skip navigation
skip mega-menu

Even the Mighty Can Fall: The Top Five Cyber Incidents of 2024 So Far

Even the Mighty Can Fall: The Top Five Cyber Incidents of 2024 So Far

Ministry of Defence, Microsoft, and more!

As we approach the halfway point of 2024, we have already witnessed several significant cyber incidents that have had far-reaching impacts on major global organisations. These incidents have led to the likes of the MITRE, Microsoft and even the Ministry of Defence (MoD), having to answer uncomfortable questions as to how these incidents occurred.

In this blog, we highlight the top five cyber incidents of the year so far, examining what happened, who was affected, the fallout, and the broader implications for cyber security practices. Join us as we cover these major cyber incidents and explore the lessons we can learn from them.


Chinese State-Sponsored Cyber Attack Campaign

Hackers backed by China’s government spy agency have been accused by the US and UK of conducting a year-long cyber-attack campaign, targeting politicians, journalists, and businesses. The campaign, attributed to a Chinese state-sponsored hacking group, aimed to steal sensitive information, and disrupt critical infrastructure. These coordinated cyber attacks reveal the growing threat posed by nation-state actors and the need for international cooperation to combat hostile nation states or state backed cyber threats effectively. [source: The Guardian]

These attacks highlight that cyber threats don’t just originate from opportunistic cyber criminals, they also have the power of nation-states behind them. Organisations need to ensure they are regularly reviewing their cyber security posture to ensure that cyber defences are up to date and current best-practices are followed. A cyber security posture assessment can highlight the strengths of your organisation’s defences and also indicate where you should focus for improvement.


Ministry of Defence Data Breach

In a significant data breach reported earlier this month, personal information of an unknown number of serving and former UK military personnel was accessed through a payroll system used by the Ministry of Defence (MoD). The compromised data includes names, bank details, and, in some cases, personal addresses. The breach, which targeted a system managed by an external contractor, did not involve any operational MoD data. Immediate action was taken to take the system offline, and investigations are ongoing. Defence Secretary Grant Shapps is set to outline a response plan, which will include measures to protect affected individuals.

Whilst it has still not been revealed as to who is behind the attack, this incident highlights the importance of securing supply chains and systems managed by external contractors and demonstrates how easily vulnerable products can leave even the most mature organisations exposed to persistent threat actors.



10 Steps to Cyber Security: Supply Chain Security
Paul Crumpton, Partner Services Manager at IASME joins the 10 Steps to Cyber Security Video Series to deep dive into Supply Chain Security.


MITRE R&D Network Penetrated

In another unfortunate tale of supply chain security, MITRE disclosed a significant cyber-attack in April 2024, orchestrated by state-sponsored hackers that exploited zero-day vulnerabilities in Ivanti VPN software.

MITRE are a key player in R&D for US government projects and authors of the widely adopted MITRE ATT&CK framework . The attack, attributed to a Chinese cyber espionage group known as UNC5221, targeted MITRE’s NERVE (Networked Experimentation, Research, and Virtualization Environment) an unclassified network used for research and development.

The hackers leveraged vulnerabilities CVE-2023-46805 and CVE-2024-21887, deploying sophisticated malware such as BrickStorm and BeeFlush, and used compromised administrator credentials to create rogue virtual machines. 

This breach again underscores the critical importance of supply chain security, as vulnerabilities in third-party products can serve as entry points for significant cyber attacks. Organisations looking to prevent these types of attacks should have rigorous vulnerability management and ensure they are using supply chain risk assessments to determine the best third-parties to work with. 

Despite maintaining persistence and attempting lateral movement within the NERVE infrastructure, the attackers failed to access other resources. This highlights the importance of architecture and configuration as although the hackers got in, their movement within the network was restricted and therefore reduced the damage these cyber criminals could do.


Microsoft Azure Data Breach

According to an article posted by Spiceworks, Microsoft’s premier cloud service, Azure, suffered a data breach in February 2024 affecting hundreds of executive Azure accounts, raising concerns over the security of big cloud-based platforms. The breach revealed critical vulnerabilities in Microsoft’s security measures, similar to previous incidents.

The attackers exploited a zero-day vulnerability, CVE-2024-21410, in Microsoft Exchange servers, which allowed them to access and misuse Windows NT Lan Manager (NTLM) hashes to impersonate legitimate users. Up to 97,000 Exchange servers are vulnerable to this flaw, which has a severity rating of 9.1. Additionally, Microsoft disclosed two more zero-day vulnerabilities: CVE-2024-21412, a security feature bypass, and CVE-2024-21351, a SmartScreen bypass vulnerability. These issues affected Exchange server versions before the February 13th update.

The perpetrators are believed to be hacking groups from Nigeria and Russia using proxy services and phishing links embedded in documents, primarily targeting mid and senior-level executives. This attack, involving user impersonation, data extraction, and financial fraud, marks the first time such a breach has occurred on the Azure platform.

Microsoft has since implemented measures to mitigate the impact of the breach and enhance the security of its cloud services. This incident brought Microsoft back under fresh scrutiny as a similar incident occurred in 2023 where Chinese-backed hackers were able to access sensitive data stored within the Azure platform [source: NPR]

These two incidents underscore the importance of regular vulnerability scanning and patch management. Organisations looking to mitigate risks from outdated software and zero-day vulnerabilities should ensure they have a robust patch management process and conduct regular vulnerability scans across their infrastructure and applications to maintain the integrity of their estate.

