Top Cybersecurity Stories of 2024

Year-End Cybersecurity Reporting Roundup

Beginning in 2018, I’ve collaborated with peers, initially at VICE Motherboard and currently at TechCrunch, to compile an annual list. This list showcases the most impactful cybersecurity reporting originating from various sources.

The domains of cybersecurity, surveillance technologies, and data privacy are expansive. No single news organization possesses the resources to comprehensively address these areas.

The Collaborative Nature of Journalism

While journalism inherently involves competition, it’s also fundamentally a collaborative profession. Directing our audience to the insightful work of other publications is a valuable practice.

This approach allows readers to gain a more complete understanding of these complex and far-reaching subjects.

Top Cybersecurity Stories of the Year

Below is a curated selection of our preferred cybersecurity stories from this year, authored by journalists at competing news organizations. — Lorenzo Franceschi-Bicchierai.

These articles represent significant contributions to the ongoing conversation surrounding cybersecurity and related fields.

AT&T Remitted $370,000 to Hacker for Deletion of Compromised Data

A significant data breach, ranking among the most extensive and audacious in recent times, occurred earlier this year. Hackers targeted numerous unsecured cloud storage accounts managed by Snowflake, a cloud computing provider utilized by major technology and telecommunications firms.

These attackers subsequently demanded ransom for the substantial volumes of data they obtained. AT&T was identified as one of the affected companies, acknowledging the loss of call and text records pertaining to “nearly all” of its 110 million subscribers.

This data loss encompassed over 50 billion call and text records, representing a massive compromise of customer information.

Details of the Ransom Payment

Following AT&T’s public disclosure of the breach, security journalist Kim Zetter revealed that the company had previously paid a hacker $370,000.

The purpose of this payment was to secure the deletion of the stolen phone records and prevent their public dissemination.

Zetter’s investigation provided crucial insights into the perpetrators behind the intrusions, initially designated as UNC5537 by Mandiant.

The individuals responsible were later identified as Connor Moucka and John Binns, who were subsequently indicted for their involvement in the widespread data theft from Snowflake customer accounts.

Key Takeaways: This incident highlights the vulnerabilities inherent in cloud storage security and the escalating threat of data breaches targeting large corporations.

• The breach impacted a vast number of AT&T customers.
• A substantial ransom was paid to prevent data publication.
• The perpetrators have been identified and face legal consequences.

The incident underscores the importance of robust security measures and proactive threat detection in safeguarding sensitive data.

Automakers and Data Sharing: Impact on Consumer Insurance Rates

A recent investigation by Kashmir Hill, published in The New York Times, has brought to light concerning practices regarding consumer data. Automakers are reportedly transmitting drivers’ behavioral data and driving patterns to third-party entities, including data brokers and insurance providers.

This data is then leveraged to potentially increase insurance costs and premiums, representing a concerning application of personal driving information. The practice raises significant privacy concerns, effectively utilizing a driver’s own data to their financial disadvantage.

GM’s Smart Driver Feature and Data Disclosure

Specifically, owners of GM vehicles may be unknowingly sharing their driving habits. Enrollment in the Smart Driver feature doesn't always clearly communicate that driving data will be automatically transmitted to external organizations.

This lack of transparent disclosure has sparked considerable debate and scrutiny regarding data privacy and consumer rights.

Congressional Inquiry and Data Valuation

The revelations spurred a congressional inquiry, uncovering further details about the data sharing arrangements. It was revealed that automakers, in certain instances, were selling consumer data for extremely minimal amounts – sometimes just pennies.

This raises questions about the ethical implications and the perceived value placed on individual driver data.

Key Concerns and Implications

• Privacy Violations: Drivers are often unaware their data is being collected and shared.
• Financial Impact: Data sharing can lead to increased insurance premiums.
• Lack of Transparency: Insufficient disclosure regarding data usage practices.
• Data Valuation: The minimal financial compensation received by automakers for consumer data.

The situation underscores the growing need for stronger data privacy regulations and increased transparency within the automotive industry. Protecting consumer data and ensuring informed consent are paramount.

A CIA operative undertook a perilous, long-term undercover assignment targeting Islamic extremist groups, ultimately suffering devastating personal consequences.

The narrative surrounding this operation is truly extraordinary. Were this account presented as a fictional film, its plot would still be considered remarkably dramatic. However, the reality of these events is what makes the story so compelling.

Zach Dorfman has accomplished a remarkable journalistic undertaking. Reporting on covert intelligence activities presents inherent challenges, as secrecy is paramount. This particular operation is not one the intelligence services would willingly publicize.

The Weight of Secrecy

There is no element of pride or satisfaction to be found within this account. To reveal further details would diminish the impact of the reporting. It is a story that demands to be read in its entirety.

— Lorenzo Franceschi-Bicchierai highlights the exceptional nature of this investigation and the importance of understanding the sacrifices made in the line of duty.

Undercover work within radical organizations carries immense risk, and this case exemplifies the profound toll it can take on those involved.

