In summarizing and categorizing the cyber incidents handled in 2023, three trends stood out:

    • Ransomware surge: Attackers had refined their strategies, increasingly targeting high-value targets, leveraging Zero Day vulnerabilities, and enhancing Ransomware-as-a-Service offerings with new extortion tactics. The latter can range from evasion techniques like intermediate encryption mechanisms, or restarting in safe-mode to enhanced encryption speeds. Other enhancements included extended extortion tactics, such as data theft and the threat of data exposure, as well as the implementation of stolen data indexing; and including more operating systems as targeted platforms. Another important development was that ransomware versions for Linux became the standard in 2023.
    • Targeting of edge devices: Edge devices such as 5G and IoT smart instruments/devices were increasingly targeted as components of communication infrastructure, and also as initial entry points into networks. Not only end-of-life unpatched known vulnerabilities are used to exploit edge devices. Extensive zero-day exploitation and employment of customized malware to target edge and network devices by Chinese APTs like UNC3886 and UNC4841 were also notable.
    • A rise in hacktivism: State-sponsored hacktivism had escalated in 2023, with notable increases in cyber activities tied to geopolitical conflicts. The use of destructive wipers for maximum impact underscores the evolving nature of cyber warfare. Notably, these trends were shaped during the Russian-Ukrainian war, and had parallels in the ongoing conflict between Israel and Hamas.