- CrowdStrike IT outage: A flawed software update in July disrupted 8.5 million gadgets globally, with monetary losses reaching $5.4 billion. Restoration efforts required guide intervention regardless of a fast repair by the cybersecurity agency.
- Change Healthcare ransomware assault: In February, a ransomware assault affected over 100 million people within the US, paralyzing healthcare operations and resulting in monetary damages of $4.457 billion.
- CDK international assault: Automotive software program supplier CDK International confronted a ransomware breach in June, impacting practically 15,000 dealerships throughout North America. Restoration was sophisticated by a subsequent assault.
- Israel-Hamas cyber battle: Amid the continuing battle, cyber incidents involving kinetic assaults brought about casualties and accidents throughout the area, highlighting the intersection of bodily and digital warfare.
- OpenSSH vulnerability: A zero-day exploit in July uncovered over seven million situations of OpenSSH servers, emphasizing the vital want for proactive software program safety measures.
- XZ Utils compromise: A vital vulnerability in an open-source library was found in March, averting a possible international provide chain assault. Investigations linked the breach to a long-term operation by an unidentified actor.
- Ivanti VPN breaches: Vulnerabilities in January and February uncovered vital distant entry techniques, posing dangers to enterprise safety and provide chains.
- Salt Hurricane espionage marketing campaign: Chinese language state-sponsored hackers focused telecommunications infrastructure worldwide, compromising surveillance techniques and elevating considerations over provide chain resilience.
- Blue Yonder ransomware assault: A November breach disrupted retail and grocery provide chains within the US and UK, affecting operations throughout a peak buying interval.
- Snowflake knowledge breach: A Could assault on the cloud supplier uncovered buyer knowledge from industries together with finance and retail, attributed to weak authentication practices in buyer environments.
The report additionally discusses industry-wide dangers, comparable to dependency on cloud suppliers, and highlights methods for resilience. These embody adopting multi-cloud frameworks, integrating edge computing, and implementing Endpoint Detection and Response (EDR) diversification.