The Definitive Impact of Cryptocurrency, According to Charlie Warzel

While not solely a matter of cybersecurity, cryptocurrency has consistently held a connection to the world of hacking. Initially conceived as a libertarian ideal, it’s become apparent in recent years that Bitcoin, along with its numerous derivative cryptocurrencies, has diverged significantly from the original vision of Satoshi Nakamoto.

Nakamoto, the anonymous creator of cryptocurrency and blockchain technology, outlined a different purpose in the foundational 2008 paper on Bitcoin. Currently, cryptocurrency is increasingly utilized as an instrument for far-right groups to amplify their influence, a point thoroughly detailed by Charlie Warzel.

A Shift in Purpose

The evolution of crypto demonstrates a clear departure from its initial principles. What began as a decentralized alternative to traditional finance has, in some instances, been co-opted for political agendas.

Warzel’s analysis highlights this transformation, illustrating how the technology is now being leveraged in ways that were likely unforeseen by its originator. This represents a significant shift in the landscape of digital finance and political activism.

— Lorenzo Franceschi-Bicchierai.

Cencora Data Breach Resulted in a Record $75 Million Ransom Payment

A significant data breach at drug distributor Cencora has led to a record-breaking ransom payment of $75 million. This information was first reported by Bloomberg’s Katrina Manson, revealing details that remained undisclosed by other sources.

Details of the Cyberattack and Ransom

The extortion gang responsible for the cyberattack threatened to release sensitive personal and medical data pertaining to approximately 18 million individuals. Cencora experienced the initial breach in February.

Despite the incident, Cencora consistently declined to disclose the total number of people impacted. Public records, however, indicated that over 1.4 million individuals were affected, with this number steadily increasing.

Confirmation of the Ransom Payment

TechCrunch, along with other news outlets, had been investigating reports of a substantial ransom payment made by Cencora. Rumors suggested it could be the largest ransomware payment ever recorded.

Katrina Manson of Bloomberg successfully verified the details of the bitcoin transactions, confirming the $75 million ransom payment. This confirmation provides conclusive evidence of the significant financial impact of the breach.

Key takeaway: The Cencora data breach highlights the escalating financial risks associated with cyberattacks targeting healthcare-related organizations.

The Financial Ruin of Small Businesses Due to Relentless Ransomware

For years, I have been reporting on the issue of ransomware. While those perpetrating these data breaches are frequently communicative, the organizations targeted are generally reluctant to discuss the incidents publicly.

Ryan Gallagher of Bloomberg successfully secured an interview with Paul Abbott, co-owner of Knights of Old, a U.K.-based delivery firm. Abbott detailed the events surrounding a ransomware attack that ultimately led to the company’s closure after 158 years of operation.

Details of the Attack and Its Aftermath

Abbott provided a candid account of the attack and the subsequent decision not to engage in negotiations with the Russia-linked hacking group. This decision, unfortunately, resulted in the exposure of over 10,000 internal company documents.

The data leak proved catastrophic for Knights of Old. As Abbott explained, the compromised information prevented the company from obtaining necessary financing or finding a potential buyer.

Ultimately, the inability to secure a loan or sell the business left Knights of Old with no viable path forward, leading to its permanent closure. — Carly Page.

Key Takeaways from the Knights of Old Case

• Ransomware attacks can have devastating and long-lasting consequences for small businesses.
• A refusal to negotiate with attackers doesn't always protect a company; it can exacerbate the damage.
• Data breaches can severely hinder a company’s ability to secure funding or be acquired.

The case of Knights of Old serves as a stark warning about the increasing threat posed by ransomware to businesses of all sizes.

A Deep Dive into the Government Tool Tracking Phones Near Abortion Clinics

The publication 404 Media has consistently delivered impactful reporting since its inception. Among their numerous noteworthy investigations, one particularly resonated due to its sensitive nature. Journalist Joseph Cox, along with colleagues, analyzed a dataset acquired by the U.S. government.

His investigation centered on a critical concern: the potential for cellphone location data to be used to identify individuals seeking care at abortion clinics.

The Implications of Location Tracking

The timing of this discovery is particularly alarming. With the possibility of Donald Trump regaining the presidency and the Republican Party holding control of all governmental branches, further restrictions on abortion rights and access are anticipated.

This context elevates the risks associated with such surveillance practices, making the ability to monitor individuals seeking reproductive healthcare especially concerning.

— Lorenzo Franceschi-Bicchierai highlighted the importance of this story, recognizing its potential impact on privacy and reproductive freedom.

ZachXBT: The Anonymous Investigator Exposing Crypto Fraud

For several years, I’ve intermittently reported on breaches and thefts within the cryptocurrency space. This realm is remarkably complex, populated by individuals engaged in deceit, fraudulent schemes, and malicious hacking.

Alongside these actors are dedicated researchers committed to uncovering the truth. A particularly compelling figure is known online as ZachXBT.

Unraveling Complex Crypto Crimes

ZachXBT has spent years meticulously investigating and exposing elaborate crypto-related incidents. His work encompasses unraveling complex hacks, heists, scams, and sophisticated money laundering schemes.

This year, Andy Greenberg of Wired magazine published a detailed profile of ZachXBT. While the article deliberately protected the investigator’s true identity and omitted certain personal details, it offered a compelling portrayal of his work and underlying principles.

