In 2024, there have been over 29.5 billion known records breached across thousands of publicly disclosed incidents globally – and we’re only 3 months into the year. The latest cyber attack headlines reveal the alarming new methods hackers are using to target businesses and individuals. Thanks to innovations in AI, cybercriminals are finding new and increasingly personal ways to steal data, conduct social engineering, and crack passwords. 

This blog looks at some of the recent cyber attack headlines from 2024. These incidents stand out not only for their scale, but for the potential impact they could have on the threat landscape. 

The Deepfake CFO (and the Very Sorry Finance Clerk)

One of the most recent cyber attack victims to make global news was an employee in the Hong Kong office of a multinational financial firm. In a first-of-its-kind attack, a finance clerk was duped into making payments amounting to more than HK$200m (£20m) at the request of the company’s CFO – or at least that’s what they thought. 

The employee was invited to a conference call with their London based CFO, alongside a number of other members of staff. However, it quickly came to light the CFO was actually a deepfake – an eerily realistic replica created by AI. Unfortunately, the payments had already been made, resulting in a huge financial loss for the firm.  

It’s believed that a group of threat actors downloaded videos from publicly available videos and conference call recordings to mimic the senior staff members on the call, including their voice and facial expressions. The AI-generated replicas were so convincing, the clerk believed everyone on the call to be genuine. The fraudsters also used WhatsApp and email to make the scam seem even more legitimate. 

This is the latest cyber attack using deepfake, and the first where deepfake technology has been used in a conference call. 

The “Mother Of All Breaches”

There are data leaks and then there’s this. Being dubbed as the Mother Of All Breaches – or the MOAB for short – this recent cyber attack is a data breach of extraordinary scale. In January, cybersecurity researchers discovered a supermassive data leak of over 26 billion records – making it the largest ever discovered. This equated to a huge 12 terabytes of information, containing user data from platforms including LinkedIn, X [Twitter], Canva, and Weibo, as well as records from various public bodies including Germany, Turkey, Brazil and the US. 

A significant amount of the dataset contained information from previous breaches, but a large portion is believed to have not been published before. The information exposed was more than just names and email addresses too, with billions of records including personal and sensitive data. 

The MOAB has had a huge global impact as the largest (known) leak ever seen, with the full extent not yet known. 

Roll Up, Roll Up! DNA for Sale!

What could be scarier than your genetic data being leaked? This was concern for many after genetic testing company 23andMe experienced a cyber attack throughout the end of last year. The company helps users learn more about their ancestry by providing DNA testing, and helping people find potential relatives.  

Hackers were able to access highly sensitive and personal genetic information including details on users’ ancestry, ethnicity, and health status. After learning of the breach, many users who fall into specific ethnic groups were worried they could be compiled into a “hit list” that could be sold to individuals looking to cause harm. In fact, a lawsuit was filed in California due to this very cause.  

In a surprising response, 23andMe seemingly pointed blame at users for recycling passwords or failing to update them regularly. A spokesperson claimed that the incident wasn’t due to 23andMe’s failure to maintain reasonable security measures, but on the users themselves. Furthermore, the company only publicly acknowledged the attack after a user posted about the data on a 23andMe subreddit. 

This incident sparked conversation on the responsibility and responses of corporations in the event of a cyber attack. 

The Latest Cyber Attack on Lush – and the Company’s Silence

In early January, popular cosmetics company Lush confirmed it had experienced a cyber incident – but didn’t say much else. Later that month, the retailer revealed it to be a ransomware attack, which resulted in the firm temporarily shutting down a number of internal systems across the UK and Ireland. 

During ransomware attacks, hackers work to encrypt the victim’s data and demand payment to unlock it. As a first response, businesses often shut down their systems to prevent total encryption and restore compromised endpoints using backups. 

While details of this recent cyber attack still remain scarce, the company’s resistance to disclose any information has only added to the debate surrounding the responsibility and transparency of corporate responses to cyber threats. 

As ransomware continues to be a common threat vector, it’s important to know what your business can do to prevent a ransomware attack. You can learn ways to avoid it in this blog. 

The Scariest Threat Landscape Yet

These latest cyber attack headlines highlight how businesses are operating in the most complex (and creepy) threat landscape yet. With deepfake and AI blurring the lines between what’s real and what’s not, cybersecurity strategies simply must become more robust. 

We’re seeing bigger breaches than ever and increasingly sophisticated approaches, so it’s important to work with an IT partner with the skills and expertise to keep your business safe. 

Work with a Trusted Cybersecurity Partner

The 848 Group has a dedicated Cybersecurity Practice with a diverse team of IT experts and solutions to improve cyber awareness, secure your critical infrastructure, and eliminate cyber risk. Our cybersecurity services structure aligns with the globally recognised National Institute of Standards and Technology (NIST) Cybersecurity Framework. This ensures we abide by the leading standards, best practices to effectively understand, assess, manage, and prioritise cybersecurity risks. 

Don’t become the latest cyber attack victim – book a security assessment with our team to build a better security posture today.