Anushika Babu
November 2, 2023

The Global Cyber Warfare 2023

7,221,177 breaches per 1,000,000 people in the US.

722,117 breaches per 100,000 people in the US.

72,211 breaches per 10,000 people in the US.

7,221 breaches per 1,000 people in the US.

722 breaches per 100 people in the US.

72 breaches per 10 people in the US.

7 breaches per 1 person in the US.

Okay, I'll stop. The point is: cyber attacks have been outnumbering us for years, and it's time we do something about it. This number is only for the attacks. The time and money spent to recover are more outrageous. For example, in the United States, the cost of a single data breach averages 9.23 million. NINE. POINT. THREE. MILLION. For ONE data breach. That's insane!

Data breaches happen all over the world, and today we'll talk about the countries that suffered the most in 2023. Buckle up because this is gonna be a rough one.

Disclaimer: The information in this blog is subject to variation and may differ from other sources due to the multifaceted nature of cyber attacks, which can be categorized across multiple industries or countries.

Table of Contents:

  1. United States: A Target on its Back
  2. Russia's Ongoing Cyber Conflicts
  3. China's Cyber Warfare
  4. Ukraine's Perpetual Cyber Battle
  5. You don’t need Bruce Willis to Die Hard

United States: A Target on its Back

As of October 16, 2023, the United States had encountered a total of 580 cyberattacks. In May alone, there were 352 attacks. Most of them were collateral damage from the MOVEit hack. 

Which industry took the hardest hit?

Also because of the MOVEit hack, the number one industry that took the hit is Finance, followed by Healthcare and Public Sector.

  1. Finance - Financial institutions often store personal and financial information, making them attractive targets for cybercriminals looking for data they can exploit for fraud or sell on the black market. Additionally, the financial industry's critical role in the global economy means that any disruptions can have widespread consequences. Cyberattacks, such as data breaches and ransomware incidents, can result in significant financial losses and reputational damage. The complex and interconnected nature of financial systems, along with the constant innovation in fintech, introduces numerous attack vectors. As a result, the finance sector is under constant threat from a wide range of cyberattacks, necessitating robust security measures and vigilance to protect assets and data.

  1. Healthcare - Healthcare is an ideal target for cyberattacks because of the enormous value of the data it holds, often lack of cybersecurity initiatives, the vital importance of healthcare services, an increase of ransomware attacks, human error vulnerabilities, dependence on legacy systems, regulatory compliance pressure, and possible espionage intentions from nation-state actors. These variables, put together, make healthcare institutions appealing and susceptible targets for hackers, needing higher awareness, security investment, and ongoing training to manage risks. 

  1. Public Sector - The public sector, which includes government agencies across all levels, is often the target for hacking attempts due to its control of a great deal of sensitive data, its position in critical infrastructure, potential political or ideological motivations, limited funds that may interfere with resilient cybersecurity, multifaceted organizational structures, use of outdated technology, compliance obligations, and its potential for espionage by nation-state actors. To protect citizen data, national security, and the operation of critical government services, the public sector must be protected from cyber threats.

The most significant cyberattacks in the United States in 2023

  1. MOVEit hack

The MOVEit hack was a string of cyberattacks started in June 2023 that exploited a security flaw in MOVEit, a controlled file transfer platform built by Ipswitch, Inc. The Clop ransomware gang carried out the attacks, using the vulnerability to get unauthorized access to MOVEit servers and steal critical data from customer firms.

The MOVEit data breach was one of the greatest in history, impacting over 1,000 businesses and more than 62 million people. The stolen data contained a variety of sensitive information, including Social Security numbers, credit card numbers, and medical records.

  1. Uber breach

Uber's data breach in 2023 began in April 2023, when Uber's law firm told drivers that their personal information had been taken. Names, Social Security numbers, Tax Identification numbers, and driver's license numbers were among the data that was stolen. 

The hackers are said to have acquired access to Uber's law firm's computers via a phishing attempt. The hackers then attempted to submit false tax returns in the names of the impacted Uber drivers using the stolen information. 

  1. T-Mobile cyber attacks

The data breaches at T-Mobile in January, May, and September 2023 were also significant cyberattacks in the United States.

The data breach in January compromised 37 million users' names, addresses, phone numbers, dates of birth, T-Mobile account numbers, and other specific T-Mobile account information. Hundreds of users were affected by the May data breach, which exposed personal information such as names, billing addresses, phone numbers, emails, account PINs, Social Security numbers, and credit card information. Employee passwords, partial Social Security numbers (SSNs), email addresses, customer data, T-Mobile's sales and analytics data, and other information had been stolen in the September data breach.

T-Mobile has announced that it is looking into the data breaches and has begun taking security measures. However, the company's cybersecurity standards have been brought into question as a result of the recurring intrusions.

Russia's Ongoing Cyber Conflicts

For many years, Russia has been involved in ongoing cyber conflicts with several countries and organizations. Russia has grown more aggressive in its cyber operations in recent years, attacking both government and private organizations. 

Notable incidents in 2023

  • In January, Russia's Central Bank was hit by a cyberattack, but it was able to evade it, and no data was lost.
  • In February, a group claiming to be linked with the Wagner Group, a Russian mercenary organization, hacked a Russian satellite telecommunications company. The hackers claimed they took important company data, but the company denied this.
  • Ukrainian hackers defaced a Russian government website in March. The hackers posted a message on the site urging Russia to end the conflict in Ukraine.
  • A ransomware outbreak attacked a Russian software company in April. In return for decrypting the company's data, the attackers sought a $1 million ransom. The company declined to pay the ransom amount and recovered its data via backups.
  • A denial-of-service attack was launched against a Russian bank in May. For several hours, the bank's website was offline due to the hack.
  • A malware attack targeted a Russian oil and gas corporation in June. The malware was meant to interfere with the organization's operations, however, the company managed to counteract the attack, and no significant damage occurred.
  • Ukrainian hackers defaced a Russian government website in October. The hackers posted a message on the website pushing Russia to end the war in Ukraine.

Implications for international relations

  1. A cyber war between Russia and other countries.

A cyber war is a confrontation between multiple nations in which computer networks are used as weapons against the vital infrastructure of the opposing country, such as power grids, financial systems, and communication networks. A cyber war can turn catastrophic for the countries involved. 

  1. Russia's cyberattacks could lead to a loss of trust between countries.

When one nation attacks the cyber infrastructure of another, it erodes the confidence that is necessary to maintain international relations. This lack of trust can make it difficult for countries to work together on critical problems such as global security and commerce. 

  1. Russia's cyberattacks could lead to a decrease in the stability of the international order.

The global order is a set of laws and practices that govern how countries interact with one another. Russia's cyberattacks have the potential to undermine the global framework and make the world more dangerous than it already is. 

The 2022 Russian cyberattacks on Ukraine have increased animosity between Russia and the West. The attacks have also sparked worries about Russia's ability to interfere with critical infrastructure in other countries. Additionally, Russia's alleged involvement in the 2016 US presidential election has negatively impacted relations between the US and Russia.

China's Cyber Warfare

China is widely recognized as one of the world's most persistent and sophisticated cyber attackers. China has a lengthy history of funding cyber espionage operations against international governments, organizations, and individuals. China's cyberattacks tend to be extremely targeted and complex, and they can have grave repercussions for their victims.

Recent cyberattacks attributed to China

  1. Chinese hackers breached communications networks at a U.S. outpost in Guam.

Microsoft reported in May 2023 that a state-sponsored Chinese hacking group known as Volt Typhoon had penetrated communications networks at a US outpost in Guam. The precise extent of damage is undetermined, but Microsoft also mentioned that the attackers installed malicious software that might be utilized to spy on and disrupt communications between the US and Asia during emergencies. According to reports, the breach took place using living-off-the-land techniques, which entail using legitimate tools and processes to gain access and move across networks while staying undetected.

  1. Chinese hackers targeted Kenyan government ministries and state institutions.

In May 2023, Reuters reported that Chinese hackers launched a cyber attack on Kenyan government departments and government agencies, including the office of the president, in a years-long cyber espionage initiative. Based on the story, which centered on three sources and cybersecurity research reports, the hackers obtained sensitive information regarding Kenya's debt to China, as well as other government confidential information. 

According to the report, the hackers infiltrated Kenyan government networks via an array of techniques, including spear phishing attempts, malware, and zero-day exploits. The hackers also managed to maintain long-term access to Kenyan networks, enabling them to acquire a substantial amount of data.

China's evolving cyber capabilities

Both governments and businesses across the world have grown more concerned about China's cyber capabilities. China has targeted a wide spectrum of countries and organizations with its cyber arsenal. Here are some of the key trends in China's growing cyber capabilities in 2023:

  1. Artificial intelligence (AI) and machine learning (ML) attract more attention. China has made significant investments in research and development of AI and ML. For example, China has been using AI and ML to develop innovative cyberattack tactics and to boost its ability to detect and counteract cyberattacks.

  1. Increased focus on cloud computing. China is enhancing the scalability and effectiveness of its cyber defenses with cloud computing. China is leveraging the cloud to develop large-scale botnets with capabilities to launch distributed denial-of-service (DDoS) attacks.

  1. Higher priority for international collaboration. China is collaborating with other nations to share intelligence and build collaborative cyber defense capabilities.

Ukraine's Perpetual Cyber Battle

Since the beginning of the Russian invasion in February 2022, Ukraine has been at the center of continuous cyber warfare. The attacks were carried out by a wide range of actors, including Russian state-sponsored groups, hacktivists, and cybercriminals.

Government institutions, key infrastructure, corporations, and individuals have all been affected by the attacks. Data has been stolen, operations have been disrupted, and disinformation has spread as a result of the attacks.

