Cybersecurity's Unfinished Battle
Insights, Trends, and Strategies for a Resilient 2025
2024 was a year of unprecedented challenges - the echoes of 2024’s relentless cyber onslaught still resonate. From the crippling Microsoft-CrowdStrike outage, and the emergence of quantum encryption guidelines, to the surge in state-sponsored attacks, the cybersecurity landscape was a constant battleground. The year was marked by a relentless onslaught of threats, from sophisticated ransomware campaigns to the ever-present danger of supply chain attacks. The battle against cybercriminals is far from over. The human element remains a critical vulnerability, and the sophistication of adversaries continues to evolve.
This month's newsletter delves into the defining trends of 2024, offers a glimpse into what 2025 holds, and highlights the threat actors—MVPs and master strategists—who shaped the battlefield in 2024.
Organizations' technological shift to cloud and SaaS adoption created fertile ground for attackers. The numbers are staggering—7,000 password-based attacks per second and 600 million identity attacks per day1. While many organizations fortified their defenses by embracing MFA, threat actors adapted, escalating their strategies to bypass authentication, infiltrate infrastructure, and exploit applications. The result? A battlefield where both sides are constantly leveling up their game.
7,000 password-based attacks per second and 600 million identity attacks per day
Identity infrastructure has become a prime target for sophisticated attackers. Once inside, they establish persistence, lurking undetected while planning lateral movements. Detecting such threats requires more than vigilance—it demands AI-driven threat detection, meticulous log analysis, and proactive configuration monitoring. Meanwhile, SaaS platforms have become a favored playground for hackers, who blend seamlessly into legitimate usage patterns to evade detection.
On the defensive front, passkeys emerged as a game-changing weapon in the fight against phishing and brute-force attacks. Leveraging biometric credentials, passkeys eliminate the frustrations of forgotten passwords, reduce reliance on one-time codes, and dramatically improve user experience—three times faster than traditional passwords and eight times faster than MFA combinations. Organizations are catching on, with a staggering 987% increase in passkey adoption recorded last year2.
But the road to a passwordless future is fraught with challenges. True security lies in phasing out passwords entirely and embracing phishing-resistant methods of authentication. For organizations, 2025 is not just about adopting passkeys—it’s about embedding them into a culture of cyber awareness and ensuring every stakeholder is on board. The battle may be unfinished, but the fight for a safer digital future is well underway.
LockBit earned its reputation as the star player in the ransomware-as-a-service (RaaS) league, dominating the field with relentless precision. With high-profile breaches like Evolve Bank & Trust and a supply chain ripple effect that impacted companies like Affirm and Wise, LockBit consistently scored big, cementing its position as the MVP of SaaS attacks.
You can't stop me! - LockBit Gang
But every offensive juggernaut faces its reckoning. Enter Operation Cronos, a global counteroffensive led by international law enforcement heavyweights. The crackdown dismantled 28 servers, seized LockBit’s public leak site, and arrested key collaborators. To add insult to injury, authorities hijacked LockBit’s .onion domain, transforming it into a public hall of shame featuring press releases, decryption keys, leaked backend data, and even the alleged identity of its leader. This tactical strike dealt a crushing blow to LockBit’s reputation, with researchers noting its attempts at a comeback were faltering.
Unfazed, LockBit fired back with defiance, taunting authorities with bold proclamations like, "You can't stop me." The global sting of Operation Cronos is far from over, and the battle for the ransomware crown remains fierce.
BlackCat, the Rust-powered ransomware syndicate, redefined audacity in 2024 with a record-breaking $22 million payout from Change Healthcare. Extracting 4 TB of highly sensitive patient data, the attack not only crippled operations but exposed critical vulnerabilities in the healthcare ecosystem, sending shockwaves across the industry.
4TB data extortion and a $22 million ransom payout
The heist was followed by an unprecedented twist. BlackCat staged a fake FBI takedown of its leak site, a move designed to sow confusion among law enforcement and affiliates alike. But the ruse unraveled when RansomHub, one of its affiliates, went rogue, accusing BlackCat of cutting them out of the ransom deal. In a public showdown, RansomHub released Bitcoin transaction logs as evidence and, in a final act of defiance, published the stolen data themselves. The fallout left Change Healthcare with no leverage, no data security, and a billion-dollar recovery bill.
RansomHub VS BlackCat
The breach didn’t just empty coffers; it disrupted critical healthcare services, delaying patient care and administrative workflows across the US and cascaded into a systemic crisis.
