Cyber attacks you didn't know about

From political conflict and corporate espionage to ransomware campaigns and data leaks, the past five years have seen an increase in cyberattacks worldwide, according to a study on the impact of cybersecurity. The study notes, “Ransomware and data breaches were in the headlines very often throughout the last years, and the current state of cybersecurity doesn’t look brighter, as the attacks’ volume is expected to escalate.”

Once seen as isolated incidents affecting a handful of unlucky organizations, cyberattacks have become a daily reality, impacting billions of people and causing trillions of dollars in damages. Between 2020 and 2024, attackers targeted vulnerabilities across government agencies, hospitals, financial institutions, energy providers, and even dating apps, indicating the urgent and growing need for advanced cybersecurity solutions.

A landscape shaped by conflict and opportunity

The Russia–Ukraine war in 2022 marked a turning point in the world of cyberattacks. Threat intel teams like FortiGuard Labs reported attacks hitting both sides, some state-sponsored, others the work of hacktivists jumping into the fray. Political motives drove much of the activity, but plenty of bad actors were just looking to exploit the chaos.

Around the same time, ransomware-for-hire crews, data extortion gangs, and black market tools made it easier for smaller groups to pull off big attacks. The organizations hit hardest were often the ones with shaky infrastructure or loose oversight of their vendors.

Major cyberattacks in 2023

Hot Topic credential stuffing attack: In August 2023, clothing retailer Hot Topic alerted customers to a surge of unauthorized login attempts on its website and mobile app. The credential stuffing attack exploited reused login details obtained elsewhere. As CyberSecurity Hub reported, “Hot Topic was able to ascertain that legitimate credentials were used in the attack, but that these credentials were obtained from an ‘unknown third-party source’, and not Hot Topic itself.” The incident proves the ongoing risks of password reuse across online accounts.

Prospect Medical Holdings ransomware attack: Also in August 2023, Prospect Medical Holdings was forced to shut down multiple hospitals and outpatient facilities due to a ransomware attack. With IT systems down, healthcare staff reverted to manual processes, disrupting patient care across several states. The fallout has been severe: “Prospect Medical Holdings continues to face mounting legal and business fallout from the 2023 ransomware attack that disrupted IT operations at 16 of its hospitals for several weeks and resulted in a data breach that affected 1.3 million people,” according to Bank Info Security.

The cyber offensive of 2022

Finnish Parliament DDoS attack: The Finnish Parliament’s website was disrupted during a live session by a denial-of-service (DDoS) attack in August 2022. This was widely interpreted as retaliation from Russian-aligned hackers after Finland moved to join NATO. According to Cybernews, “They explained the reason for this attack as a response to Finland’s aspiration towards joining NATO. This hacker group called NoName057(16) took responsibility for the attack on their Telegram channel. In the post, the hackers said that ‘We decided to pay a ‘friendly’ visit to neighboring Finland, whose authorities are so eager to join NATO.’” The DDoS attack happened on the same day U.S. President Joe Biden signed ratification documents regarding Washington’s support for Finland and Sweden joining NATO.

Energoatom Ukraine attack: That same month, Ukraine’s state nuclear power company Energoatom was targeted by a pro-Russian hacktivist group using over 7 million bots to flood its servers. According to Reuters, Energoatom stated that the Russian group ‘People's Cyber Army’ carried out the attack with “7.25 million bot users, who simulated hundreds of millions of views of the company’s main page.” The company added that it “did not significantly affect operations of the Energoatom website,” though the attack was seen as a form of psychological warfare amid the conflict.

Greek natural gas provider breach: Cybercriminals targeted Greece’s national gas distributor DESFA with a ransomware attack. The Ragnar Locker group demanded payment in exchange for not releasing stolen data, but DESFA refused to pay. According to Bleeping Computer, the company “deactivated many of its online services to protect client data,” and stated that “these services will gradually return to normal operations as experts work towards a careful restoration.” DESFA also assured consumers that the incident would not disrupt the gas flow, confirming that “all input and output points operate at normal capacity.”

