2024 was a record year for commercial cyber attacks
China-backed attacks on IoT systems helped keep numbers high


2024 was the worst ever for commercial cyber attacks in the UK, new research suggests, with remote IoT devices attracting the most attacks.
During 2024, UK firms each experienced an average of more than 753,341 malicious attempts to breach their online and IT systems, according to analysis by specialist business ISP Beaming.
That was 4% higher than in 2023 - itself a record year - making last year the worst ever for attempted cyber attacks, with businesses encountering a new online threat every 42 seconds.
Before 2024, the average number of attacks in a single quarter had only exceeded 2,000 in Q4 2023.
"The rise of automated cyber attacks means the internet has never been more dangerous, and we expect it will become even more so as hackers use AI," said Beaming managing director Sonia Blizzard.
"The good news is that we are not seeing record numbers of companies crippled by hackers because businesses have got better at protecting themselves."
The most frequent targets last year were remotely-controlled IoT devices, with more than 161 daily attacks targeting applications such as building control systems, security cameras, networked printers, remote monitoring, and industrial automation systems.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Web applications, remote desktop software, and company databases were also frequently targeted, with businesses typically attracting more than 20 individual attacks daily for each of these systems in 2024.
Beaming identified more than a million IP addresses being used to launch cyber attacks on UK businesses - and traced more than a quarter of those to locations in China.
It also found significant and increasing volumes of cyber attacks that appeared to come from areas inside India - 87,144 attacking IP addresses - and the US, where there were 81,112.
The big rise in attacks on IoT devices may be explained in part by the activities of Flax Typhoon, a Chinese state-sponsored cyber group that has been active since at least 2021.
RELATED WHITEPAPER
Last September, the FBI successfully took down a botnet created by the group that consisted of more than 200,000 devices around the world, including small-office/home-office routers, internet protocol cameras, digital video recorders, and network-attached storage (NAS) devices.
IoT security has been a recurring talking point in the cybersecurity industry in recent years, with a survey from Viakoo last year finding that half of IT leaders thought IoT was the weakest point of their security apparatus.
Similarly, last summer Verizon Business found that while virtually all critical infrastructure organizations had some degree of IoT device adoption, almost half had experienced a major impact due to a compromised IoT device.
"A lack of industry-wide security standards for IoT devices and their communication protocols increases security risks, as does having many devices installed in remote locations where they may be vulnerable to physical tampering," said the firm.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Law enforcement needs to fight fire with fire on AI threats
News UK law enforcement agencies have been urged to employ a more proactive approach to AI-related cyber crime as threats posed by the technology accelerate.
By Emma Woollacott Published
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attack
Troy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
By Jane McCallion Published
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a year
Analysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
By Solomon Klappholz Published
-
Cybersecurity teams face unparalleled pressure, but they’re stepping up to the plate
News While cybersecurity teams are contending with rising workloads and chronic staffing issues, new research shows practitioners are still charging ahead and meeting targets.
By Emma Woollacott Published
-
A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprises
News The threat of infostealer malware is on the rise, with 4.3 million machines infected last year alone
By Solomon Klappholz Published
-
Billions of IoT devices will need to be secured in the next four years – zero trust could be the key to success
News Researchers have warned more than 28 billion IoT devices will need to be secured by 2028 as attacks on connected devices surge.
By Emma Woollacott Published
-
There’s a new ransomware player on the scene: the ‘BlackLock’ group has become one of the most prolific operators in the cyber crime industry – and researchers warn it’s only going to get worse for potential victims
News Security experts have warned the BlackLock group could become the most active ransomware operator in 2025
By Solomon Klappholz Published
-
Unlock profitability with Cove Data Protection
Whitepaper Agile risk management starts with a common language
By ITPro Published