From massive data breaches affecting retail giants to disinformation campaigns targeting the Paris 2024 Olympic Games, and the rise of AI-powered cyber threats, 2024 has been a year marked by critical vulnerabilities and escalating geopolitical stakes.

Retail data breaches: a persistent threat

The year 2024 began with a wave of significant data breaches targeting major retail players like Boulanger, Cultura, Truffaut, and Auchan. The exposed data included sensitive information such as email addresses, phone numbers, purchase histories, and, in some cases, IBANs.

“These attacks highlight the appeal of the retail sector for cybercriminals due to the wealth of customer data and often vulnerable, complex, and interconnected infrastructures. It emphasizes the need for robust systems to secure digital supply chains and to raise employee awareness of emerging cyber threats,” stated Cassie Leroux, Product Director at Mailinblack.

Healthcare under siege

Healthcare facilities in France continued to face significant cyberattacks in 2024, demonstrating their vulnerability to digital threats. In May, the Simone Veil Hospital in Cannes was targeted by the LockBit ransomware group. A total of 61 gigabytes of sensitive data—including medical records, ID cards, and payroll documents—were published on the dark web after the hospital refused to pay the ransom.

Additionally, in February 2024, two operators managing third-party payments for health insurance companies, Almerys and Viamedis, were breached. This unprecedented theft involved the data of 33 million individuals. According to the French Data Protection Authority (CNIL), the stolen data included personal details such as names, birthdates, and social security numbers.

Cybersecurity at the heart of the Paris 2024 Olympics

The Paris 2024 Olympics brought cybersecurity to the forefront. Research by FortiGuard Labs revealed a significant increase in darknet activity targeting France, with an 80-90% surge beginning in mid-2023 and persisting through 2024.

“Several stealer-type malware programs, which intercept and redirect sensitive content, were prevalent in France during this period. Racoon was the most active, accounting for 59% of cases, followed by Lumma (21%) and Vidar (9%). These malware variants are known for their rapid ability to infiltrate devices and harvest sensitive information, as seen during the Olympics,” said Alain Sanchez, CISO EMEA at Fortinet.

The Olympics were also a hotbed for disinformation campaigns. “Groups like Storm-1679 and Storm-1099 amplified their efforts to manipulate public opinion, create discord among participating nations, and destabilize this high-profile international event,” Sanchez added.

Geopolitical risks and software supply chain attacks

Beyond the Olympics, geopolitical tensions and software supply chain vulnerabilities dominated the landscape. Loïc Guézo observed: “The year 2024 saw the impact of Chinese state-affiliated cybercriminal networks such as Typhoon (Volt Typhoon, Salt Typhoon). These groups infiltrated critical American infrastructures, including major telecom networks, putting government data at risk. Their modus operandi involves compromising less-protected suppliers to reach end targets, a strategy that has significantly increased in recent months.”

These attacks extended beyond the United States, with groups targeting Europe and France. “Proofpoint identified a campaign by Brass Typhoon (TA415 or APT41) using the malware ‘Voldemort,’ impersonating France’s General Directorate of Public Finances to gather intelligence from insurance organizations,” added Guézo.

One notable incident was the ‘XZ Backdoor’ case. In April 2024, a Microsoft developer discovered that the XZ Utils data compression utility had been compromised with a backdoor inserted by a contributor named Jia Tan.

“Jia Tan joined the project two years prior, initially contributing bug fixes and improvements. Over time, they gained trust and permissions to manage the repository. In 2023, they introduced a sophisticated backdoor into version 5.6.0 of XZ,” explained Akamai on its blog.

“The number of compromised open-source applications and libraries continues to grow. Malicious users exploit the lack of thorough code audits, embedding backdoors during bug fixes or feature additions. These compromised tools are then widely used in commercial software and applications,” noted Nicolas Caproni, Head of Threat & Detection Research at Sekoia.

The Growing role of artificial intelligence

The rise of artificial intelligence (AI) in cyber threats was a major theme of 2024. “AI is at the core of both offensive and defensive strategies. Attackers use tools like ChatGPT to craft malware, phishing emails, and even to identify targets. On the defensive side, AI accelerates alert management and incident response in SOCs and CERTs,” said Caproni.

Cassie Leroux concurred: “The rapid evolution of AI presents both opportunities and threats. Deepfakes have escalated the complexity of fraud, particularly through identity theft. Cybersecurity is increasingly adopting integrated approaches, where employee training plays a crucial role in combating social engineering threats.”

For Alain Sanchez, the combination of AI and hybrid cloud environments adds to the complexity. “AI and state-sponsored efforts in this sector make attacks more sophisticated and rapid. The cloud, with its critical data reservoirs, becomes an even more attractive target. Hybrid environments, involving multiple cloud providers, expand the attack surface and vulnerability potential,” he explained.

Loïc Guézo predicted: “AI will be central to strategic discussions in 2025, providing both new risks and enhanced protection. It will become a critical support for business processes while also being exploited by threat actors to manipulate corporate AI systems.”

NIS2: Progress in implementation

No review of 2024 would be complete without mentioning the NIS2 directive. Several EU member states, including Italy, Belgium, Lithuania, Latvia, and Croatia, have transposed the directive, while others lag behind. Wavestone’s analysis highlighted the varying progress among member states. In France, the directive’s implementation is tied to a resilience law addressing both NIS2 and other directives like REC (Resilience of Critical Entities) and DORA.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.