As the year winds down, we couldn't resist our own spin on Spotify Wrapped, the wildly popular, love-it-or-hate-it, year-in-review summary. Read on for our reflections on the big moments, releases, breaches, and outages that defined our year. Plus, straight from a very entertaining recent Reddit thread: the phrases that were on repeat for you in 2024.
Watching closely: OAuth abuse, password spraying, escalation of privileges
2024 got started with breaking news from Microsoft, sharing how Russian threat actor Midnight Blizzard leveraged malicious use of Microsoft OAuth applications to infiltrate Microsoft’s own corporate systems. The methods Midnight Blizzard used to compromise Microsoft provide a reminder of the importance of identity security best practices like enabling MFA, reviewing your org’s OAuth grants, and ensuring all access is revoked when employees or contractors leave the org.
Watching closely: MFA not everywhere, shadow tenants, identity hygiene
In Q2, reports of data breaches at Ticketmaster, LendingTree, Advanced Auto Parts, and other businesses were tied to the UNC5537 threat campaign targeting Snowflake customer environments. These breaches were not related to a breach of Snowflake’s own systems, a fact confirmed by a Mandiant blog post. Rather, a financially motivated threat actor acquired credentials tied to Snowflake customer database instances, and was able to gain access to accounts not protected by MFA in order to exfiltrate data. These attacks once again highlight the importance of MFA, and the risks introduced by “shadow tenants” of Snowflake and other core business apps.
Watching closely: Blue screen of death
Scroll down to “your biggest day” for reflections on this one, but it may take all of 2025 before IT and security practitioners stop closing their eyes and crossing their fingers before hitting “install update”.
Watching closely: MFA, MFA, MFA
In November, news broke of a massive data breach impacting fashion retailer Hot Topic resulting in the exfiltration of roughly 57 million unique email addresses along with names, addresses, phone numbers, dates of birth, partial credit card data, and other account details.
Details about the attack point to a password-stealing malware infection on an employee’s computer which enabled hackers to gain access to a Snowflake account that lacked multi-factor authentication. Once again, we find ourselves repeating: use MFA, use MFA, use MFA.
Watching closely: SaaS security best practices, exec-ready reporting
Security and IT teams are usually spread thin, which means it’s critical to focus on the highest-impact projects. Early in the year, we were focused on our Progress dashboard, which allows users to measure key metrics that form the backbone of SaaS security posture management. This dashboard makes it dead-simple to visualize progress toward goals, prioritize the highest-impact work, and share results.
Watching closely: AI adoption trends, AI supply chain
In the face of unrelenting growth in AI tools and adoption, our AI dashboard helps users visualize and understand AI usage within their organizations, including what apps are gaining traction and which employees and business units are using AI the most. We even surface supply chain insights, helping users understand which SaaS providers are leveraging AI under the hood, and which AI tools have been connected to other apps.
Watching closely: SaaS sprawl, wasted spend, redundant apps
This year’s customer favorite? Nudge Security now automatically discovers up to two years of SaaS spend, analyzing that data to deliver insights within a streamlined Spend dashboard to help identify quick savings wins. From the dashboard, you can even run an automated playbook to help orchestrate account removals by enlisting app owners across the business, so you can scale SaaS governance efforts without drowning in manual tasks.
Watching closely: Misconfigurations, identity risks, integration risks
With the launch of our SSPM capabilities for Google Workspace, Microsoft 365, Okta, and more, customers can continually monitor their identity infrastructure for critical misconfigurations and risks related to users, groups, and integrations. By avoiding the limitations of traditional SSPM and leveraging our patented approach to SaaS discovery, Nudge Security offers unmatched time to value.
Let’s face it, no matter what aspect of IT or security your role entails, July 19, 2024, is a day that will live in infamy. That was the day a CrowdStrike update quite literally broke the internet, with servers and desktops everywhere displaying the dreaded “blue screen of death.”
What did we learn from this? Well, the operation of our modern world depends on a number of interconnected software applications playing nicely with each other. And, when they don’t, especially tools as ubiquitous as Microsoft and CrowdStrike, the results are nothing short of disastrous.
So, whether it’s a faulty update, a supply chain attack (SolarWinds ring a bell?), or a breach, when one widely used software solution experiences an issue, there are likely going to be ripple effects up and down the software supply chain
Earlier this month, we posed this question to the r/cybersecurity community: “What phrases were on repeat for you in 2024, whether they were things you said or heard?” Boy, did the Redditors deliver! Here are four of the most upvoted answers. We apologize for the salty language...their words, not ours. 😅
Enjoy the full thread here.
We can’t possibly wrap up 2024 without mentioning AI. Here’s your 2024 Wrapped, AI podcast edition. Please enjoy the pronunciations...