Highlights from global cyberattacks (2020–2021)

Colonial Pipeline ransomware: Perhaps the most disruptive attack of 2021, the Colonial Pipeline ransomware breach caused widespread fuel shortages across the U.S. East Coast. The company was forced to halt operations until it paid a $4.4 million ransom to the DarkSide group. According to TechTarget, attackers accessed the network “through an exposed password for a VPN account,” said Charles Carmakal, CTO at cybersecurity firm Mandiant, during a House Committee on Homeland Security hearing. Carmakal explained that a Colonial Pipeline employee “likely used the same password for the VPN in another location,” and that the password had been compromised in a separate data breach.

T-Mobile breach: In August 2021, T-Mobile disclosed a data breach affecting over 50 million individuals. According to NPR, the company said that “the names, Social Security numbers and information from driver's licenses or other identification of just over 40 million former and prospective customers that applied for T-Mobile credit were exposed.” Additionally, data from about 7.8 million current postpaid customers was also compromised. While T-Mobile stated that “no phone numbers, account numbers, PINs, passwords, or financial information” from those records were exposed, it confirmed that “approximately 850,000 active T-Mobile prepaid customer names, phone numbers and account PINs were exposed.” The company said it proactively reset those PINs and that no Metro by T-Mobile, former Sprint prepaid, or Boost customers were affected.

Facebook scraping incident: Data from over 530 million Facebook users across 106 countries was scraped and published online, exposing personal information and triggering widespread privacy concerns. The incident, which came to light in April 2021, was not a direct hack but rather the result of a vulnerability in a now-defunct feature. According to NPR, Facebook stated in a blog post that “malicious actors” had exploited the tool, which “allowed users to find each other by phone number.”

Notable attacks on public and private infrastructure

MGM Resorts breach: In a breach first reported by ZDNet and confirmed by the BBC, personal data from 10.6 million guests of MGM Resorts was posted on a hacking forum in 2020. The exposed information included names, addresses, and passport numbers of former guests. An MGM spokesperson stated, “Last summer, we discovered unauthorized access to a cloud server that contained a limited amount of information for certain previous guests of MGM Resorts.” The company added, “We are confident that no financial, payment card, or password data was involved in this matter.”

MGM also said it was “unable to say exactly how many people were impacted” due to potential duplication in the data. High-profile individuals like Justin Bieber and Twitter founder Jack Dorsey were reportedly affected, though MGM did not confirm those details.

Nation-state cyber warfare

Yahoo mega breach: Initially reported in 2016, the Yahoo breach was later revealed to have compromised all 3 billion user accounts, making it the largest known data breach in history. According to The Guardian, Yahoo stated that “an unauthorised party” had broken into the accounts and that the attack was believed to be “state-sponsored.”

Hackers used a technique involving “forged ‘cookies’” which are small data files stored in a browser’s cache to gain access without passwords. As Yahoo’s chief information security officer Bob Lord explained, these cookies “could allow an intruder to access users’ accounts without a password” by tricking the system into recognizing them as legitimate account holders. He added that the breach may have stemmed from the theft of Yahoo’s proprietary code.

Trends and predictions: where we go from here

Ransomware is getting smarter

Ransomware isn’t going anywhere. In fact, it’s getting harder to spot and even harder to stop. ISACA points out that “up to 20% of all breaches are ransomware attacks,” and with more than 150 ransomware families now identified, the threat is only growing. The increasing use of artificial intelligence is helping attackers fine-tune their approach, making ransomware more complex and less detectable.

“Organizations may need to augment their existing tools and bring in newer, AI-fueled systems to identify and thwart more sophisticated threats,” ISACA advises. Traditional malware scanners are no longer enough. Phishing continues to be the go-to method for delivering ransomware, which makes employee training more critical than ever.

