2023 Cybersecurity Threats and Trends

2023 Cybersecurity Threats and Trends | White Blue Ocean

The cybersecurity sector continues to play huge importance in the operation of businesses and the safety of individuals. Cybercrime continues to rise year on year as we become more reliant on computers and the internet for work and leisure. Companies are collecting more data about us, which makes us even more vulnerable after a data breach occurs. 2022 was a year that saw the continuation of some trends, and also some sudden changes in the way cybercrime is perpetrated.

In this article, we will take you through some of these key points which illustrate the direction that cybercrime is taking. This might help to inform users about the types of attacks we can expect throughout the rest of 2023.

Data breaches

A data breach occurs when sensitive data belonging to businesses or individuals falls into unintended hands. This is nothing new, but in 2022 we saw multiple new strategies that bad actors would abuse to gain access to your data. We saw a sharp increase in the use of ransomware, and an uptick in the targeting of crucial government infrastructure such as the attack on Costa Rica by infamous hacker group Conti.

The damage that can be done by data breaches is vast. For individuals it makes them vulnerable to other forms of attack such as fraud, and for businesses it can damage trust in the company as well as result in a loss or devaluation of critical business assets. Last Pass, CashApp, Nvidea and Optus all suffered as a result of data breaches in 2022 which not only affected the operation of their businesses, but the safety of their users too.

The best strategies for prevention and response are still being investigated. Companies are investing more and more into their cybersecurity divisions as a means of protecting staff and business assets. When vulnerabilities are published by bodies such as CISA, businesses need to be able to quickly defend against them and it's vital that they have the human resources available to meet this demand. Additionally, company-wide phishing simulations, used to test staff and highlight internal training requirements, are becoming more common.

Disruption to Infrastructure

If 2022 is to be remembered for any significant trend in cybersecurity, it should really be the targeting of government infrastructure. Not only were countries such as Costa Rica the targets of ransomware and other attacks, but France, China, Indonesia and the USA all weighted heavily in terms of the total number of user accounts impacted by breaches.

The absolute largest weighting, however, belongs to Russia, which was the target of 42 times more attacks than it received in 2021. This can be attributed to the war between Russia and Ukraine, which not only has a battleground along Ukraine's Eastern border but online as well.

Many individuals not directly involved in the war are being caught in the crossfire. For example, the United Kingdom, who has allied itself to Ukraine and in 2022 began providing military support, suffered many such attacks to its infrastructure ostensibly in retaliation. Attacks on the UK government exposed the personal data of many civil servants, and the UK's National Health Service also suffered ransomware and Directed Denial of Service (DDOS) attacks. Even the National Trust, the UK's preeminent environmental agency, was affected by cyberattacks in 2022 and had their employees data compromised.

Loss of Trust in Businesses

The sentiment of distrust among businesses' service users has been growing steadily over the years, as people have suffered more and more data breaches due to mishandling of data. Yahoo, MySpace, LinkedIn and Facebook all still suffer the consequences that attacks have had on their public reputation, even after a decade in some cases.

Strikingly, the 2022 Edelman Trust Barometer now shows that "distrust is now the default" in businesses, although not strictly due to how they approach cyberattacks: in fact the survey seems to place more blame on what the public sees as the spread of misinformation. That being said, Varonis has compiled from various studies that data breaches not only have a significant impact on a service user's confidence in a business, but the majority of users affected by a breach will feel inclined to search for an alternative service provider with better security.

In some respects, the damage a business self-inflicts by responding poorly to an attack might even be worse than the damage done by the attack itself.

How a business deals with a cyberattack is critical to the effect that attack has on its reputation. Alerting users quickly, sincerely and giving a clear picture on the severity of the breach are all seen as important to consumers. Taking action by investing in cybersecurity resources and staffing is also seen as favourable by the public, as well as the adoption other strategies meant to reduce the risk of cyberattacks in the future. 

Ransomware Attacks

The frequency of ransomware attacks increased sharply after the coronavirus pandemic caused many companies to shift towards remote working models. Businesses needed to quickly adapt their digital infrastructure to facilitate this remote work, and some implemented the changes hastily which exposed their systems to a variety of exploits. At the time, there was no consensus among professionals on how to respond to the ransomware attacks that followed, and many opted simply to pay the ransom rather than risk further damage to the business during such turbulent times.