For the C-suite, BlackCat’s saga is more than a cautionary tale—it’s a wake-up call. The group's brazenness, technical sophistication, and ability to exploit trust within its own ranks underscore the evolving dynamics of cybercrime. In this high-stakes game, organizations must rethink their defenses, focusing on proactive threat intelligence, zero-trust architectures, and a unified resilience strategy to withstand attacks of this magnitude.
The Dark Angels ransomware gang solidified their position as unparalleled tacticians in 2024, securing a record-breaking $75 million ransom from a Fortune 50 company. Their methodical "Big Game Hunting" strategy, targeting high-value corporations with surgical precision, has redefined the ransomware landscape, inspiring a wave of imitators.
Though the victim’s identity remains undisclosed, speculation points to pharmaceutical giant Cencora, ranked #10 on the Fortune 50, which suffered a significant cyberattack in early 2024. The attack’s covert nature, paired with the absence of any claims of responsibility, strongly suggests a quiet negotiation and a hefty payout. Crypto intelligence firm Chainalysis further validated the event, spotlighting the staggering ransom in a tweet that sent ripples through the cybersecurity community.
The Dark Angels’ strategy is ruthlessly effective: target, infiltrate, and extract maximum leverage from organizations least able to afford downtime. By focusing on a single, high-profile victim at a time, they ensure undivided attention, maximizing their payouts while minimizing exposure. Their success has not only crowned them as leaders in the ransomware underworld but has also set a dangerous precedent, encouraging others to adopt similarly aggressive tactics.
For C-suite leaders, this isn’t just a headline—it’s a dire warning. The Dark Angels’ triumph underscores the critical need for robust incident response plans, real-time threat intelligence, and uncompromising security frameworks. In a world where cybercriminals are sharpening their focus, the question isn’t if you’ll be targeted—it’s whether you’ll be ready.
While ransomware attacks remained a significant threat, 2024 was defined by a series of massive outages that reached far beyond the tech industry. These disruptions impacted everyday life for millions globally, a stark contrast to previous years with more contained cybersecurity events. The summer's global IT outage caused by CrowdStrike's faulty Falcon channel file update stands as a prime example of this widespread impact.
DDoS attack set a new record at 3.8 Tbps peak
This was followed by a wave of service disruptions, affecting major platforms like Salesforce, gaming networks, and even essential services like banking and email. These cascading outages, culminating in a record-breaking 3.8 Tbps DDoS attack, highlighted the increasing sophistication and scale of cyber threats.
Volumetric attacks jumped 30% in H1 2024
State-sponsored actors, such as the suspected Chinese APT group "Salt Typhoon," intensified their operations, targeting critical infrastructure and exploiting vulnerabilities in key systems. Telecoms companies targeted by Salt Typhoon included Verizon, AT&T, Lumen Technologies and T-Mobile.
Salt Typhoon's victim list continues to grow. Charter Communications, Consolidated Communications, and Windstream are the latest targets of Chinese government espionage, laying the groundwork for potential conflict with Beijing. Having now graduated from clumsy corporate thieves to military weapons, Salt Typhoon poses a direct threat to U.S. infrastructure and telecoms, positioning itself to impede response and sow chaos. These attacks, coupled with the rise of hacktivist groups, created a volatile and unpredictable threat landscape.
Despite advancements in security technologies and heightened awareness, cybercriminals continue to outpace defenses, exploiting human error as their most reliable entry point. This persistent vulnerability remains a top concern for CISOs, with 74% identifying it as their organization’s greatest cyber risk—up from 60% in 20233.
Credential phishing surged by 703% in 2024.4
Users encounter at least one advanced phishing link weekly that bypasses traditional security controls.
Email attack volumes skyrocketed 202% in the latter half of the year.
The evolving threat landscape demands a multi-layered approach: AI-driven threat intelligence, advanced detection systems, proactive security measures, and robust employee training. At Cytex, we’re committed to building resilience across organizations. Our dedication to accessible cybersecurity has earned us recognition from the MIT Cyber Defense Clinic, endorsing our mission to make robust cyber defenses a societal standard.
That’s why we’re offering our Gamified Phishing Simulation & Security Training modules for FREE—empowering state and local governments, businesses, and vendors to enhance their defenses.
With Cytex, turn your first line of defense into a Human Firewall. No strings attached—secure your access today: https://cytex.io/free-phishing-simulation/
Let’s shape a safer digital future together.
Cytex provides AI powered cybersecurity, risk management, and compliance operations in a unified resilience platform.
Interested? Find out more at → https://cytex.io
Source: Microsoft Digital Defense Report 2024
Source: Microsoft Digital Defense Report 2024
ProofPoint: 2024 Voice of the CISO Report
2024 Phishing Intelligence Report
Informative stuff
Interesting