Phishing simulation Awareness training Data breach detection About Blog Resources Pricing Contact
Get started Log in

Looking back at cyberattacks in 2024

The year 2024 has seen a dramatic escalation in cyberattacks across Europe, affecting industries, governments, and everyday citizens.

18-12-2024 - 11 minute read. Posted in: case.

Looking back at cyberattacks in 2024

The year 2024 has seen a dramatic escalation in cyberattacks across Europe, affecting industries, governments, and everyday citizens. The digital landscape has become a battleground where cybercriminals, hacktivists, and state-sponsored actors exploit vulnerabilities to achieve their goals. From crippling ransomware attacks to sophisticated data breaches, no sector has remained untouched.

According to ENISA’s Threat Landscape 2024 report, the past year has set new benchmarks in both the number and severity of cyber incidents across the EU. Geopolitical tensions have fueled an increase in targeted attacks, with ransomware and DDoS attacks emerging as the two most frequent threats, impacting critical infrastructure, public services, and private organizations alike​​. This blog post delves into some of the most notable cyberattacks that shook Europe in 2024, exploring the methods used by threat actors, the consequences of these incidents, and the steps being taken to bolster cybersecurity in the face of an ever-evolving threat landscape.

Ransomware attack on Boeing: A $200 million extortion attempt

In 2024, Boeing, one of the world’s largest aerospace manufacturers, fell victim to a sophisticated ransomware attack that caught global attention. The LockBit ransomware group, infamous for targeting major organizations, claimed responsibility for the incident and allegedly demanded $200 million to avoid leaking sensitive company data stolen during the breach. The attack relied on ransomware, a form of malware that locks and encrypts a victim's data, making it inaccessible until a ransom is paid. In Boeing’s case, LockBit claimed to have gained unauthorized access to critical information, including data about aircraft production, company contracts, and potentially even details tied to national security projects.

Impact of the attack

While Boeing was able to contain the attack and avoid major disruptions to its operations, the incident highlighted the serious risks posed by ransomware. The potential exposure of proprietary and sensitive data could have far-reaching consequences, including damage to Boeing's competitive advantage and its collaborations with key partners like the U.S. Department of Defense. Beyond the direct impact, the attack also shed light on vulnerabilities in supply chain security. Cybercriminals often exploit weaknesses in third-party vendors or service providers as entry points to infiltrate large organizations. This trend continues to be a significant challenge for companies operating within complex global networks, like Boeing.

Although Boeing refused to pay the $200 million ransom, the attack still resulted in considerable costs. These included expenses related to incident response, system recovery, and legal consultations, as well as investments in improving cybersecurity systems to prevent future breaches. Additionally, incidents like this can leave lasting damage to a company’s reputation and trust with clients and stakeholders.

LockBit, the group behind the attack, operates under a Ransomware-as-a-Service (RaaS) model. This approach allows affiliates to use LockBit’s ransomware tools to carry out attacks, sharing a portion of the profits with the group. This decentralized structure has made LockBit one of the most dangerous players in the cybercrime landscape, capable of launching large-scale attacks on organizations across the globe. The Boeing ransomware incident serves as a stark reminder of how sophisticated cyberattacks have become and how crucial it is for organizations to stay ahead of evolving threats.

Cyberattack on the UK Ministry of Defence: A breach of sensitive data

In May 2024, the United Kingdom’s Ministry of Defence (MoD) was hit by a major cyberattack that compromised sensitive information belonging to military personnel. The incident raised serious concerns about national security and the ability to protect critical government data, sparking widespread alarm. The attackers targeted the MoD’s payroll system, gaining unauthorized access to personal and financial details of both current and former members of the armed forces. Early investigations have pointed to the involvement of state-sponsored actors, with suspicions focusing on China due to its history of cyber espionage. However, conclusive evidence and formal attribution are still being investigated.

Impact of attack

The breach had a wide-reaching impact, affecting approximately 272,000 individuals. The exposed information included names, bank account details, and addresses—highly sensitive data that can easily be exploited. For those impacted, the risks were immediate and significant. There’s an increased likelihood of identity theft and financial fraud, leaving individuals vulnerable to misuse of their personal data. On a larger scale, the breach introduced operational security risks; adversaries could exploit the leaked information for espionage, blackmail, or coercion, posing a direct threat to national security. The fallout didn’t stop there. The incident also led to an erosion of trust in the government’s ability to protect sensitive information, particularly among military personnel who rely on these systems. It has also affected morale within the armed forces and public confidence in government cybersecurity measures.

