Top 10 cyber crime stories of 2024

1. British Library ransomware attack could cost up to £7m

The effects of the British Library ransomware attack at the end of 2023 continued to be felt into 2024 as the venerable institution continued to struggle to bring its crippled systems back online.

In January 2024, it emerged that the scale of the ransomware attack was so immense and its effects so devastating, it could end up costing the British Library up to £7m, dwarfing the £650,000 ransom demand.

Later in the year, in a remarkable display of transparency, the British Library’s leadership published a detailed breakdown of their experience at the hands of the Rhysida ransomware crew, to help others learn and understand.

2. SolarWinds hackers attack Microsoft in apparent recon mission

Also in January, Cozy Bear, the Russia-backed hacking outfit behind the SolarWinds Sunburst incident, was back in action, breaking into Microsoft’s systems with a brute force, password spraying attack and from there accessing corporate accounts belonging to leadership and security employees.

Microsoft is one of a number of suppliers that finds itself at the receiving end of such intrusions, thanks in part to its global reach and scale, and its in-depth relationships with Western governments, and has faced tough questions over its security posture in recent years as a result.

3. LockBit locked out in NCA-led takedown

One of the biggest stories of the year unfolded dramatically on a dull February day, when the infamous LockBit ransomware gang was taken down and its infrastructure hacked and compromised in Operation Cronos, led by the UK’s National Crime Agency (NCA).

In the immediate aftermath of the takedown, Computer Weekly took the temperature of the security community, finding upbeat sentiment, but also tempered by the knowledge that one swallow does not make a summer.

Throughout the year, the NCA has been sharing a trove of information it gathered during the exercise, as well as taking time to mock and troll LockBit’s leader, since named as Dmitry Khoroshev, who at one time boasted of his luxury lifestyle as he toyed with law enforcement.

4. Mandiant formally pins Sandworm cyber attacks on APT44 group

In April, threat intel leaders Mandiant formally “upgraded” the malicious activity cluster known as Sandworm to a full-blown, standalone advanced persistent threat (APT) actor to be tracked as APT44 – other companies have different taxonomies, Mandiant’s is alphanumeric.

APT44 is run out of Russia’s Main Intelligence Directorate (GRU) within Unit 74455 of the Main Centre for Special Technologies (GTsST) and is described as one of the most brazen threat actors around.

Although it confines its activities to those in service of the Russian state rather than financially motivated criminality, the links between cyber crime and cyber espionage continued to blur during 2024, with some nation state APTs even acting as initial access brokers (IABs) for ransomware gangs.

5. NHS services at major London hospitals disrupted by cyber attack

In early June, a major cyber attack on Synnovis, a pathology lab services provider that works with Guys and St Thomas’ and King’s College hospitals in London, as well as other NHS sites in the nation’s capital, was laid low by a Qilin ransomware attack.

This intrusion resulted in a major incident being declared in the NHS, with patient appointments and surgeries cancelled, and blood supplies running dangerously low. The ramifications of this truly callous cyber attack are still being felt six months on.

6. UK Cyber Bill teases mandatory ransomware reporting

All eyes were on Westminster in July for the first King’s Speech held under a Labour government in over a decade, and for the security community there was plenty to pick over as Keir Starmer’s administration proposed implementing compulsory cyber incident reporting – including ransomware – for operators of critical national infrastructure (CNI), in a new Cyber Security and Resilience Bill.

According to the government, the law will expand the remit of existing regulation and give regulators a more solid footing when it comes to protecting digital services and supply chains, and improve reporting requirements to help build a better picture of cyber threats.The Bill will likely be introduced to Parliament in 2025.

7. NCSC and allies call out Russia’s Unit 29155 over cyber warfare

In September, the UK and its Five Eyes allies joined forces with European Union (EU) and Ukrainian cyber authorities to highlight a dastardly campaign of cyber espionage conducted by Unit 29155, another Russian APT. 

Unit 29155 targets victims to collect information for espionage purposes, sabotages websites and daily operational capabilities, and tries to cause reputational damages by selectively leaking important data. It has conducted thousands of exercises across Nato and the EU with a notable focus on CNI, government, financial services, transport, energy and healthcare.

It is also particularly notable for its involvement in the Whispergate campaign of destructive malware attacks against Ukraine in advance of the 2022 invasion.

8. Money transfer firm MoneyGram rushes to contain cyber attack

US-based financial services and money transfer outfit MoneyGram was another high-profile cyber attack victim to emerge in 2024, with its systems taken down in an apparent ransomware attack in September 2024.

Moneygram’s customers in the UK include the Post Office, which cancelled its contract with the beleaguered supplier shortly thereafter with immediate effect – apologising to its subpostmasters for giving them barely 24 hours’ notice of this.

It has since emerged that MoneyGram customer data was stolen in the attack, which most likely began through a social engineering attack on its IT helpdesk.

9. Brit charged in US over Scattered Spider cyber attacks

Proving that social engineering, unfortunately, works, a British national now named as 22 year-old Tyler Robert Buchanan was charged in the US in November 2024 with offences relating to the Scattered Spider cyber attacks.

A year previously, Scattered Spider hit multiple companies, including high-profile Las Vegas casino operators, and many others, via audacious social engineering attacks that often targeted helpdesks, frequently by exploiting Okta identity services.

The Scattered Spider gang was unusual in the current threat environment in that its core members were all US and UK-based, proving once and for all that not all cyber criminals have Russian accents. Buchanan faces over 40 years in prison in the US.

10. Shared digital gateway was source of three NHS ransomware attacks

It is a well-established fact that ransomware gangs have it in for healthcare providers such as the NHS but to this list of preferred victims we might now also add the people of Liverpool as at the end of the year a series of attacks on multiple hospitals on Merseyside made national headlines.

Such bodies control a wealth of extremely private and highly regulated data, and are often operating IT and security on shoestring budgets with legacy technology – what red-blooded felon could pass up such an opportunity?

Among the victims was the nationally famous Alder Hey Children’s Hospital, which alongside two other area hospitals found itself hacked through a shared digital gateway service. This was likely a result of the exploitation of the Citrix Bleed vulnerabilities known about for over 12 months, demonstrating that prompt patching really is the best medicine.