on top of cybersecurity risks.  

But cybersecurity is no longer just an IT issue; it’s a matter of public safety, economic stability, and national security.

Organisations must take proactive measures to mitigate risks, as chances of an attack happening are getting higher and higher. Incident response planning, regular cybersecurity training, and simulated attack exercises are critical for creating cyber resilience.

The cost of inaction far outweighs the investment in securing our future.  

1. "NHS England probes data leak after cyber attack on Synnovis blood-test provider", Financial Times

2. "BlackSuit ransomware - what you need to know", Tripwire  

3. "Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers", The Record  

4. "Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers", The Diplomat

5. "Sweden says Iran behind cyberattack calling for revenge on Quran burners", The Record  

6. 2024 Data Breach Investigations Report, Verizon  

7. 2024 Third-Party Risk Management Study, Prevalent  

8. "Chinese hack of global telecom providers is ‘ongoing,’ officials warn", Politico

9. "A Russian cyber gang is thought to be behind a ransomware attack that hit London hospitals", AP News

10. "China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack", The Wall Street Journal

11. "Transport for London hit by a cyber attack", The Scottish Sun