With such a vast and evolving suite of customisable products and features, it can be hard to stay up to date with the most recent security recommendations for Microsoft 365. In a Microsoft 365 Security Assessment, CyberLab can help you ensure security in your day-to-day operations by reviewing your MS365 configuration against industry-standard benchmarks from the Centre for Internet Security (CIS).


Cyber Attacks on NHS Dumfries and Galloway

Digital transformation has revolutionised processes and information management, especially within the healthcare sector. However, with these advancements come significant cyber security challenges.

NHS Dumfries and Galloway faced significant disruptions due to a cyber attack targeting its systems. The attack, which occurred in early 2024, prompted concerns over the security of sensitive healthcare data and patient records.

While details about the nature and extent of the breach remain limited, the incident underscores the persistent threat posed by cyber attacks on critical infrastructure, particularly in the healthcare sector. 

Learn about the complexities of securing healthcare organisations amidst the evolving threat landscape and discover the strategies to mitigate risks in our Securing Healthcare Organisations blog.



In conclusion, the top five cyber attacks of 2024 so far serve as a stark reminder of the evolving threat landscape. By understanding these incidents and implementing a layered and strategic approach to cyber security, organisations can better protect their people, data, and customers.

Stay vigilant, continuously update your defences, and ensure your incident response plans are robust to safeguard against future cyber threats.


Book Your Free 30-Minute Consultation

Our expert consultants are here to take the stress away from cyber security.

Whether you have a pressing question or big plans that need another pair of eyes, discuss it in a free 30-minute session an expert consultant.

Speak with an expert >




Explore jobs at CyberLab

Cyber Security Account Executive

CyberLab is a specialist cyber security company that provides a wide range of security solutions and services. Your one-stop cyber security advisor, the CyberLab team is equipped with the right technology, knowledge, and expertise to help businesses of all sizes, including large public sector organisations.By leveraging world-class technology, decades of experience, and our vendor partnerships, we have helped to secure thousands of organisations across the UK. Our unique Detect, Protect, Support approach makes us the perfect partner to review and reinforce your cyber security defences.  "a great place to work a great place to be a customer"The CyberLab team are proud to help protect over 1000 of the UK’s blue-chip enterprise businesses, government departments, and household names.We have helped organisations of all shapes and sizes to improve their cyber security:"With continued support from CyberLab we are able to ensure our solutions are always fit for purpose.” - Andrew Chaplin, IT infrastructure, Spicerhaart “Having usedOur customers rate us as Excellent on TrustPilot CyberLab before in a previous Head of IT role, I had no hesitation in engaging them again to assist us with our security needs. Simply, I wouldn’t use them if they didn’t consistently deliver value.” - Head of IT, NHS Trust “CyberLab are always there to help. Being able to pick up the phone or email and have access to a dedicated account manager who is always there to assist provides excellent value for us." - Simon Hobdell, Technical Team Leader, Buckinghamshire Council  CyberLab, a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab ConsultingOur HistorySince the acquisition of Foursys in 2017, Chess has been on a journey to becoming a cyber security powerhouse. In 2021, 15 of the UK’s top Penetration Test experts joined the company through the acquisition of Armadillo Sec. In 2023, Chess acquired Cyberlab Consulting, a specialist cyber security consultancy that provides a range of compliance and managed security services, including a cyber security as a service (CSaaS) platform.In May 2023, Chess Cyber Security became independent from Chess ICT, bringing all of our cyber security operations under the CyberLab banner – a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab Consulting into one entity, providing a one-stop shop for all UK business Security needs.

CyberLab
Cyber Security Account Director

CyberLab is a specialist cyber security company that provides a wide range of security solutions and services. Your one-stop cyber security advisor, the CyberLab team is equipped with the right technology, knowledge, and expertise to help businesses of all sizes, including large public sector organisations.By leveraging world-class technology, decades of experience, and our vendor partnerships, we have helped to secure thousands of organisations across the UK. Our unique Detect, Protect, Support approach makes us the perfect partner to review and reinforce your cyber security defences.  "a great place to work a great place to be a customer"The CyberLab team are proud to help protect over 1000 of the UK’s blue-chip enterprise businesses, government departments, and household names.We have helped organisations of all shapes and sizes to improve their cyber security:"With continued support from CyberLab we are able to ensure our solutions are always fit for purpose.” - Andrew Chaplin, IT infrastructure, Spicerhaart “Having usedOur customers rate us as Excellent on TrustPilot CyberLab before in a previous Head of IT role, I had no hesitation in engaging them again to assist us with our security needs. Simply, I wouldn’t use them if they didn’t consistently deliver value.” - Head of IT, NHS Trust “CyberLab are always there to help. Being able to pick up the phone or email and have access to a dedicated account manager who is always there to assist provides excellent value for us." - Simon Hobdell, Technical Team Leader, Buckinghamshire Council  CyberLab, a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab ConsultingOur HistorySince the acquisition of Foursys in 2017, Chess has been on a journey to becoming a cyber security powerhouse. In 2021, 15 of the UK’s top Penetration Test experts joined the company through the acquisition of Armadillo Sec. In 2023, Chess acquired Cyberlab Consulting, a specialist cyber security consultancy that provides a range of compliance and managed security services, including a cyber security as a service (CSaaS) platform.In May 2023, Chess Cyber Security became independent from Chess ICT, bringing all of our cyber security operations under the CyberLab banner – a specialist cyber security company combining Chess Cyber Security, Armadillo Sec and Cyberlab Consulting into one entity, providing a one-stop shop for all UK business Security needs.

CyberLab

Subscribe to our newsletter

Sign up here