In 2024, the cybersecurity landscape was marked by significant intrusions into U.S. critical infrastructure, notably the China-linked “Typhoon” campaigns and persistent ransomware attacks on the healthcare sector. Agencies faced challenges in countering these threats, with three major incidents standing out:
Volt Typhoon
Initially identified in 2023, Volt Typhoon, a group connected to the People’s Republic of China, intensified its activities in early 2024. In February, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA issued advisories revealing that Volt Typhoon had infiltrated networks across critical infrastructure sectors, including communications, energy, transportation, and water systems. Unlike typical espionage, the group’s objective appeared to be positioning itself for potential disruptive or destructive cyberattacks against U.S. infrastructure during major crises or conflicts. Employing “living off the land” techniques, which utilize existing network tools to evade detection, made their presence particularly challenging to identify. The FBI conducted operations to remove the group’s malware from infected routers nationwide. However, officials caution that Volt Typhoon may still be lurking within critical infrastructure networks.
Change Healthcare Ransomware Attack
In February 2024, Change Healthcare, a leading healthcare payments provider and subsidiary of UnitedHealth Group, fell victim to a ransomware attack orchestrated by the ALPHV/BlackCat group. The breach led to the exfiltration of sensitive data and disrupted healthcare payment processing nationwide. Change Healthcare paid a $22 million ransom in Bitcoin to regain access to their systems. The attack’s financial impact was substantial, with UnitedHealth Group reporting costs escalating to approximately $2.87 billion by the end of 2024.
Salt Typhoon
Later in the year, the Salt Typhoon campaign targeted U.S. telecommunications providers, including major firms like Verizon and AT&T. This PRC-linked group managed to infiltrate networks, enabling them to monitor live communications and harvest sensitive information. The breaches affected a select group of high-profile individuals, including senior political figures and government officials. In response, CISA recommended that highly targeted individuals adopt end-to-end encrypted communication methods to mitigate the risk of surveillance.
Regulatory and Legislative Responses
In light of these incidents, regulatory bodies and lawmakers have intensified efforts to bolster cybersecurity defenses across various sectors. The Securities and Exchange Commission (SEC) introduced rules mandating public companies to disclose cyber incidents within four days and to implement robust risk management protocols. Additionally, the European Union’s Digital Operational Resilience Act (DORA) introduced further compliance requirements for organizations operating within its jurisdiction.
Conclusion
These incidents have prompted federal agencies to reevaluate and strengthen cybersecurity measures across critical infrastructure sectors. The Biden administration has made progress in establishing new requirements, particularly in the transportation sector, but challenges remain in implementing cyber standards in areas like the water sector. White House Deputy National Security Advisor Anne Neuberger emphasized the need for sustained efforts and collaboration with companies and associations to address these threats effectively.
The healthcare sector, in particular, is under increased scrutiny. Regulators and lawmakers are proposing stringent cybersecurity measures for hospitals, with new legislation introduced to set stronger standards. However, smaller healthcare providers face challenges in meeting these requirements due to limited resources. The recent attacks have highlighted the need for better preparation and resources across the sector to defend against daily cyber threats.
As the year concludes, the cybersecurity landscape remains complex and rapidly evolving. Organizations across all sectors must stay vigilant and proactive in implementing robust cybersecurity measures to protect against increasingly sophisticated threats.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
