The biggest cyber attacks and vulnerabilities of April 2024
Insights and trends from recent cyber threats and vulnerabilities from April.
Arjun Pednekar
1st May 2024
Everyone—from countries to businesses to individuals—is constantly fighting against cyber threats. But even amidst all the challenges, there are signs of progress that show our ability to innovate and strengthen our defences.
In this blog, we’ll delve into some of the biggest cyber attacks and breaches of April, along with highlighting positive steps to be taken to prevent such attacks.
Here are the biggest cyber attacks and breaches from April that have made an impact on social media:
1. Okta faces new challenges
Okta, a top identity management platform, is facing ongoing cyber security challenges. The company has alerted users to attack attempts coming from anonymising services such as Tor and commercial proxy networks, underscoring the constant threat posed by sophisticated hackers.
2. 71% of businesses experienced ransomware attacks in 2023
In the corporate world, the harsh truth about cyber security breaches is evident. Check Point reports that a staggering 71% of businesses experienced ransomware attacks in 2023, resulting in an average payout of $4.35 million. This sobering statistic emphasises the crucial role of employees as the initial defence against cyber threats, given that human error remains a significant vulnerability.
3. MITRE corporation’s wake-up call
4. The rise of AI threats
5. GitHub’s vulnerability: Exploited for malware distribution
A curious flaw (or possibly a design choice) in GitHub has been exploited by threat actors to distribute malware via URLs linked to Microsoft repositories. Exploiting the perceived trust in these URLs, cyber criminals have found a fresh method to entice unsuspecting victims, serving as a reminder that even the most reputable platforms can be vulnerable to exploitation.
Addressing cyber risks
1. UK bans default IoT passwords
The United Kingdom has made a bold move by becoming the first country to ban default credentials on Internet of Things (IoT) devices. This law stops manufacturers from providing devices with easily accessible default passwords, which cyber criminals often exploit. As our world gets more connected, securing these entry points becomes crucial to protect our digital spaces.
2. AI security measures: Recommendations by the NSA and partners
The U.S. National Security Agency (NSA), along with its Five Eyes partners, has released guidance on securely deploying AI systems. This timely document, the first from the NSA’s Artificial Intelligence Security Centre, offers a comprehensive set of best practices for securing AI deployment environments, consistently safeguarding AI systems, and ensuring secure operation and maintenance.
Spotlight on April’s vulnerabilities: Critical threats uncovered
Now we dive into the latest vulnerabilities making waves. From nation-state actors to zero-day exploits, to keep you engaged and informed.
1. CVE-2024-27322: A significant threat to R computing systems
Let’s start with (CVE-2024-27322), a troubling vulnerability that enables threat actors to execute arbitrary code on systems using R, a widely used statistical computing language. This flaw, hidden within R’s deserialisation process, allows malicious actors to create custom files that can infiltrate target environments.
2. CVE-2024-2389: Unpatched flaw threatens Flowmon products
There’s talk in the cyber security community with news of a critical vulnerability (CVE-2024-2389) impacting Flowmon products. This flaw, marked by improper access controls, gives unauthorised remote attackers the power to manipulate network traffic data, potentially resulting in severe data breaches. What’s even worse? It’s still unpatched, leaving systems exposed to exploitation.
3. CVE-2024-20353 and CVE-2024-20359: Nation-state group targets Cisco devices
In a surprising turn of events, a nation-state group has been found exploiting two vulnerabilities (CVE-2024-20353 and CVE-2024-20359) in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. This group, tracked as UAT4356 by Talos and STORM-1849 by Microsoft, has shown a high level of sophistication and knowledge, suggesting involvement in espionage activities.
4. CVE-2024-26234 and CVE-2024-29988: Microsoft’s April 2024 update under fire
The April 2024 patch Tuesday update from Microsoft brought a wave of vulnerabilities, including two zero-days actively exploited in the wild. CVE-2024-26234, a proxy driver spoofing vulnerability, and CVE-2024-29988, a SmartScreen prompt security feature bypass, have both been targeted with functional exploit code, leaving systems vulnerable to malicious actors.
5. CVE-2024-3400: Palo Alto Networks reveals critical vulnerability in PAN-OS
And if you thought things couldn’t possibly get worse, Palo Alto Networks has disclosed a critical vulnerability (CVE-2024-3400) in PAN-OS that malicious actors have been actively exploiting. This complex flaw, a fusion of two bugs, could result in unauthenticated remote shell command execution, giving attackers a frightening degree of access to vulnerable systems.
Conclusion
As we navigate these challenging times, one thing is certain: the journey is ongoing, demanding continuous vigilance, innovation, and an unwavering commitment to improving our cyber security. While threats may evolve, so does our collective resilience, fuelled by the tireless efforts of cyber security professionals, researchers, and policymakers worldwide.
So, let’s stay vigilant. Attacks become more sophisticated, but with knowledge and preparation, we’re well-equipped to address their challenges.
If you are concerned about threats to your IT estate, get in touch and one of our cyber experts can discuss how we protect your business.