Beyond the Breach: Lessons Learned from 2024 Cyberattacks

In 2024, cyberattacks have shaken the digital landscape, exposing vulnerabilities and causing widespread data breaches. These events have reshaped cybersecurity practices, forcing organizations to reevaluate their cyber risk management strategies and invest in robust cyber insurance policies.

The evolving threat landscape has made cyber risk assessment more crucial than ever as businesses grapple with sophisticated ransomware, malware, and phishing attacks.

Incident Response: Lessons from Major Breaches

There has been a notable increase in cyber assaults in 2024, which have revealed weaknesses and resulted in extensive data breaches in numerous industries.

*As of October 2024, a completed record of cyber assaults in Canada throughout the year has not yet been made available.

Cyber assaults are typically documented and scrutinized over time, and the complete ramifications of certain incidents may not be immediately apparent. However, considering patterns and documented incidents, it is reasonable to anticipate that various forms of attacks will likely be widespread in 2024.

Ransomware:

Cybercriminals specializing in ransomware often direct their attacks toward critical infrastructure, healthcare institutions, and businesses intending to extort financial benefits.

Regrettably, as outlined in the Gen Q2/2024 Threat Report, the menace posed by ransomware shows no signs of diminishing; on the contrary, it is escalating.

Real-world examples of ransomware from 2024

London Drugs, a retail company, recently faced a cyberattack in April 2024, during which hackers stole files from its corporate headquarters. According to the Financial Post, London Drugs was targeted with a ransom demand of $25 million, and a deadline for payment was set for Thursday, May 2nd. In response to the breach, the company refused to pay the ransom demanded by the cybercriminals.

However, since the attack, the hackers have released some of the stolen data. London Drugs expressed deep concern over this distressing situation and acknowledged that the compromised files may contain employee information.

This revelation came after Brett Callow, a threat analyst with Emsisoft, an anti-virus software company, posted on social media that the hacking group known as LockBit claimed responsibility for the attack and released what it claimed was the London Drug’s company data. The attack resulted in the closure of all 79 London Drugs stores for over a week.

Data breaches:

Data breaches remain a lucrative target for cybercriminals, who seek to obtain sensitive personal and corporate information. Such breaches have severe consequences, including identity theft, financial fraud, and damage to reputation. Data that is highly sought after by fraudsters globally include:

Employee login credentials
Customer credit card
Social Insurance Numbers
Bank account numbers

Real-world examples of data breaches from 2024

In 2024, there was a significant incident of data breach involving Patelco Credit Union. This particular breach occurred in June and resulted in unauthorized access to sensitive customer information. The compromised data included personal details such as names, addresses, Social Insurance numbers, and financial information.

The attackers responsible for this breach are believed to be connected to the BlackSuit ransomware group. They managed to gain entry into Patelco’s systems and encrypt the data.

The Patelco Credit Union recently disclosed in an updated public filing that the personal data of over one million individuals, including current and former members and employees, was compromised.

Number of police-reported instances of internet fraud in Canada from 2014 to 2023

Details: Canada; StatCan; 2014 to 2023; Criminal harassment

Phishing and social engineering:

These tactics involve deceiving individuals into clicking on harmful links or divulging personal information. These attacks can be utilized to distribute malware or obtain unauthorized entry into computer systems.

It is important to note that phishing attacks may even masquerade as communications from various types of organizations, including your own internal workplace or even non-profit charities. Attackers often take advantage of current events and certain times of the year, such as

Natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
Epidemics and health scares (e.g., H1N1, COVID-19)
Economic concerns (e.g., tax scams)
Major political elections
Holidays

The Past, Present, and Future of Phishing and Social Engineering

Real-world examples of phishing from 2024

According to a recent survey conducted by Interac Corp., a payment processing company, government impersonation is a prevalent financial scam affecting individuals across Canada. The survey revealed that 42% of the respondents reported encountering scammers who pretended to be representatives of official government institutions.

Phishing scams followed closely behind at 41%, while fake banking, credit card, and online account scams accounted for 33 % of reported incidents.

Rachel Jolicoeur, the director of cyber market intelligence and financial crimes at Interac, emphasized the professionalism and opportunistic nature of these criminals.

There’s always a call to action and a sense of urgency,” she said of how scammers operate.

“As soon as you get that feeling, just stop and pause on that to scrutinize.

The Interac survey, which collected responses from 1,202 individuals online between September 28th and October 6th, revealed that 53% of the respondents believe being targeted by financial scams is a common occurrence in Canada.

Furthermore, 40% of individuals have expressed worry about falling victim to scams. In recent months, the Canadian government has issued multiple alerts to caution citizens about the prevalence of fraudulent activities.

Data Breaches Report from 2024

On average, Canadian organizations pay around CA $6.32 million per data breach, as reported in the annual Cost of a Data Breach Report. According to a new report by IBM, the hardest-hit industries in Canada in terms of costly data breaches in 2024 are the financial services sector (CA$9.28 million) and technology companies (CA $7.84 million).

Interestingly, the average cost of data breaches has decreased compared to the previous year’s, when the average was recorded at CA $6.9 million in 2023. Additionally, Canada has dropped from the third position globally for the costliest data breaches to the sixth position.