The year 2022 saw a significant decrease in the profits of ransomware groups compared to previous years, and not because the frequency of attacks has reduced, but because companies are more often refusing to pay the ransom. While recognizing the damage that a data breach can cause, refusing to pay can deter future ransomware attacks. Additionally, if the refusal to pay can drive down the profitability of ransomware attacks more broadly then hackers may be driven to consider other methods of attack entirely. Interestingly, the public perception of ransomware continues to change and people are becoming increasingly sympathetic towards the targets of these attacks.

Despite this, not all companies were willing to risk the outcome of their refusal to pay the ransom, and so the average price of ransoms paid out in 2022 increased. Unfortunately, as long as these exploits remain profitable, they will also remain viable and commonplace. We appear to be far away from the goal of completely discouraging ransomware attacks, as early data for 2023 shows a year-on-year increase over 2022 and even 2021. Bear in mind though that there are other factors that affect the frequency of these attacks beyond profitability, such as political motivations discussed previously.

Identity Theft and Fraud

It is important to consider the outcome of these data breaches. Millions of people with billions of data linked to them, including names and usernames, passwords, emails, and card information, are now at risk due to their data being leaked online. Data that is leaked or otherwise stolen can be used to impersonate people, which might allow for bad actors to apply for debit or credit cards, receive loans, access bank accounts and other online accounts, and so on.

Data from 2022 is still coming in, but early indications are that incidents of identity theft and card fraud are still on the rise. Per a survey conducted by GRC World, 53% of respondents from the UK had experienced some form of identity fraud, ranking the UK the most vulnerable country in the EU to this form of attack. The National Fraud Database recorded 409,000 fraud cases, which is the highest number ever recorded in one year. Over 277,000 of these cases are related to identity theft specifically, again the highest recorded. 

The USA's Federal Trade Commission’s (FTC) reports over 5.1 million incidents relating to identity theft and fraud in 2022. This is more than every other year in history except for 2021. The most common form of abuse was using identity theft as a means of creating new credit cards. While total number of reports in 2022 are down 13% on 2021, the number of people affected by data breaches has increased by 44%.


  • 2022 was a year that saw a huge uptick in cyberattacks towards government infrastructure
  • By responding poorly to attacks and being dishonest towards users, companies in 2022 risked damage to their reputation as well as assets
  • Ransomware is still rampant despite companies’ responses to extortion maturing
  • Identity theft, which thrives off of stolen data, remains at record levels and in some places continues to rise

How can you as an individual protect yourself from cybercrime? On our blog we have a variety of guides to help you. For example, you could learn about cyber hygiene to keep your personal data more secure. You can also protect yourself by remaining vigilant, and staying educated on the newest threats and exploits. For some further reading, consider learning about the new threats posed by AI, or by deepfakes.










The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free


Related news

CRIF Cyber Observatory - 2023 Yearly Report

Cyber-attacks in 2023: 45% increase in data theft on the dark web. Over 7.5 billion pieces of information circulating on the dark web at a global level, with a 15.9% increase in reports. The techniques used by cybercriminals are becoming increasingly sophisticated: with the malicious use of artificial intelligence, it is getting harder and harder to distinguish between genuine and bogus communications.

Read more
Cyber threat landscape: who is LockBit gang?

The cyber threat landscape has undergone many shifts in the past year, from the involvement of ransomware cyber gangs in hacktivist activity during the war between Russia and Ukraine, to the disappearance from the scene of the most prolific ransomware groups. These include DarkSide, the hacker group behind the Colonial Pipeline attack, and REvil, One of the groups that has been active since 2019 and continues to grow regardless of the shifts in the cyber threat landscape is the LockBit gang.

Read more

In this modern world there is an app for everything. Easy access to a variety of free apps for our smartphones and tablets, with millions available on the Google Play Store*, gives cybercriminals an opportunity to find new ways of infiltrating our devices and getting hold of sensitive data. Since bad actors have established methods to get past the Google Play Store’s security scans put into place to protect its users, deceptively innocent looking applications containing malware known as droppers have entered the scene.

Read more
The role of Initial Access Brokers | White Blue Ocean
The role of Initial Access Brokers

In the cybercriminal business model, initial access brokers have become a crucial figure, acting as middle-men between attackers and victims, by providing the attackers with access methods to enter victims’ networks.

Read more
The dangers of VPN credential leaks | White Blue Ocean
The dangers of VPN credential leaks

The increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!