As 2023 draws to a close, Martin Cooper MBCS takes time to reflect on the year’s biggest cyber attacks and ask what they tell us about trends and potential attack vectors for 2024.

The cyber threat landscape in 2023 showed that criminals are relentlessly innovative. Criminals evolved and this demanded constant vigilance and adaptation by cyber security practitioners.

Throughout 2023 and 2022, ITNOW listed and analysed the years’ biggest cyber attacks:

Our aim, as ever, was to uncover who got hacked, to understand how and to share any lessons that could be learned.

During 2024, we plan to do the same — so bookmark this page and please keep checking in.

Learning from the past

Some of 2023’s largest cyber attacks included:

  • The Guardian Attack: a late 2022 attack that likely began with a phishing email and eventually saw many internal systems, including tills in the staff canteen, compromised. Despite the attack, readers of the print paper enjoyed their news on time
  • Toronto SickKids: in late 2022, the Toronto Hospital for Sick Children fell victim to a ransomware attack. Uniquely, the malware’s maker — the LockBit Group — apologised and released the hospital’s files. Altruism isn’t the likely motivation. Rather, such attacks draw the ire of three letter agencies — something the group wanted to avoid
  • FAA incident: aircraft across the US were grounded following an ‘incident’ involving the Federal Aviation Administration's computers. Over 11,000 flights were delayed and President Biden ordered a full investigation. Rather than a cyber attack, officials blamed a system error
  • Royal Mail Ransomware attack: the mail carrier’s postal delivery arm was crippled by a LockBit ransomware attack in early 2023. Recovery took over a month
  • MOVEit: MOVEit is a file transfer platform designed to help move sensitive data around securely. It fell victim to a sophisticated SQL injection that enabled attackers to make off with a trove of sensitive information
  • Caesars Entertainment: huge amounts of money flows through Las Vegas and, as such, it was a natural place for cybercriminals to focus. In late 2023, a ransomware group compromised and attempted to extort Ceasars Entertainment
  • The UK Electoral Commission: in late 2023, the Commission acknowledged that details about 40 million people had been exposed

In broad terms, these attacks show behaviour patterns on the part of attackers. These include:

  • Ransomware-as-a-Service (RaaS) Dominance: ransomware attacks reached new heights in 2023, with the rise of Ransomware-as-a-Service (RaaS). Cybercriminals increasingly utilised RaaS platforms, making it easier for less skilled attackers to launch ransomware campaigns. This approach lowered the entry barrier for aspiring criminals, contributing to the proliferation of ransomware incidents
  • Supply Chain Attacks Surge: supply chain attacks became a focal point for cybercriminals seeking to exploit interconnected networks. High-profile breaches targeted the supply chains of major corporations, aiming to compromise systems and data at various points in the production and distribution process. This trend highlighted the need for robust cybersecurity measures throughout entire ecosystems
  • Zero-Day Exploits and APTs: Advanced Persistent Threats (APTs) and exploiting zero-day vulnerabilities remained prevalent in 2023. Nation-state actors and sophisticated hacking groups targeted high-value assets, utilising undisclosed vulnerabilities to gain unauthorised access. The challenge for organisations was to adopt proactive security measures and rapid patching to mitigate these risks
  • Cloud Security Challenges: As businesses continued to migrate to cloud-based environments, cyber attackers shifted their focus to exploit vulnerabilities in cloud services. Misconfigurations, inadequate access controls, and insufficient data encryption practices led to a surge in cloud-based attacks. Organisations needed to enhance cloud security through proper configuration management and comprehensive monitoring

The AI question

The most compelling question is, how will cyber criminals use AI in 2024? ChatGPT and its competitors are popular, easy to use and becoming better at writing with each new release and iteration.

It’s likely then that phishing groups will use the technology to enhance their messages and emails. Traditionally, phishing attackers might have struggled with English grammar and punctuation, giving users a line of defence — if the email reads badly, ignore it.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

AI, however, allows gangs to write messages in languages other than their own and with increasing accuracy and ease.

Couple this ability with an abundance of open source intelligence — biographical data about employees published on the open internet — and criminals may find it increasingly easy to launch highly targeted phishing attacks against specific people.

Elsewhere, generative AI can write code — code that could be used as a basis for malware. And while ChatGPT, Bard and the like refuse to write overtly criminal code, chatbots can be tricked into creating nefarious code by users willing to tailor their prompts.

The possibility of criminals crafting their own large language models (LLMS) trained explicitly on a vast body of existing malware code and content from the dark web is more worrying. These tools would make deploying the software parts of attacks much more accessible for criminals.

Such an approach may make defence harder, too, as defending against something new is always more complicated than stopping a known and well-analysed attack.


Last year’s most significant cyber-attacks showed us that organisations must prioritise proactive cybersecurity strategies, including regular threat assessments, employee training, and the implementation of cutting-edge technologies.