The biggest cyber attacks and vulnerabilities of April 2024

Insights and trends from recent cyber threats and vulnerabilities from April.

Arjun Pednekar

1st May 2024

Everyone—from countries to businesses to individuals—is constantly fighting against cyber threats. But even amidst all the challenges, there are signs of progress that show our ability to innovate and strengthen our defences.

In this blog, we’ll delve into some of the biggest cyber attacks and breaches of April, along with highlighting positive steps to be taken to prevent such attacks.

Here are the biggest cyber attacks and breaches from April that have made an impact on social media:

1. Okta faces new challenges

Okta, a top identity management platform, is facing ongoing cyber security challenges. The company has alerted users to attack attempts coming from anonymising services such as Tor and commercial proxy networks, underscoring the constant threat posed by sophisticated hackers.

2. 71% of businesses experienced ransomware attacks in 2023

In the corporate world, the harsh truth about cyber security breaches is evident. Check Point reports that a staggering 71% of businesses experienced ransomware attacks in 2023, resulting in an average payout of $4.35 million. This sobering statistic emphasises the crucial role of employees as the initial defence against cyber threats, given that human error remains a significant vulnerability.

3. MITRE corporation’s wake-up call

Surprisingly, even the respected MITRE Corporation, known for its cyber security expertise, experienced a cyber attack from a nation-state threat actor. The attacker used eight MITRE techniques, including exploiting the highly targeted Ivanti vulnerabilities, in a bold breach that reminds us no organisation is completely immune to such threats.

4. The rise of AI threats

Adding to the already daunting threat landscape, researchers from the University of Illinois Urbana-Champaign have revealed a shocking finding. AI agents using GPT-4, an advanced language model, can exploit the majority of public vulnerabilities just by reading about them online. This discovery poses a serious risk, potentially leading to a surge in automated attacks.

5. GitHub’s vulnerability: Exploited for malware distribution

A curious flaw (or possibly a design choice) in GitHub has been exploited by threat actors to distribute malware via URLs linked to Microsoft repositories. Exploiting the perceived trust in these URLs, cyber criminals have found a fresh method to entice unsuspecting victims, serving as a reminder that even the most reputable platforms can be vulnerable to exploitation.

Addressing cyber risks

1. UK bans default IoT passwords

The United Kingdom has made a bold move by becoming the first country to ban default credentials on Internet of Things (IoT) devices. This law stops manufacturers from providing devices with easily accessible default passwords, which cyber criminals often exploit. As our world gets more connected, securing these entry points becomes crucial to protect our digital spaces.

2. AI security measures: Recommendations by the NSA and partners

The U.S. National Security Agency (NSA), along with its Five Eyes partners, has released guidance on securely deploying AI systems. This timely document, the first from the NSA’s Artificial Intelligence Security Centre, offers a comprehensive set of best practices for securing AI deployment environments, consistently safeguarding AI systems, and ensuring secure operation and maintenance.

Spotlight on April’s vulnerabilities: Critical threats uncovered

Now we dive into the latest vulnerabilities making waves. From nation-state actors to zero-day exploits, to keep you engaged and informed.

1. CVE-2024-27322: A significant threat to R computing systems

Let’s start with (CVE-2024-27322), a troubling vulnerability that enables threat actors to execute arbitrary code on systems using R, a widely used statistical computing language. This flaw, hidden within R’s deserialisation process, allows malicious actors to create custom files that can infiltrate target environments.

2. CVE-2024-2389: Unpatched flaw threatens Flowmon products

There’s talk in the cyber security community with news of a critical vulnerability (CVE-2024-2389) impacting Flowmon products. This flaw, marked by improper access controls, gives unauthorised remote attackers the power to manipulate network traffic data, potentially resulting in severe data breaches. What’s even worse? It’s still unpatched, leaving systems exposed to exploitation.

3. CVE-2024-20353 and CVE-2024-20359: Nation-state group targets Cisco devices

In a surprising turn of events, a nation-state group has been found exploiting two vulnerabilities (CVE-2024-20353 and CVE-2024-20359) in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. This group, tracked as UAT4356 by Talos and STORM-1849 by Microsoft, has shown a high level of sophistication and knowledge, suggesting involvement in espionage activities.

4. CVE-2024-26234 and CVE-2024-29988: Microsoft’s April 2024 update under fire

The April 2024 patch Tuesday update from Microsoft brought a wave of vulnerabilities, including two zero-days actively exploited in the wild. CVE-2024-26234, a proxy driver spoofing vulnerability, and CVE-2024-29988, a SmartScreen prompt security feature bypass, have both been targeted with functional exploit code, leaving systems vulnerable to malicious actors.

5. CVE-2024-3400: Palo Alto Networks reveals critical vulnerability in PAN-OS

And if you thought things couldn’t possibly get worse, Palo Alto Networks has disclosed a critical vulnerability (CVE-2024-3400) in PAN-OS that malicious actors have been actively exploiting. This complex flaw, a fusion of two bugs, could result in unauthenticated remote shell command execution, giving attackers a frightening degree of access to vulnerable systems.

Conclusion

As we navigate these challenging times, one thing is certain: the journey is ongoing, demanding continuous vigilance, innovation, and an unwavering commitment to improving our cyber security. While threats may evolve, so does our collective resilience, fuelled by the tireless efforts of cyber security professionals, researchers, and policymakers worldwide.

So, let’s stay vigilant. Attacks become more sophisticated, but with knowledge and preparation, we’re well-equipped to address their challenges.

If you are concerned about threats to your IT estate, get in touch and one of our cyber experts can discuss how we protect your business.

Subscribe to receive the latest cyber insights

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Key features your vulnerability management platform must have

BLOG

Key features your vulnerability management platform must have

In this blog, we delve into the core concepts of vulnerabilities and the significance of a robust vulnerability management platform.

The biggest cyber attacks and vulnerabilities from June 2024

BLOG

The biggest cyber attacks and vulnerabilities from June

Insights and trends from recent cyber threats and vulnerabilities from June.