The 10 worst software disasters of 2024: cyberattacks, malicious AI, and silent threats

While attacks by cybercriminals get a lot of attention, there are also silent threats that can result in huge software disasters, affecting the lives of billions. The most common are misconfigurations. A report by Breachlock showed that the top five security misconfigurations were more prevalent in 2024 compared to 2023. For example, 5% more cases were seen of organizations not enabling multi-factor authentication (MFA) for all users, and database instances with public access increased by 3%.

We’ll take a look at some of the biggest software catastrophes of 2024 and raise a call to action to improve software resilience in the year to come.

Biggest cyberattacks on software in 2024

Here are some of the most significant cyberattacks that made headlines this year and impacted critical software applications:

January—UnitedHealth Group: A ransomware attack on Change Healthcare, a subsidiary of UnitedHealth Group, disrupted prescription processing nationwide. The attack, attributed to the BlackCat ransomware group, was initiated on February 21st, and impacted over 100 hospitals, and tens of thousands of patients. It may turn out to be the most significant healthcare breach of all time.

May—City of Wichita: The city of Wichita, Kansas, reported a ransomware incident on May 5th, which is attributed to the LockBit ransomware group. The attack affected several systems of the city, including the city network and the ability to process payments. It also exposed sensitive data of citizens, including police reports, with the Lockbit group posting 600,000 files on the dark web.

June—Ticketmaster and Santander Bank: Ticketmaster suffered a data breach of 560 million users, including names, addresses, emails, phone numbers, ticket sales and event details, and partial credit card information. The ShinyHunters hacking group claimed the attack on the dark web. They demanded $500,000 to prevent the data from being sold to other parties. Shortly after, the same group hacked Santander bank, releasing details of 30 million bank accounts and credit card numbers, as well as HR information of the bank's employees.

October—Dutch Police Data Exposed in Cyber Espionage Attack: The Dutch Police network suffered a data breach in October, with a suspected foreign state actor gaining access to the work-related contact details of approximately 34,000 police officers. This act of cyber espionage raised significant security concerns and highlighted the growing trend of nation-states targeting law enforcement agencies.

November—Cyberattack Sours Krispy Kreme's "Day of the Dozens": A November cyberattack disrupted Krispy Kreme's online ordering systems just before its popular "Day of the Dozens" promotion, impacting potentially hundreds of thousands of customers who rely on their app and online ordering. While no customer data was compromised, the incident caused significant financial losses and customer dissatisfaction.

AI in the wrong hands

One of the most alarming trends of 2024 is the rise of AI-powered cyberattacks. Multiple studies show an exponential increase in the number of attacks making use of AI technology, in particular generative AI, indicating a major shift in the threat landscape.

Perhaps the most prominent example occurred in September 2024, when Amazon reported a dramatic increase in cyber threats, detecting nearly 1 billion possible incidents daily, up from 100 million earlier in the year. This surge was attributed to attackers using AI to conduct larger-scale and more sophisticated attacks. Amazon fought back by integrating AI into its threat-intelligence systems, improving its ability to monitor and respond to malicious activity across numerous IP addresses.

The silent threat: catastrophic misconfigurations in 2024

While sophisticated cyberattacks grab headlines, there's a more insidious threat lurking in the shadows: misconfigurations. These happen when operators make errors in the way systems are set up or managed, inadvertently causing software failures or security vulnerabilities. In 2024, we've seen a disturbing number of incidents where even security-focused organizations have fallen victim to this silent threat.

January—CrowdStrike & Microsoft: Security giant CrowdStrike and tech behemoth Microsoft were impacted by a misconfiguration issue. Roughly 8.5 million systems crashed and were unable to restart, probably the biggest outage in the history of IT. This highlights how interconnected systems can create cascading risks. The incident involved an exposed API key, demonstrating that even the most robust security posture can be undermined by a simple oversight.

February—Google Firebase: A widespread misconfiguration in Google Firebase, a popular platform that provides back-end services for software applications, exposed a staggering 19.8 million secrets, including API keys, database credentials, and other sensitive data. This incident underscored the potential risks associated with cloud services and the importance of proper configuration management.

April—OWASP: In a particularly ironic twist, the Open Web Application Security Project (OWASP), a leading authority on web security, suffered a data breach due to a misconfigured wiki server. The incident exposed membership data from years past, proving that even the experts are not immune to human error.

June—Oracle NetSuite: Misconfigured eCommerce sites powered by Oracle NetSuite put customer data at risk. The issue stemmed from improper access controls, highlighting the widespread impact that misconfigurations can have on online businesses. These incidents are a stark reminder that even the most advanced security tools and technologies can be rendered useless if systems are not properly configured.

Conclusion: a call to action

The cybersecurity landscape of 2024 was complex and fraught with danger. The rise of AI-powered attacks, coupled with the persistent threat of misconfigurations, demands a fundamental shift in how we approach security. Organizations need to move beyond reactive measures and embrace a proactive, multi-faceted strategy that encompasses: Investing in AI-powered defenses: Just as attackers are using AI, so too must defenders. AI-powered security tools can help detect and respond to threats more effectively.

Prioritizing configuration management: Implementing robust configuration management practices is no longer optional; it's essential. Tools and processes that automate and enforce secure configurations are critical.

Embracing a culture of security awareness: Human error remains a significant factor in many security incidents. Continuous training and education are vital to fostering a security-conscious workforce.

By acknowledging the evolving nature of cyber threats, embracing new technologies, and prioritizing fundamental security practices, organizations can navigate this complex landscape and build a more secure digital future. As the saying goes, "The best defense is a good offense," and in the world of cybersecurity, that offense must be intelligent, adaptive, and leverage automation to enforce secure practices in all critical systems.

We've featured the best online cybersecurity course.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro