By Esther George and the Zyber Global Research Team
Pete Linforth from Pixabay
Cybercrime and cyber enabled attacks surged in 2023–2024, striking governments, businesses, and public services worldwide. The FBI’s IC3 reported a 33% jump in losses, totalling $16 billion in 2024, with phishing/spoofing, extortion (ransomware) and data breaches as the top complaint categories. Europol likewise warned that “millions of victims across the EU were attacked and exploited online on a daily basis” in 2023 the Internet Organised Crime Threat Assessment (IOCTA) 2024 stated that ransomware, child sexual exploitation and financial fraud remained the “most threatening manifestations” of cybercrime. The report noted that small and medium sized organisations are prime targets for ransomware groups due to their weaker defences.
National cyber authorities and the World Health Organisation now stress that attacks on sectors like healthcare can be “issues of life and death.” The following survey details the biggest global cyberthreats and incidents from 2023 to date, outlines attackers’ tactics and exploited vulnerabilities, and highlights law enforcement successes and lessons learned.
Ransomware: The Perennial Top Threat
Ransomware remains the dominant cyberthreat affecting all sectors. In 2023, law enforcement and security analysts observed a proliferation of Ransomware as a Service (RaaS) gangs and attacks. The UK’s National Cyber Security Centre bluntly warns that “ransomware remains one of the most acute cyber threats facing the UK.” Criminals typically steal data, encrypt systems or both (“double extortion”), and demand payment in cryptocurrency. Europol notes that a few RaaS operators control much of the market: LockBit was by far the most active provider in 2023, while sophisticated groups like CL0P leveraged zero-day software flaws, and newcomers like Akira and Medusa emerged. BlackCat (ALPHV), Black Basta and Conti like affiliates also continued to hit critical infrastructure, health, finance and education targets.
An international task force disrupted the Hive ransomware cartel in January 2023, helping 1,500+ victim companies and preventing an estimated €120 million in ransom payments.
In February 2024 international law enforcement agencies including the UK’s NCA, FBI, and Europol seized LockBit’s dark web leak site and infrastructure during Operation Cronos. LockBit, dubbed “the world’s top ransomware threat,” had extorted over $120 million from more than 2,000 victims across nearly every industry. Authorities replaced LockBit’s data dump site with a seizure notice and obtained decryption keys to assist victims.
Despite recent successes, RaaS continues to evolve as leaked source code from Conti and others has spawned many copycats. Europol notes some affiliates now develop their own ransomware to avoid relying on major providers. These attackers increasingly target small to medium businesses with weak security, knowing they will pay to keep systems online. New tactics include data extortion without encryption and targeting new platforms like Macs. Ransomware remains a persistent global threat over 300 organizations across sectors from medical to manufacturing have been hit by newer strains like Medusa and Akira.
Key Tactics and Vulnerabilities
Ransomware and other malware campaigns often leverage a combination of social engineering tactics and software vulnerabilities. According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), 2023 saw a notable rise in both zero-day exploits and supply chain attacks. A joint U.S. advisory reported that “the majority of the most frequently exploited vulnerabilities” that year were initially exploited as zero-day flaws.
In practice, threat actors often gain initial access through phishing emails or compromised credentials, then quickly exploit known vulnerabilities to deploy malware. Increasingly, they rely on “living off the land” techniques misusing legitimate tools such as remote administration software and PowerShell scripts to move laterally within systems and evade detection. Europol has warned that cybercriminals are leveraging artificial intelligence to automate attacks and bypass defenses, a trend expected to accelerate. In short, the cybercriminal arsenal is expanding in both sophistication and speed.
State Sponsored and Organized Cyber Campaigns
Beyond conventional cybercrime, nation state intelligence services and transnational criminal networks have launched increasingly aggressive campaigns. The United States and its allies continue to attribute high profile cyberattacks to state affiliated groups. In March 2024, U.S. prosecutors unsealed indictments against seven Chinese nationals linked to APT31 a unit of China’s Ministry of State Security for hacking dissidents and targeting U.S. businesses. Allied intelligence agencies have also exposed broader Chinese cyber operations, including the “BlackTech” router firmware attacks, which compromised consumer routers, and the “Volt Typhoon” campaign, which sought to infiltrate critical infrastructure by pre-positioning malware within U.S. government and power sector networks.