This reduction in breach costs can be attributed in part to 61% of Canadian companies’ adoption of security AI and automation to prevent such incidents. According to a study conducted by IBM, companies that heavily incorporate artificial intelligence (AI) and automation into their security operations experienced breach lifecycles that were 54 days shorter than those organizations that did not utilize these technologies.

“Canadian organizations that invest in AI and automation will be better equipped to detect and recover from breaches, reducing the significant costs associated with these events,” said Daina Proctor, IBM Canada’s security service line delivery leader.

The findings of this report underscore the business imperative for companies to integrate AI and automation into their cybersecurity programs to reduce both the financial impact and business disruption of cyber breaches.

Evolution of Ransomware Tactics

Ransomware attacks have increased substantially in frequency and severity. In 2023, ransomware payments surpassed the CA 1.39 billion mark, setting a new record.

This surge represents a 13% rise in ransomware attacks over the past five years, with an average cost of CA 2.57 million per incident in 2023. The escalation in attack volume is evident, as organizations worldwide detected nearly half a billion ransomware attacks in 2022.

The Gen Threat Report, formerly known as the Avast Threat Report, has revealed a 100% increase in ransomware activity for the US, UK, and Canada; 66% in Australia; and a whopping 379% in India.” – Nyrmah J. Reina

The severity of these attacks has also intensified. The average downtime a company experiences after a ransomware attack is now 24 days, causing significant disruptions to business operations. Moreover, the financial demands have reached unprecedented levels, with the highest ransomware payment demand ever recorded being CA 97.16 million.

Negotiation strategies and outcomes

As ransomware attacks have become more sophisticated, so too have the negotiation strategies employed by both attackers and victims. Cybercriminals have become more strategic in setting ransom expectations, often basing their demands on open-source information about the target organization’s revenue or cyber insurance coverage.

Ransomware negotiators play a crucial role in managing these high-stakes situations. They engage with threat groups on behalf of the affected organization, attempting to lower ransom demands and buy time for the victim. However, some ransomware authors have threatened to delete decryption keys if professional negotiators intervene, adding another layer of complexity to the process.

The outcomes of these negotiations vary widely. A survey of 1,263 companies found that 80% of victims who submitted a ransom payment experienced another attack soon after, and 46 % regained access to their data, but most of it was corrupted.

Emerging Threats: AI and Deepfakes

Growth of AI-assisted attacks

The rapid adoption of artificial intelligence (AI) has introduced complex cybersecurity risks that traditional practices may not sufficiently address. From January to February 2023 alone, researchers observed a 135% increase in ‘novel social engineering attacks,’ corresponding to the widespread adoption of ChatGPT. This surge highlights the growing threat of AI-assisted cyberattacks.

Malicious actors are now using AI to launch targeted cyberattacks and exploit vulnerabilities at speeds, scales, and levels of precision previously unattainable by human hackers. AI empowers attackers to create malware that transforms to evade detection, craft highly compelling phishing exploits, and automate advanced attacks.

One of the most significant concerns is using AI in social engineering attacks.

Cybercriminals can now leverage AI language models to study a target’s entire email history and communication patterns, crafting perfectly authentic-sounding phishing messages. This capability allows them to build trust quickly and increase the likelihood of successful exploitation.

Can you spot the deepfake? How AI is threatening elections

Deepfake risks for businesses

Deepfakes – synthetic, AI-generated media designed to manipulate or replace existing video, image, or audio content with a fabricated version – pose a significant threat to businesses and individuals alike. These AI-generated fakes can have serious consequences, such as influencing political decisions or causing public panic.

The low barrier to entry for creating deepfakes exacerbates the problem. Widely available tools and accessible AI technologies make it easy for malicious actors to produce convincing fake content. This accessibility has increased reputational attacks, revenge plots, and fraudulent activities targeting businesses and public figures.

Deepfakes can be used to undermine brand reputation, impersonate leaders and financial officers, and compromise vital data and systems. For example, a fake but realistic-looking video of a CEO making inappropriate comments or contradictory statements can severely damage a brand’s image and lead to significant reputation loss.

Key Lesson Learned

These case studies demonstrate the diverse nature of cyber threats and the wide-ranging impacts they can have on organizations across different sectors. Adopting generative AI models, third-party applications, and IoT devices is expanding the attack surface, putting pressure on security teams. This underscores the need for comprehensive cyber risk management strategies that address these evolving threats. They also reveal common themes in terms of vulnerabilities and response strategies.

One key lesson learned from these incidents is the importance of rapid detection and response. Organizations that applied AI and automation to security prevention saw a significant reduction in breach costs, saving an average CA $2.84 million compared to those that didn’t deploy these technologies.

As organizations continue to learn from these incidents, it’s clear that a proactive approach to cybersecurity is essential. This includes regular cyber risk assessments, implementing advanced threat detection systems, and developing comprehensive incident response plans.

HWI branded lined breaker of yellow and blue

Thanks for reading our article; I hope you enjoyed this month’s topic on cyber attack insights for 2024. Here are some more ways to access more insurance information and tips: