11. CL0P supply chain attack
When: December 2024, but extending well into 2025
What happened?
The notorious ransomware and extortion group CL0P in December claimed responsibility for attacks exploiting vulnerabilities in Cleo’s Managed File Transfer platform.
The repercussions have been felt well into 2025, with car rental firm Hertz revealing in April that it was among those to have personal data breached.
Who nominated it, and why?

The attack caught the eye of CyXcel Co-founder and COO Jano Bermudes, who stressed that banking, healthcare, finance, logistics, retail and government were among the many sectors tangled up in the furore.
Channel takeaway:
The attack highlights the need for robust cybersecurity measures in supply chain tools to prevent widespread disruptions, Bermudes counselled.
10 cyber-attacks were considered more significant by our leadership panel. See next page for more…