— Lorenzo Franceschi-Bicchierai.

A Profile in Investigative Journalism

The Wired profile highlighted ZachXBT’s unique approach to tracking illicit activity within the cryptocurrency ecosystem.

His investigations often involve tracing the flow of funds across multiple blockchains and identifying the individuals behind fraudulent operations.

The Importance of On-Chain Analysis

ZachXBT’s success relies heavily on on-chain analysis, a technique that involves examining transaction data recorded on the blockchain.

This allows him to follow the movement of stolen or fraudulently obtained funds, even as they are moved through various exchanges and wallets.

Protecting Anonymity

Maintaining anonymity is crucial for ZachXBT, as his investigations often target powerful and potentially dangerous individuals.

The decision to conceal his identity was a deliberate one, aimed at protecting himself and his family from potential retaliation.

A Five-Year Battle: How Chinese Hackers Targeted Sophos Firewalls

A recent investigation by Wired’s Andy Greenberg has uncovered a significant, state-sponsored hacking operation originating from China. The report details a years-long effort by researchers affiliated with Sichuan Silence, a cybersecurity firm located in Chengdu, and the University of Electronic Science and Technology of China.

Research and Exploitation of Vulnerabilities

These researchers dedicated five years to identifying security flaws within Sophos firewalls. The discovered vulnerabilities were then exploited by Chinese government-backed hacking groups, notably APT41 and Volt Typhoon.

The ultimate goal of this campaign was to establish covert access – backdoors – within Sophos firewalls deployed by organizations worldwide. This allowed the hackers to illicitly obtain sensitive data.

Global Impact and Compromised Devices

The scope of this operation was substantial, resulting in the compromise of over 80,000 firewall devices globally. This included systems utilized by entities within the U.S. government, as confirmed by Sophos themselves.

The campaign’s details were brought to light through Greenberg’s reporting, prompting a response from the U.S. government.

Government Response and Sanctions

In the wake of the published findings, the U.S. government imposed sanctions on the Chinese cybersecurity company, Sichuan Silence, and a specific employee involved in the extensive hacking campaign.

These sanctions represent a direct consequence of the identified malicious activities and underscore the severity of the threat posed by this state-sponsored hacking group.

— Carly Page.

China-Affiliated Hack Impacts Major U.S. Telecommunications Providers

A substantial cyberattack, attributed to a China-linked hacking group, has targeted prominent U.S. phone and internet companies. This breach, known as the Salt Typhoon operation, is poised to be remembered as a landmark cybersecurity event of 2024 and one of the largest hacks recorded to date.

The Wall Street Journal initially reported on this significant security incident in October. Their investigation revealed that Salt Typhoon, believed to be supported by the Chinese government, successfully infiltrated the networks of numerous U.S. telecommunications firms.

Details of the Salt Typhoon Hack

The primary objective of the hacking group was to gain access to data within systems utilized by the U.S. federal government. Specifically, they targeted information related to court-approved network wiretapping requests.

This successful penetration raises concerns about the security of sensitive law enforcement and national security operations. The compromised systems potentially allow unauthorized access to communications data.

Government Response and Recommendations

Following the WSJ’s initial reporting, the U.S. government initiated a series of actions. These included extensive follow-up investigations and the issuance of guidance to the public.

To mitigate the risk of intercepted communications, officials have strongly recommended that U.S. citizens adopt end-to-end encrypted messaging applications. Signal is specifically cited as a secure alternative.

• The hack underscores the growing threat posed by state-sponsored cyberattacks.
• Protecting critical infrastructure remains a top priority for national security.
• Enhanced cybersecurity measures are crucial for safeguarding sensitive data.

The Salt Typhoon hack serves as a stark reminder of the vulnerabilities within the telecommunications sector and the importance of proactive cybersecurity defenses. The incident continues to be a focus of ongoing investigation and remediation efforts.

The Emergence of AI-Generated Fake IDs and the Threat to Security

Know Your Customer (KYC) procedures represent a cornerstone of security for financial institutions and technology firms. These checks are designed to verify the identity of individuals engaging in transactions. KYC typically involves scrutinizing identification documents like driver’s licenses and passports to ascertain their legitimacy.

However, the increasing sophistication of generative AI models is rapidly undermining the effectiveness of these traditional KYC methods. The ability to create convincing forgeries is no longer limited to skilled individuals; it's now being automated.

AI-Powered ID Fabrication: A Deep Dive

Recent investigations by 404 Media uncovered a clandestine online platform utilizing neural networks to produce fraudulent identification documents with remarkable speed and realism. This discovery highlights the ease with which fake IDs can be generated.

These artificially created IDs pose a significant risk, potentially facilitating bank fraud and enabling the laundering of illicit funds. The site, which has since been taken offline, demonstrated a concerning vulnerability in current security protocols.

The implications of this technology are far-reaching, suggesting a need for enhanced verification techniques to combat the growing threat of AI-driven identity fraud. The report by 404 Media served as a crucial exposure of this emerging problem.

— Zack Whittaker.