As 2024 ends, we reflect on the year's key breaches and trends. Cyberattacks have targeted critical infrastructure and major corporations, while geopolitical tensions, particularly Russian cyber threats, have heightened risks.
From Microsoft Teams to Krispy Kreme, hackers have been busy this month, targeting businesses from a range of industries. Read on to find out what’s been happening in the world of cybersecurity this December.
Cisco data is leaked by hackers
A hacker named IntelBroker leaked 2.9 GB of data from Cisco’s DevHub, claiming it’s only a fraction of the 4.5 TB of data they allegedly obtained. The breach involved source code, credentials, encryption keys, and certificates, reportedly tied to Cisco products like Catalyst, IOS, ISE, SASE, Umbrella, and WebEx.
Cisco has stated its core systems were not breached, attributing the leak to a public-facing DevHub misconfiguration. While most of the exposed data was public, some sensitive files were unintentionally accessible. Initially, Cisco claimed no confidential or financial data was compromised but later removed this assurance.
Cisco is said to be investigating the incident and maintains confidence that the leaked data does not threaten its enterprise systems. That said, the situation is a strong reminder of the risks associated with improperly secured public-facing environments.
Google Calendar and Gmail security threats
Reports have emerged about Cybercriminals leveraging Google apps like Gmail, Calendar, Drawings, and Forms to execute phishing attacks aimed at payment fraud. These scams exploit features like automatic calendar invitations and redirect victims to fake reCAPTCHA or support pages.
Stu Sjouwerman, CEO of KnowBe4, warns that attackers only need a Gmail address to insert malicious events into a user’s calendar automatically. To mitigate this, he recommends disabling automatic event additions in Calendar settings. Users can opt to ‘only show invitations to which I have responded’ and uncheck ‘automatically add events from Gmail,’ though this reduces convenience.
Google advises Workspace subscribers to enable email verification for appointments and activate the ‘known senders’ setting to flag unfamiliar invitations. While current attacks are broad, these methods could evolve into more targeted threats. Balancing security with functionality remains key.
Microsoft Teams and AnyDesk fall victim to malware
Attackers are exploiting Microsoft Teams and AnyDesk in a social engineering campaign to deploy DarkGate malware. By impersonating external suppliers via Teams calls, they trick victims into installing AnyDesk, a remote access tool, which is then abused to deliver DarkGate and credential stealers. Active since 2018, DarkGate is a remote access trojan (RAT) with capabilities such as keylogging, credential theft, and screen capturing.
The incident highlights a broader rise in phishing campaigns, including QR code phishing, fake Microsoft 365 login pages, and scams targeting YouTube creators and WhatsApp users. Cybercriminals increasingly exploit trusted platforms, global events, and emotional urgency to deceive victims. Organisations are advised to enable MFA, restrict unverified remote tools, and monitor for suspicious domains to defend against these evolving threats.
WordPress websites hit
A malicious NPM package, posing as an XML-RPC implementation, operated undetected for a year, stealing data and installing cryptominers. Researchers from Datadog and Checkmarx discovered it had stolen 390,000 WordPress credentials and compromised 68 systems to mine Monero.
Initially harmless, the package worked as intended in the beginning, but it later introduced malware through updates, exploiting users in a supply chain attack. The malicious code was created to steal SSH keys, bash history and a range of other data every 12 hours, extracting it through Dropbox or File.io.
The next problem was, researchers and security professionals would then incorporate the XML-RPC package into their own products inadvertently which resulted in extending the malware's reach, transforming it into a widespread supply chain attack.
Developers have been urged to exercise caution when using open-source software, as such sources remain prime targets for cybercriminals.
Krispy Kreme online orders disrupted
Krispy Kreme has disclosed a cyberattack that disrupted its online ordering systems in the US, though physical shops remain open. The attack occurred in late November but was only recently revealed in a regulatory filing with the US Securities and Exchange Commission (SEC). Krispy Kreme stated the incident could have a "material impact" on its operations but assured customers it is working with cybersecurity experts to investigate, contain, and restore affected systems.
The doughnut chain, operates over 1,400 shops globally, expects the attack to result in costs related to lost digital sales, system restoration, and cybersecurity fees. While no group has claimed responsibility for the hack, the incident highlights a growing trend of cyberattacks in 2024 targeting diverse industries.
Meta fined €251 million for data breach
Meta, Facebook’s parent company, has been fined €251 million by Ireland’s Data Protection Commission for a 2018 data breach that exposed millions of user accounts. Hackers exploited three bugs in Facebook’s “View As” feature to steal access tokens, allowing them to control user accounts. While Meta initially reported 50 million affected accounts, the actual number was closer to 29 million, including 3 million in Europe.
The Irish regulator, acting under the EU’s General Data Protection Regulation (GDPR), found Meta guilty of multiple privacy rule infringements. Meta plans to appeal the decision, stating it took immediate action to fix the issue, notify impacted users, and alert authorities like the FBI. This fine demonstrates the EU's continued enforcement of strict data protection laws to hold companies accountable for safeguarding user data.
Securing your business in 2025
Together with our trusted partner community, Brigantia is committed to helping organisations strengthen their defences and stay secure against the growing cyber threat landscape. Contact the Brigantia team today to find out more about market-leading cybersecurity vendors.
Enjoyed this article? Visit the resources page to find more just like it: https://www.brigantia.com/resources