Russian military intelligence (GRU) has remained equally active. In February 2024, the U.S. Department of Justice announced the takedown of a GRU controlled botnet that hijacked hundreds of home and small office routers globally. The GRU operating under aliases such as Fancy Bear and APT28 had repurposed Moobot malware, originally developed by cybercriminals, to conduct spear phishing and credential harvesting operations against Western governments and military targets. Acting on a court order, U.S. authorities disabled the botnet, wiped malicious code from infected devices, and blocked further control by the GRU.
These developments underscore how nation state actors are increasingly blending espionage with criminal cyber tools and how coordinated international law enforcement can play a decisive role in disrupting such threats.
North Korea’s Lazarus Group continued its prolific cyber financing. The U.S. attributes numerous massive cryptocurrency thefts to Lazarus. For example, FBI reports indicate Lazarus stole some $160 million from three crypto platforms in mid 2023. Even bigger came early 2025: the FBI announced North Korea hacked the ByBit crypto exchange for an unprecedented $1.5 billion, dubbing the operation “TraderTraitor.” These huge hauls of virtual currency are believed to fund North Korea’s missile and nuclear programs. U.N. monitors and experts note that North Korean “cyber thieves” stole $3 billion in crypto in 2024 alone. These heists typically involve sophisticated social engineering (phishing for wallet keys) and money laundering via decentralised platforms.
Iranian linked actors have also expanded their activity. Recent joint CISA/FBI advisories warn of Iranian teams using password spraying and MFA bypass (“push bombing”) to break into U.S. critical networks, including hospitals, government, energy and engineering sectors. The apparent goal is to steal valid credentials and network reconnaissance information, which may then be sold or used in larger sabotage campaigns. This has led agencies to urge stronger password policies and multi factor authentication across the board.
In sum, nation state threats intertwine with cybercrime: espionage units are stealing intellectual property, election databases or credentials, while criminal hackers steal money or data. The distinction blurs as money itself can fund state objectives. Governments are publicly condemning these actions: for instance, in 2024 the U.S. sanctioned Chinese hackers, and joint statements by the UK NCSC and U.S. State Department have attributed various hacks (e.g. APT31, North Korean Lazarus, Iranian actors) to foreign adversaries.
These developments underscore that cyber operations have become an integral part of international conflict and crime.
As cyber threats continue to evolve in scale and complexity, their impact on critical infrastructure and public safety becomes increasingly urgent. In Part 2 of this series, coming July 2025, we will explore how these attacks are affecting essential services, from energy grids to healthcare systems and highlight the practical lessons and mitigation strategies that can help protect national and international interests.
Sources:
FBI Releases Annual Internet Crime Report
https://www.fbi.gov/news/press-releases/fbi-releases-annual-internet-crime-report#
Europol - Internet Organised Crime Threat Assessment (IOCTA) 2024
Ransomware Attacks on Healthcare Sector ‘Pose a Direct and Systemic Risk to Global Public Health and Security’, Executive Tells Security Council
The National Cyber Security Centre (NCSC) Annual Review 2023
World Economic Forum - LockBit: How an international operation seized control of ‘the world’s most harmful cybercrime group’
https://www.weforum.org/stories/2024/02/lockbit-ransomware-operation-cronos-cybercrime/
America’s Defence Agency - #StopRansomware: Akira Ransomware
Joint Cybersecurity Advisory - 2023 Top Routinely Exploited Vulnerabilities
Archives U.S. Department of Justice - Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
America’s Defence Agency - China State-Sponsored Cyber Threat: Advisories
Archives U.S. Department of Justice - Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
Reuters- Exclusive: North Korean hackers sent stolen crypto to wallet used by Asian payment firm
The Guardian - North Korea behind $1.5bn hack of crypto exchange ByBit, says FBI
America’s Defence Agency - Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations