What were the key statistics for cybersecurity events in week 49 of 2024?

Week 49 saw 7 advisory/vulnerability events and 20 incident/data breach events. Over 20.3 million individuals were impacted across 8 incidents, with the largest being Malaysia's National ID cards breach affecting 17 million people.

How did week 49 compare to week 48?

Advisories decreased from 12 to 8, while incidents increased from 18 to 20. The number of impacted individuals rose significantly from 1.149 million to over 20 million.

What were the main causes of incidents?

Malware, ransomware and related attacks led with 7 incidents, followed by system misconfiguration exploits (2), social engineering and phishing (1), and unauthorized access (1).

Which industries were most affected?

Government and IT/Software/Technology sectors were most impacted with 5 incidents each, followed by Consulting/Professional Services, Healthcare, and Transport/Logistics with 2 incidents each. Finance, Telecommunications, and Insurance sectors had 1 incident each.

What types of security events were reported?

Events included 7 vulnerability advisories (including critical flaws in multiple systems), 1 practical knowledge item, and 20 incidents comprising data breaches, ransomware attacks, and system compromises affecting various sectors globally.

Knowledge

State of (in)security - Week 49, 2024

published: Dec. 9, 2024

Take action: You should never leave an unpatched device for 10 years. It's going to reach end of life, there won't be any support or it will be terribly expensive. And hackers will still be attacking it.

Learn More

In the week between Dec. 2, 2024, midnight and Dec. 9, 2024, midnight we witnessed a total of:

7 advisory/vulnerability events
20 incident/data breach events

Week over Week comparison of week 49 2024 vs week 48 2024:

Advisories are down from the previous week, incidents are slightly up. Advisories are down from 12 in week 48, to 8 in week 49. Incidents are up from 18 in week 48 to 20 in week 49.
The number of known impacted individuals is signifcantly up - from 1.149 million in week 48 to over 20 million in week 49.

We also shared 1 practical knowledge items

Total impacted individuals via the events of the week

There were a total of 20,342,600 impacted individuals across 8 incidents, with the largest breach being the Malaysia's National Cyber Security Agency investigates pontential breach of national ID cards incident exposing 17,000,000 individuals. Since not all incidents report a number of impacted individuals, the real number is definitely higher than that.

Cause breakdown of incidents

Cause	Number of incidents
Malware, Ransomware and Related Attacks	7
System Misconfiguration Exploits	2
Social Engineering and Phishing	1
Unauthorized access	1

Industry breakdown of incidents

Industry	Number of incidents
Government	5
IT/Software/Technology	5
Consulting/Professional Services	2
Healthcare	2
Transport/Logistics	2
Finance	1
Telecommunications	1
Insurance	1

Read the Event Details of the Week

Knowledge

active attack | Cisco warns of active exploit of 10 years old Cisco ASA vulnerability

Vulnerabilities

critical vulnerability | Critical vulnerability reported in Mitel MiCollab VoIP software
critical vulnerability | Google releases December 2024 Android update, fixes multiple high severity flaws
critical vulnerability | IBM reports multiple critical vulnerabilities in Security Verify Access Appliance
critical vulnerability | Multiple critical flaws in Planet Technology WGS-804HPT industrial switch
critical vulnerability | SailPoint reports critical vulnerability in IdentityIQ IAM platform
ransomware | Ultralytics YOLO11 AI model on PyPI hijacked to inject cryptominer
ransomware | Veeam reports critical flaw in Service Provider Console

Incidents

data breach | SAG-AFTRA Health Plan reports data breach caused by email phishing attack
data breach | US Governmentcontractor Chemonics reports data breach, 263k affected
data breach | PointClickCare reports data breach, exposing residents of long-term care facilities
data breach | More MOVEit data leaked - Xerox, Nokia, BofA, Morgan Stanley's impacted
data breach | KYC service provider Signzy reports data breach
data breach | Atrium Health reports another data breach impacting 585k people
data breach | Zane Benefits reports data breach exposing SSNs
data breach | UK Ministry of Defence investigates theft of credentials of 600 employees by infostealer
data breach | Multiple Bangladesh's government systems breached, exposing sensitive information
data breach | Datamaxx Applied Technologies reports data breach
data breach | Jefferson Dental Center, Indiana, reports cybersecurity incident, data breach
data breach | Researcher discovers Express Services leaking data, second breach in the year
data breach | Malaysia's National Cyber Security Agency investigates pontential breach of national ID cards
data breach | BT Group hit by Black Bast ransomware gang, took servers offline
ransomware | ENGlobal Corporation reports ransomware attack impacting its IT systems
ransomware | Brain Cipher ransomware group claims attack on Deloitte UK
ransomware | City of Hoboken, New Jersey hit by ransomware attack
ransomware | Romania's election systems under tens of thousands of cyberattacks
ransomware | KillSec ransomware gang claims attack on Clubfit Software fitness management
ransomware | Port of Rijeka hit by cyberattack, data stolen

Read More
The MOVEit comes back to bite the victims …
State of (in)security - Week 20, 2023
Payouts King Ransomware Uses QEMU Virtual Machines to …
How legacy software will kill you - 20,000 …
State of (in)security - Week 46, 2023