ISACA recommends a more hands-on approach to awareness: “The next step is to wait for an employee to fall for a phishing email... At that point, they should be given immediate security awareness guidance.” Real-time learning, delivered right after a mistake, is more effective than one-off training sessions.

Cloud adoption is outpacing cloud security

As organizations race to adopt cloud-based systems, many are leaving security behind. G2 predicts that “85% of organizations will be ‘cloud first’ by 2025,” but security practices haven’t kept pace with this shift.

With more employees working remotely, often on personal devices, the risk is changing fast. ISACA states the need for modern frameworks like Zero Trust Architecture and Cloud Security Posture Management (CSPM) to help organizations stay protected. Just as important, they say, is ensuring that “employee education and clear policies about cloud usage are as crucial as ever.”

AI is changing the game for both sides

Artificial intelligence is reshaping cybersecurity, but not just for defenders. Attackers are using AI to create malware that’s harder to detect, while security teams are using it to automate defenses and anticipate threats.

“The debate over whether AI has helped or hurt cybersecurity efforts continues, but its impact is undeniable,” ISACA says. And it’s not just about threat detection. As AI becomes more embedded in operations, managing its risks has become essential. The ISO/IEC 42001:2023 standard marks progress, but ISACA is clear: it’s “insufficient” on its own. A layered approach to AI governance and security is needed.

The most prepared organizations, according to ISACA, are those implementing “AI-powered threat detection, automated compliance monitoring, and behavioral analytics,” while keeping up with regulatory shifts.

Election security and the rise of cyberwarfare

Cyberwarfare has become a constant presence, especially around election cycles. Political campaigns and infrastructure are high-value targets for hackers looking to cause disruption or spread misinformation. ISACA warns that “organizations and governments alike should plan for a spike in attacks leading up to important elections,” and urges early action to secure systems and counter disinformation.

The cybersecurity talent crisis

The workforce behind cybersecurity is under pressure. “Half of cybersecurity professionals expect that they will burnout in the next 12 months,” ISACA reports. The weight of constant threats and the blame placed on CISOs for breaches are pushing people out of the field.

ISACA argues that organizations must stop treating CISOs as scapegoats. “The only outcome from pinning an attack on a CISO is that they will be more likely to burn out and/or leave the organization.” Instead, companies should focus on building supportive environments, offering breaks, balancing workloads, and recognizing wins.

Certifications also need an update. Many still reflect outdated technology. ISACA points to more relevant credentials like CompTIA, Certified Ethical Hacker (CEH), and the CJIS certification from the FBI as better options for today’s cybersecurity professionals.

FAQs

Why don’t all cyberattacks make headlines?

Many attacks go unreported due to reputational concerns, lack of legal disclosure requirements, or because organizations quietly pay ransoms without involving authorities. Smaller incidents, even if widespread, often fly under the radar unless they disrupt major infrastructure or services.

What’s the difference between a data breach and a cyberattack?

A data breach specifically refers to unauthorized access to or disclosure of sensitive data. A cyberattack is a broader term that includes any malicious activity targeting digital systems, like DDoS attacks, ransomware, or espionage, even if no data is stolen.

Why are credentials from unrelated breaches still useful to hackers?

Many users reuse passwords across accounts. Hackers collect credentials from one breach and try them elsewhere in a tactic called credential stuffing, which is why compromised data from one company can affect dozens of others.

How are companies preparing for politically motivated cyberattacks?

Organizations with global operations are developing geopolitical risk assessments, strengthening digital defenses around election periods, and monitoring threat intelligence sources for early indicators of nation-state activity.

How can everyday users better protect themselves against being caught in a supply chain attack?

Regularly updating apps, using reputable vendors, enabling multi-factor authentication, and avoiding unauthorized third-party software can reduce personal exposure, especially since supply chain attacks often begin with a trusted tool or service.