While the MoD has not disclosed the exact financial impact, the economic consequences are undeniable. Significant resources are now being directed toward:

  • Incident response costs, including investigations, risk assessments, and system repairs.
  • Legal and regulatory penalties for potential failures to comply with data protection laws.
  • Long-term security upgrades to strengthen defenses and reduce the risk of future breaches.

The attack has drawn attention to the increasing sophistication of state-sponsored cyber espionage, with China often cited as a primary actor in such cases. While China’s cyber capabilities have previously been linked to espionage targeting sectors like defense, assigning blame officially remains a complex and ongoing process. This incident highlights the vulnerability of even the most critical government systems and underscores the urgent need for stronger cybersecurity defenses to protect sensitive national infrastructure from future threats.

Cyberattack on Transport for London: Exposure of customer data

In September 2024, Transport for London (TfL) experienced a cyberattack that exposed sensitive customer information, affecting approximately 5,000 individuals. The breach targeted financial and personal data, including bank account numbers, sort codes, and contact details, raising serious concerns about customer security. The attackers focused on TfL’s systems handling Oyster refund data, which contained both personal and financial details. As a precautionary measure, TfL temporarily suspended services like applications for Oyster photocards and Zip cards to prevent further unauthorized access.

Impact of attack

The breach had an immediate impact on affected customers, leaving them vulnerable to identity theft and financial fraud. Beyond the direct risks to individuals, the suspension of services caused significant inconvenience for many Londoners who rely on public transportation daily. While TfL has not revealed the financial cost of the attack, the organization likely faced expenses related to incident response, including investigations, system recovery, and security upgrades. Potential legal liabilities and compliance reviews may also add to the economic impact. Furthermore, the incident posed a serious reputational risk. Breaches like this can weaken public trust and confidence, potentially affecting customer loyalty and future revenue. Interestingly, the attack was traced back to an individual rather than an organized cybercriminal group. The National Crime Agency arrested a 17-year-old suspect in connection with the breach, underscoring how advanced hacking tools and techniques are increasingly accessible to individuals with limited resources.

The TfL incident highlights the importance of continuously improving cybersecurity measures, even for critical public service providers. It also serves as a reminder that cyberattacks can come from unexpected sources and cause wide-reaching disruption.

Ticketmaster data breach: Compromise of over 500 million customer records

In May 2024, Ticketmaster, one of the world’s largest ticketing platforms, suffered a massive data breach that exposed the personal information of over 500 million customers. The hacker group ShinyHunters claimed responsibility for the attack, offering 1.3 terabytes of stolen data for $500,000 on the dark web. The breach occurred through unauthorized access to a third-party cloud database hosted by Snowflake Inc., a well-known cloud-based data warehousing company. ShinyHunters exploited vulnerabilities in the system to gain access, highlighting the risks associated with third-party cloud services, which are often trusted to secure sensitive data.

Impact of attack

The exposed data included full names, addresses, phone numbers, email addresses, and partial payment details of millions of Ticketmaster customers. This level of detail significantly increased the risk of identity theft and financial fraud for those affected. While Ticketmaster has not revealed the exact financial impact of the breach, the costs are expected to be substantial. These likely include:

  • Incident response and investigation to assess the damage and secure systems.
  • Legal and regulatory fines for failing to comply with data protection laws.
  • Customer compensation, such as providing credit monitoring and handling customer concerns.

In addition to these expenses, the breach has likely caused reputational damage, weakening customer trust and potentially impacting Ticketmaster’s future revenue. The group behind the attack, ShinyHunters, has a long history of targeting large corporations and selling stolen data on dark web forums. Known for their previous breaches of companies like Microsoft and Unacademy, ShinyHunters have solidified their reputation as a major player in the cybercrime landscape.

The Ticketmaster incident underscores the growing risks of relying on third-party cloud services and serves as a stark reminder of how vulnerable even the largest organizations can be to well-coordinated cyberattacks.

