- CrowdStrike IT outage: A flawed software update in July disrupted 8.5 million devices globally, with financial losses reaching $5.4 billion. Recovery efforts required manual intervention despite a rapid fix by the cybersecurity firm.
- Change Healthcare ransomware attack: In February, a ransomware attack affected over 100 million individuals in the US, paralyzing healthcare operations and leading to financial damages of $4.457 billion.
- CDK global attack: Automotive software provider CDK Global faced a ransomware breach in June, impacting nearly 15,000 dealerships across North America. Recovery was complicated by a subsequent attack.
- Israel-Hamas cyber conflict: Amid the ongoing conflict, cyber incidents involving kinetic attacks caused casualties and injuries across the region, highlighting the intersection of physical and digital warfare.
- OpenSSH vulnerability: A zero-day exploit in July exposed over seven million instances of OpenSSH servers, emphasizing the critical need for proactive software security measures.
- XZ Utils compromise: A critical vulnerability in an open-source library was discovered in March, averting a potential global supply chain attack. Investigations linked the breach to a long-term operation by an unidentified actor.
- Ivanti VPN breaches: Vulnerabilities in January and February exposed critical remote access systems, posing risks to enterprise security and supply chains.
- Salt Typhoon espionage campaign: Chinese state-sponsored hackers targeted telecommunications infrastructure worldwide, compromising surveillance systems and raising concerns over supply chain resilience.
- Blue Yonder ransomware attack: A November breach disrupted retail and grocery supply chains in the US and UK, affecting operations during a peak shopping period.
- Snowflake data breach: A May attack on the cloud provider exposed customer data from industries including finance and retail, attributed to weak authentication practices in customer environments.
The report also discusses industry-wide risks, such as dependency on cloud providers, and highlights strategies for resilience. These include adopting multi-cloud frameworks, integrating edge computing, and implementing Endpoint Detection and Response (EDR) diversification.
