Cybersecurity Recap for 2024: Lessons and Insights from South Eastern Europe
The cybersecurity landscape in South Eastern Europe (SEE) experienced a turbulent 2024. Major incidents, including ransomware attacks and Business Email Compromise (BEC) scams, exposed critical vulnerabilities in infrastructure, processes, and human behavior. High-profile ransomware attacks like the Croatian Financial Services Supervisory Agency (HANFA), University Hospital Centre Zagreb (KBC Zagreb). and Split Airport revealed the devastating potential of advanced cyber threats when combined with weak defenses.
In the case of BEC, attackers leveraged social engineering and compromised email systems to siphon significant financial assets, primarily targeting small and medium-sized businesses (SMBs).
These incidents underscored the persistent reliance on legacy systems, insufficient implementation of modern authentication mechanisms, and a lack of security awareness. Ransomware and BEC attacks are making it clear that organizations must evolve to address these challenges. As 2025 begins, organizations must modernize their IT infrastructure, invest in advanced technologies, better training, strategic investments in threat intelligence, and align with emerging regulatory frameworks to strengthen their defenses.
What Happened in 2024: Key Threats
Ransomware as a Service (RaaS):
Cybercriminals increasingly use RaaS platforms like ALPHV Black Cat and Akira, which provide advanced hacking tools as a subscription service. These platforms employ Living-off-the-Land (LOTL) techniques, allowing attackers to exploit legitimate administrative tools like Active Directory and VMware for lateral movement, making their actions harder to detect.
Exploiting Internet-Facing Entry Points:
Many organizations failed to patch vulnerabilities or implement multifactor authentication (MFA) in widely used external or internet-facing services, such as Microsoft Remote Desktop, Citrix, Fortinet, Sophos, and Cisco VPN access points. Attackers exploited these gaps, often before vendors could release security updates (see here).
Business Email Compromise (BEC):
BEC scams relied heavily on compromised credentials from legacy email systems like Roundcube, Horde, and Zimbra, which lack MFA and modern security features (see here). Attackers conducted account takeovers to infiltrate email threads and impersonate trusted contacts, leading to financial theft through fraudulent payment requests.
What Organizations Missed
Relying on Legacy and Self-Hosted Infrastructure:
Many organizations still rely on outdated systems, such as self-hosted servers and VPNs, which lack modern security features. These systems are vulnerable to direct attacks and hinder the implementation of critical security measures such as multifactor authentication (MFA).
Weak Identity and Access Management:
Password-only authentication remained the norm for many organizations, providing attackers an easy entry point. The lack of MFA or robust identity verification allowed cybercriminals to "log in" rather than "break in."
Insufficient Security Awareness Training:
Employees lacked the training to recognize and counter phishing and social engineering attacks. Without regular, updated security training programs, organizations were left vulnerable to human error.
Lack of Continuous Monitoring:
Organizations failed to implement real-time monitoring and detection systems, such as Network Detection and Response (NDR) technologies. This gap allowed attackers to move laterally within networks undetected, significantly increasing the damage caused by breaches.
Insufficient Email Security:
Despite the growing prevalence of email-based attacks, many organizations did not adopt technologies like DMARC (Domain-based Message Authentication, Reporting, and Conformance) or VMC (Verified Mark Certificates). These solutions authenticate emails and visually confirm legitimate senders, making phishing attempts easier to detect. As a first step, organizations—especially those prone to phishing, such as e-commerce platforms, government services, logistics companies, and postal services—should focus on increasing their adoption of DMARC and VMC. This enables receivers to more effectively filter out phishing and scam attempts from impersonated or lookalike domains.
TechInsights.pro 2024 Highlights
Last year, TechInsights.pro brought together industry leaders, cybersecurity experts, and IT professionals through a series of impactful webinars, events, and interviews. Focused on addressing key challenges and sharing best http://TechInsights.propractices in cybersecurity across South Eastern Europe, these initiatives provided valuable insights into ransomware prevention, BEC scams, and the importance of modernizing IT defenses. Here's a look back at the discussions that shaped 2024!
![[Interview] Navigating Modern Cybersecurity with Trend Micro](https://static.wixstatic.com/media/6681e7_f39a8f0e05154fefaa6ed7525a1aa99a~mv2.png/v1/fill/w_1084,h_1080,fp_0.50_0.50,q_95,enc_auto/6681e7_f39a8f0e05154fefaa6ed7525a1aa99a~mv2.png)
![[Video] Human Centric Security](https://static.wixstatic.com/media/83b8eb_329c7e5066c94784a11ec5493952cd2e~mv2.png/v1/fill/w_496,h_496,fp_0.50_0.50,lg_1,q_95,enc_auto/83b8eb_329c7e5066c94784a11ec5493952cd2e~mv2.png)