Cyberattacks on Ukraine in 2023

  1. Phishing campaign targets Ukrainian government officials and military personnel.

A sophisticated phishing campaign centered around Ukrainian government officials and military personnel in February 2023. The emails looked like they were from the Ukrainian Ministry of Defense with links to malicious sites that appeared to be genuine Ukrainian government websites.

The emails were addressed to several Ukrainian government and military officials, including those high-ranking personnel. The emails were intended to take advantage of the current state of affairs in Ukraine, claiming to offer vital information regarding Russian troop movements or cyberattacks.

  1. A wiper attack targeted Ukrainian government agencies and critical infrastructure providers.

A wiper attack hit the Ukrainian government agencies and vital infrastructure providers in March 2023. It was attributed to Sandworm, a Russian state-sponsored hacking group. Sandworm is a prominent hacking group that was associated with several highly publicized assaults, including the 2017 NotPetya ransomware outbreak and the 2020 SolarWinds supply chain attack. 

The attack against Ukraine in March 2023 became one of the most devastating cyberattacks ever seen. It destroyed data from affected systems' hard drives, rendering them inoperable. Power and water supply were also affected as a result of the attack.

  1. Ukrainian software company Molfar was targeted by a supply chain attack.

A supply chain hack hit Ukrainian software company Molfar in June 2023. Molfar's software was infiltrated, and malware was installed, which was later spread to Molfar's clients. Nobelium, a Russian state-sponsored hacking outfit, was held accountable for the supply chain attack.

The supply chain attack on Molfar was the first recorded supply chain attack against a Ukrainian business. The attack was also one of the first that used malware explicitly designed to steal passwords and other highly confidential data from the Ukrainian government and military organizations. 

The connection between cyber and physical conflict

The orchestration of cyberattacks in Ukraine has distorted the lines between physical and cyber warfare. Cyberattacks can continually cause substantial physical damage and chaos, as well as support physical military operations.

The crisis in Ukraine also highlighted the significance of cybersecurity for national security. Cyberattacks can be directed at any country, regardless of size or military power. As a result, all countries must invest in cybersecurity to safeguard their key infrastructure and government systems.

The following are some examples of cyberattacks being used to support physical military operations in the conflict in Ukraine:

  • Russia has used cyberattacks to disable Ukrainian air defense systems, making it easier for Russian aircraft to operate in Ukrainian airspace.
  • Because of Russia’s cyber attacks that targeted the Ukrainian command and control systems, the coordination of the Ukrainian military’s operation was disrupted and became more challenging.
  • Ukraine has deployed cyberattacks to target Russian logistics systems to disrupt the flow of supplies to Russian troops in the field.

The crisis in Ukraine highlighted that cyberattacks can be a powerful weapon in modern warfare. Cyberattacks have the potential to interrupt rival activities, cause critical infrastructure damage, and spark chaos within enemy societies. 

Resilience and response strategies

Cyberattacks can be a powerful tool in modern-day warfare. The Ukrainian government and businesses have taken several initiatives to shield themselves from cyber attacks, including:

  1. Strengthening cybersecurity awareness and education. The Ukrainian government is implementing several programs designed to boost cybersecurity awareness and train employees on how to best protect themselves against cyberattacks. This involves training on detecting phishing emails, setting strong passwords, and implementing two-factor authentication.

  1. Investing in cybersecurity. To detect and block attacks on their networks, the Ukrainian government and businesses adopt cybersecurity technologies, such as firewalls, intrusion detection systems, and endpoint protection software.

  1. International collaboration with allies. The Ukrainian government started working closely with the United States and the United Kingdom to work on their cybersecurity posture to help Ukraine protect itself and its citizens from cyber attacks.

In addition to these precautions, Ukraine has developed a variety of specific response tactics that can withstand different kinds of cyberattacks. For example, Ukraine came up with a strategy for preventing DDoS attacks, which aim to overwhelm websites and services with traffic. Ukraine has also devised a strategy to counter wiper assaults.

You don’t need Bruce Willis to Die Hard 

Live Free or Die Hard, 2007. Looking back at this movie gives me an eerie feeling because look where we are right now. We're living inside a movie, a world where critical infrastructures are hacked, sensitive information is stolen, and wars can be fought online. Who would've thought!

Now, in 2023, nations all over the world saw how devastating a cyber attack can be. The United States, Russia, China, and Ukraine are only examples. Do you remember last year when Costa Rica declared a State of Emergency because of a ransomware attack?

Protecting important networks has become a matter of national security. We can't all be Bruce Willis, can we? But we don't have to be, the answer is: PREVENTION. 

Starting from reviewing your security posture to weaving security into your entire development process, we cannot be your Bruce Willis, but we can ensure that the chances of you needing one are as close to zero.

we45 is a team of experts with decades of experience in the cybersecurity industry. Let's work together.