Cyberattack on French ISP Free: Compromise of customer data

In October 2024, Free, France's second-largest internet service provider (ISP), experienced a cyberattack that exposed sensitive customer information. The incident came to public attention when a hacker attempted to sell the stolen data on a cybercrime forum. The attack targeted an internal management tool within Free's systems, allowing the hackers to gain unauthorized access to customer data. Fortunately, the company confirmed that sensitive financial information—such as bank details, passwords, and communication content like emails, SMS, and voice messages was not compromised.

The hacker, operating under the alias “drussellx”, claimed to have obtained two databases containing information on more than 19 million customer accounts. The stolen data reportedly included names, telephone numbers, email and postal addresses, and dates of birth. While Free has not confirmed the exact number of affected customers, the scale of the breach has raised significant concerns.

Impact of attack

Although the company has not disclosed specific financial losses, the breach likely resulted in considerable costs. These include expenses for incident response and system recovery, security upgrades, and legal consultations, as well as the possibility of regulatory fines for failing to protect customer data. Additionally, the incident could have a long-term impact on customer trust and future revenue, as breaches of this size often erode confidence in a company’s ability to safeguard personal information. The identity of the attackers remains unknown. However, the hacker behind the breach posted the stolen data for auction on a dark web forum, further emphasizing the growing market for stolen personal information.

The Free cyberattack serves as a reminder of the critical importance of securing internal systems and ensuring robust protections against unauthorized access. It highlights how even well-established companies can become targets, with widespread consequences for both customers and the business itself.

The rising cyber threat across Europe in 2024

The ENISA Threat Landscape 2024 report paints a concerning picture of the cybersecurity challenges faced by Europe. Over the past year, the frequency and severity of cyberattacks have escalated, fueled by geopolitical tensions and the rapid evolution of cybercriminal tactics. From ransomware and DDoS to threats against data, the report highlights seven prime cyber threats that dominate the European landscape, with ransomware and threats against availability (DDoS) accounting for over half of all reported incidents.

Escalation of cyber threats

In 2024, ENISA documented over 11,000 incidents across the EU, with 322 involving multiple member states. These incidents highlight the region’s vulnerability to cyberattacks, particularly in public administration (19%), transport (11%), and finance (9%) sectors. The proliferation of DDoS attacks, in particular, targeted public administration (33%) and transport sectors (21%), causing significant disruptions. Ransomware attacks also continued to devastate businesses, with the manufacturing and business services sectors being among the hardest hit. In these cases, attackers demanded exorbitant ransoms and employed multi-extortion tactics, threatening data publication in addition to operational disruption.

  • Hacktivism on the Rise: Motivated by political and social ideologies, hacktivist activity surged in 2024, often overlapping with state-sponsored operations.
  • Supply Chain Vulnerabilities: Sophisticated attacks on open-source projects and software supply chains exposed critical weaknesses, with incidents like the exploitation of XZ Utils showcasing how attackers infiltrate widely used tools.
  • AI in Cybercrime: Cybercriminals increasingly utilized AI tools like FraudGPT to craft sophisticated phishing campaigns and generate malicious code.

Make your employees your strongest cybersecurity defense with Moxso

At Moxso, we understand that the human factor is often the weakest link in cybersecurity – but it can also be the strongest. That’s why we’ve developed a platform designed to help organizations strengthen their employees’ digital security skills and adopt a proactive approach to cyber defense.

With Moxso, your organization can:

  • Prevent attacks through realistic phishing simulations: Tailored tests help employees recognize and avoid malicious emails before they become a problem.
  • Increase awareness with ongoing training: Short, effective awareness training modules keep employees updated on the latest threats and teach them how to protect themselves and the organization.

2024 has been a reminder that no one can stand alone in the fight against cyber threats. With Moxso as your partner, you can make your organization stronger, minimize the risk of human error, and foster a culture where cybersecurity is a priority. Together, we can prepare for the challenges of tomorrow.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

The future of whistleblowing
whistleblowing

The future of whistleblowing

As with so much of our working lives, whistleblowing is also affected by evolving technology. Read on to learn about the future of whistleblowing.

02-11-2023 · 6 min.
What is email spoofing?
phishing

What is email spoofing?

The essence of phishing emails is to make the recipient believe that they are sent from legitimate senders. This can be done through email spoofing.

23-05-2022 · 7 min.
Exposure management in cyber security
tips

Exposure management in cyber security

Exposure management is an important part of any company's cyber security. Here we take a look at what it is and how you can improve it.

26-06-2023 · 9 min.