We are very pleased to partner with a Modern, Cloud Native, Zero Trust CNAPP innovator like AccuKnox. Zero Trust security is a Clint Health imperative ....
Attack Research Database
The cyberattacks and the cloud incidents have been creating massive damage to the organization’s confidential and credible information. Learn more about the latest attacks and the associated ransom costs.
Did you Know?
According to the latest IBM cloud attack report – each cloud attack costs $3.92M on an average
Total Exposed Attacks in 2024 Costed
~$1.95B
Attack Research
Attack Type
Ransomware attack on Indian payment system traced back to Jenkins bug
Researchers have discovered that a damaging ransomware attack on a digital payment system used by many of India’s banks began with a vulnerability in Jenkins — a widely used open-source automation system for software developers.
ATTACK COST
Not disclosed
WazirX Cryptocurrency Exchange Loses $230 Million in Major Security Breach
Indian cryptocurrency exchange WazirX has confirmed that it was the target of a security breach that led to the theft of $230 million in cryptocurrency assets.
ATTACK COST
$230M
CVE-2024-5655
Allows attackers to run pipelines as any user, which can lead to unauthorized access and potentially harmful actions within the GitLab CI/CD environment.
ATTACK COST
Not disclosed
Change Healthcare Ransomware Attack
A DDoS attack by Anonymous Sudan targeted over 300 web domains and 177,000 IP addresses, disrupting major public service websites.
ATTACK COST
$1.6 billion
UK Ministry of Defence Payroll Hack
Personal data of nearly 270,000 current and former staff members, including identities, bank details, and addresses, were exposed due to a hack on the payroll system managed by SSCL.
ATTACK COST
270K PII Disclosed
CrushFTP Zero-Day Cloud Exploit
Unauthenticated attackers exploit a sandbox escape flaw in the CrushFTP server (CVE-2024-4040) to download system files and potentially achieve Remote Code Execution (RCE).
ATTACK COST
Not disclosed
Kubernetes RCE Attack
Microsoft discovered critical vulnerabilities in OpenMetadata versions 1.2.4 and 1.3.1, exploited by attackers to execute remote code on Kubernetes clusters. These vulnerabilities allowed hackers to gain access to vulnerable environments and deploy cryptocurrency mining malware.
ATTACK COST
Not disclosed
Palo Alto Networks Zero-day Exploit
Proof-of-concept (PoC) exploits released for the maximum-severity vulnerability in Palo Alto Networks' PAN-OS used in GlobalProtect gateways. Attackers can achieve remote code execution by exploiting a chain of vulnerabilities, including directory traversal and command injection.
ATTACK COST
Not disclosed
Supply Chain Attack
A sophisticated attack targeting the Kubernetes supply chain, where attackers injected malicious code into container images used by various organizations. This code allowed attackers to access deployment configurations and sensitive data.
ATTACK COST
$2 million
French State DDoS Attack
A DDoS attack by Anonymous Sudan targeted over 300 web domains and 177,000 IP addresses, disrupting major public service websites.
ATTACK COST
Not disclosed
Rhysida Ransomware
MarineMax (luxury yacht dealer and boating lifestyle brand) earnings reports, balance sheets, bank account wire transfers, customer databases, and other financial documents compromised
ATTACK COST
15BTC
(roughly $919k)
Medusa Ransomware
Illinois’ Monmouth College system were compromised giving access to info like driver’s licenses and ID cards among a host of other information
ATTACK COST
$500k
Russian website builder data leak
54 million users of the uID.me website builder had their data exposed due to a misconfigured MongoDB database.
ATTACK COST
Not disclosed
Container Escape Vulnerability
Attackers exploited a container escape vulnerability within the Kubernetes environment of a healthcare provider, gaining access to host systems and compromising patient data. The vulnerability allowed attackers to break out of the container and execute commands on the host operating system.
ATTACK COST
$5 million
BlackCat Ransomware
6TB of data stolen from Change Healthcare's network belonging to "thousands of healthcare providers, insurance providers, pharmacies, etc.”
