2023 was a tumultuous year in cybersecurity. Major breaches, the likes of those mentioned below, in part exposed the data of millions, while nation-state actors continued attacks against critical infrastructure. As we enter 2024, it’s worth looking back at the biggest cybersecurity stories of 2023 and thinking about what threats await in the coming year.

Some notable cybersecurity incidents of 2023 included:

Part of the UK’s Critical National Infrastructure (CNI), Royal Mail suffered a ransomware attack – LockBIt Ransomware-as-a-Service (RaaS). Disrupting CNI in this economic cyber warfare continues to impact core services.

A criminal hacker, who goes by the name ‘Ryushi’, leaked more than 220 million users’ email addresses. Presumably rebuffed by Twitter, the hacker put the stolen data up for sale on the hacking forum “Breached”.

Data was obtained through an API which resulted in a data breach for approximately 37 million post-paid and pre-paid customer accounts, though they claimed many of these accounts did not include the full data set.

More than 14 million records were compromised by Latitude Financial which provides personal loans and credit cards to people in Australia and New Zealand. Almost 8 million drivers’ licences were stolen, along with 53,000 of passport numbers and dozens of monthly financial statements.

Siemens Energy, UCLA, Big 4 Accounting firms + hundreds of others. Suffered a Zero-Day vulnerability exploitation with MOVEit software linked to Clop/TA505 Russian ransomware group. This shows even big global companies that have ‘locked down’ their security are vulnerable.

More than 34 million Indonesians had their passport data leaked after a hacktivist, known as Bjorka, gained unauthorised access to the country’s Immigration Directorate General at the Ministry of Law and Human Rights.

Suffered a database breach with a Proxy Nutshell attack where personal data of approximately 40 million people were exposed.  Interestedly, there were allegations that the UK Electoral Committee failed a Cyber Essentials audit around the time of the breach.

The parental control app Kid Security, which allows parents to monitor and control their children’s online safety, exposed user activity logs to the Internet for more than a month via misconfigured Elasticsearch and Logstash instances.  More than 300 million data records were compromised, including 21,000 telephone numbers and 31,000 email addresses. Some payment card data was also exposed.

Caesars Entertainment had their database of loyalty customers stolen by ‘Scattered Spider’ in a social engineering attack.  Although they did pay the ransom of $15 million, there is no absolute guarantee that leaked customer data is safe or not at risk.  So, monitoring on the dark web, etc continues….

The personal data of 815 million Indian residents, apparently exfiltrated from the ICMR’s Covid-testing database, was offered for sale on the dark web. 

This organisation suffered a data leak with a credential stuffing attack – effectively where credentials for one site are tried on others.  With 20 million records breached, the danger here is the sensitivity of the genetic history for potentially millions of people that was leaked and sold online which demonstrates how cyber threats can directly impact human lives.

It is claimed that 3.8 billion records were exposed courtesy of Elastic Search and Kibana data visualisation interfaces being left open.

Looking ahead, I predict 2024 will see more of the same threats along with some new ones:

Ransomware will continue to be highly disruptive and lucrative for cybercriminals. More ransomware gangs will continue to shift to “ransomware-as-a-service” business models.

Social engineering attacks will become more sophisticated, and we will see an increase in corporate espionage as AI is left to act more autonomously.

Supply chain hacks will increase, where threat actors compromise third parties to access their ultimate targets. Software supply chains will continue to be a prime target.

AI will play an increasing role in business operations to drive efficiencies, but it will also be weaponised to conduct highly targeted social engineering phishing and quishing (using QR codes to deliver a malicious payload) attacks. Defending against AI-enabled threats will be challenging.

Quantum computing will get closer to threatening current encryption standards. The race to adopt “quantum-safe” technologies like tokenisation will heat up.

Critical infrastructure like power grids and other critical infrastructure services will remain vulnerable to cyberattacks from hostile nation-states. This infrastructure connectivity introduces risk.

The cyber risk landscape continues to evolve rapidly and will remain dynamic in 2024 – but organisations have tools to manage it today.

Security awareness training can turn employees into a strong last line of defence against phishing and social engineering. Adopting a zero-trust framework, multi-factor authentication, centralised management threat detection and response platforms will help strengthen technical defences. Regular penetration testing, disaster recovery testing, and compliance audits will help identify vulnerabilities before criminals do.

Government and technology leaders also have a role to play. Updated regulations, cybersecurity standards, and information sharing will help the private sector. Investments in cybersecurity research, education, workforce development and legal enforcement capabilities are crucial.

The threats are real.  As one cybercriminal organisation gets taken down, we know they will reorganise and rear their ugly heads with more sophisticated approaches.  Increasing collaboration with Private Public Partnerships (PPP) will not be an option – it will be critical.