Critical infrastructure impacts just about everything we depend on for daily living: the cars we drive, the water we drink, the air we breathe, and the food we eat.
Not long after the 2021 Colonial Pipeline attack, which led to widespread fuel shortages for several days, President Joe Biden issued an executive order (EO) on cybersecurity.
The next year, Biden created Critical Infrastructure Security and Resilience Month, which brought these cybersecurity issues around 16 critical infrastructure sectors into the mainstream.
Along with the impact on the gas supply and prices in the Colonial Pipeline incident, the country also saw supply chain disruptions when major food processor JBS Foods was attacked in 2021.
In 2024 the country faced the attack on Change Healthcare, the payments processor for UnitedHealth. Nearly 100 million Americans were impacted in some form by this attack and in the days following the attack last February, some patients were denied care because pharmacy systems couldn’t process Medicaid claims.
The attacks on critical infrastructure also have a clear financial cost: Nearly half of the respondents (45%) to an October Claroty study reported a financial impact of $500,000 or more in the last 12 months from cyberattacks affecting cyber-physical systems (CPSes), and 27% reported a loss of $1 million or more.
CPSes include operational technology (OT), Internet-of-Things (IoT), connected medical devices (IoMT), and building management systems (BMS) — technologies that are the core of critical infrastructure systems.
According to Claroty, the most financially impacted sectors are chemical manufacturing, power and energy, and mining and materials, with 54% to 55% of respondents in each sector reporting more than $500,000 in losses from incidents in the last 12 months.
While every cyberattack on critical infrastructure in 2024 wasn't chronicled by SC Media, we did look at the top incidents in each of the five sectors that IBM Security’s 2024 X-Force Threat Intelligence Index reported sustained the most cyberattacks: manufacturing, finance, energy and utilities, retail and healthcare.
Manufacturing
Manufacturing continued to sustain the most cyberattacks of any critical infrastructure sector. Typically, manufacturing accounts for close to 25% of all cyberattacks in any given year, according to IBM Security X-Force Threat Intelligence Index.
In January, Lush, the UK cosmetics manufacturer and retailer, disclosed that it was the victim of a cyberattack in which threat group Akira later took credit for acquiring 110GB of data from the company’s systems. The Lush data allegedly included personal documents, passport data, accounting and financial information, ongoing projects, and client data.
Schneider Electric disclosed in November that its Atlassian Jira system was compromised by the HellCat ransomware group. HellCat alleged that nearly 40 gigabytes of project data and user details have been exfiltrated as a result of the breach, while threatening the large French multinational of exposing the compromised information should it refuse to pay a $125,000 ransom. The incident was Schneider Electric’s third cyberattack in 18 months.
In both cases, neither Schneider Electric or Lush paid a ransom. No further details were released on either case.
Financial services
After the manufacturing sector, hackers tend to target financial services. The largest data breach from a financial services company this year affected LoanDepot, a top-ranked mortgage lender based in Irvine, California. Threat actor ALPHV/BlackCat took responsibility for the attack.
The attack, which LoanDepot said took place from Jan. 3 to 5, exposed names, addresses, financial account numbers, phone numbers and dates of birth of nearly 17 million customers, according to a filing with the Maine Attorney General. The attack reportedly caused disruptions at the company for nearly two weeks.
The largest data breach on a bank in 2024 affected Evolve Bank and Trust, based in Memphis, Tennessee. Evolve disclosed to the Maine Attorney General that the breach affected 7.6 million people. The bank said the breach included names, Social Security numbers, Evolve account numbers, dates of birth and contact information. The breach occurred in May and was publicly disclosed in late June.
The bank partners with many fintechs that were also harmed by the breach, including Affirm, Wise and Bilt Rewards. LockBit, the threat actor that executed the data breach, initially claimed falsely that the data it stole came from the Federal Reserve.
Energy and utilities
The energy and utilities sector continued to sustain roughly 11% of all cyberattacks, according to IBM Security. One of the largest utilities attacks of 2024 was on oil services giant Halliburton, which reported $35 million in losses as a result of the cyberattack.
Halliburton said in an Aug. 22 filing with the Securities and Exchange Commission that it activated its cybersecurity response plan and launched an investigation internally with the support of external advisors. In an updated SEC filing in September, Halliburton did not confirm a ransomware attack, but said the cyberattack caused significant disruptions and limitation of access to portions of its IT systems.
The Tampa Bay Times reported on Dec. 19 that Duke Energy Florida confirmed that it was hit with a cyberattack last May. The story cited emails sent to customers that said “an unauthorized third party may have acquired information, like names, birth dates and the last four digits of Social Security numbers.”
The issue was only brought up because customers took to social media to inquire if others received emails about the breach. Once it became an issue on social media, Duke Energy Florida confirmed that the emails were not a scam and, in fact, the breach took place in the spring.
Retail
A study posted Nov. 20 by SecurityScorecard found that 97% of the top 100 U.S. retailers experienced a third-party data breach in the past year similar to the one reported recently by Starbucks and UK grocers Sainsbury and Morrisons.
With vast amounts of customer data — including sensitive payment details and personally identifiable information (PII) — SecurityScorecard said retailers are particularly susceptible to third-party breaches. This highly valuable data represents a goldmine for cybercriminals, who exploit it for identity theft, financial fraud, and other malicious purposes.
Another major attack on a retailer happened last summer when the prolific threat group ShinyHunters carried out an attack on Ticketmaster by allegedly compromising Snowflake, a third-party cloud-based data warehouse.
Companies use Snowflake to store and analyze vast volumes of data for useful insights. While Snowflake denied fault for the breach, the company said there was a campaign targeting Snowflake users who use single-factor authentication on their accounts.
Healthcare
The largest attack on a healthcare organization in 2024 by far was the Change Healthcare incident, which took down payment systems for several days and resulted in UnitedHealth CEO Andrew Witty testifying before Congress in May that “roughly one-third” of all Americans were affected.
UnitedHealth on Oct. 22 finally confirmed to the Department of Health and Human Services (HHS) that 100 million Americans were affected by the Change Healthcare breach, making it the largest healthcare breach on record. The BlackCat/ALPHV ransomware group was credited with executing the hack.
Ascension Health disclosed Dec. 19 that it began informing the 5.6 million patients who were affected by a May ransomware attack. The attack caused numerous hospitals in the Ascension system to lose access to their electronic health records, certain lab systems, and surgical and medication systems. Hospitals were also forced to read medical charts on paper. Ascension confirmed in June that the attack was carried out by Black Basta.