ATTACK COST
$22 million
Hipocrate Information System (HIS)
Ransomware attack forces 100 Romanian hospitals to go offline
ATTACK COST
3.5 BTC
(roughly $167k)
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Exploitation of two zero-day vulnerabilities (CVE-2024-20353 and CVE-2024-20359) in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls, leading to cyber-espionage activities targeting government networks worldwide.
ATTACK COST
Not disclosed
MITRE was breached through Ivanti zero-day vulnerabilities
MITRE Corporation breached by nation-state hackers utilizing zero-day vulnerabilities in Ivanti Connect Secure products. Attackers performed reconnaissance through VPNs and laterally moved into VMware infrastructure. Compromised systems used for storage, computing, and networking resources.
ATTACK COST
Not disclosed
Sophisticated state-sponsored attackers believed to be based out of North Korea
Orbit Chain's balance went from $115M to $29M instantly
ATTACK COST
$86 million
DarkBeam Misconfiguration
A misconfigured Elasticsearch and Kibana interface exposed 3.8 billion data records, including user emails and passwords, making them vulnerable to phishing campaigns.
ATTACK COST
Not disclosed
Zimbra Zero-Day
A zero-day vulnerability in the Zimbra Collaboration Suite was exploited to gain unauthorized access to email accounts, leading to data theft and espionage.
ATTACK COST
Not disclosed
ICMR Data Breach
The personal data of 815 million Indian residents was compromised, including names, ages, genders, addresses, passport numbers, and Aadhaar numbers.
ATTACK COST
Not disclosed
23andMe Credential Stuffing Attack
Credential stuffing attacks resulted in the leakage of data from 20 million genetic profiles. Initial leaks included data on Ashkenazi Jews, with subsequent leaks affecting UK and German residents.
ATTACK COST
Not disclosed
Scattered Spider
Guest info (social security number and passport number) stolen
ATTACK COST
$100 million hit to
the Q3 revenue
Cryptocurrency Mining Attack
Aqua Security uncovered that misconfigurations in Kubernetes clusters led to significant security breaches. Attackers exploited these misconfigurations to deploy cryptocurrency mining operations within compromised clusters.
ATTACK COST
Not disclosed
Salesforce Zero-Day Exploited to Phish Facebook Credentials
Guardio researchers detected cyberattackers sending targeted phishing emails with @salesforce.com addresses using the legitimate Salesforce infrastructure. An investigation revealed that they were able to exploit a Salesforce email-validation flaw to hide behind the domain's trusted status with users and email protections alike.
ATTACK COST
Not disclosed
MOVEit Transfer Zero-Day
Exploited a zero-day vulnerability in the MOVEit Transfer software, compromising sensitive data transfers and resulting in large-scale data breaches.
ATTACK COST
Not disclosed
Log4Shell
This zero-day vulnerability in the Apache Log4j library allowed attackers to execute arbitrary code on affected systems. It compromised critical infrastructure, including cloud services, financial institutions, and government agencies.
ATTACK COST
Not disclosed
Spring4Shell
This zero-day vulnerability in the Spring Framework allowed attackers to execute remote code on affected servers. It was exploited to deploy malware and gain unauthorized access to sensitive information.
ATTACK COST
Not disclosed
Log4j Hack on ONUS
Significant financial and reputational damage to ONUS; Nearly 2 million customer records put up for sale, including E-KYC information and hashed passwords.
ATTACK COST
$5 million
QakBot attacks with Windows zero-day (CVE-2024-30051)
In early April 2024, researchers discovered a new zero-day vulnerability (CVE-2024-30051) in the Windows Desktop Window Manager (DWM). The vulnerability allows for privilege escalation to gain system privileges. It was found while investigating a previous zero-day (CVE-2023-36033). By mid-April, an exploit for CVE-2024-30051 was detected being used in conjunction with QakBot malware and potentially by multiple threat actors. Microsoft released a patch for this vulnerability on May 14, 2024, as part of Patch Tuesday.
ATTACK COST
Not disclosed
- Schedule 1:1 Demo
- Product Tour
On an average Zero Day Attacks cost $3.9M
4+
Marketplace Listings
7+
Regions
33+
Compliance Coverage
37+
Integrations Support
Stop attacks before they happen!
Total Exposed Attacks in 2024 Costed