Skip to content

Latest Cybersecurity Infographics – Facts, Figures & Statistics (2022-2023)

cybersecurity facts figures statistics infographics

11 Useful Cybersecurity Statistics and Facts (Infographic)

11 Useful Cybersecurity Statistics and Facts
  1. Over 300 billion passwords are being used by humans and machines all over the world. (Cybersecurity Media)
  2. Only an average of 5% of companies’ folders are properly protected from cyber attacks. (Varonis)
  3. Between 2005-2020, there have been 11,762 major security breaches. (ID Theft Resource Center)
  4. .doc and .dot are the top malicious email attachment types which make up 37% and with 19.5%, .exe file type comes second (Symantec)
  5. The information security market is estimated to reach $170.4 billion by 2022. (Gartner)
  6. 36 billion data breaches have been recorded in the first half of 2020. (RiskBased)
  7. Hacking featured 45% of the total breaches, while 17% involved malware attacks and 22% involved phishing attacks. (Verizon)
  8. Cybersecurity risks are increasing day by day, feels 68% of the business leaders (Accenture)
  9. 86% of the breaches were financially driven while 10% were motivated by espionage. (Verizon)
  10. 88% of companies around the world experienced spear-phishing attempts in 2019. (Proofpoint)
  11. Human errors caused 95% of the total cybersecurity breaches. (Cybintsolutions)

Top 7 Cybersecurity Threats to Prepare For in 2023

Top 7 Cybersecurity Threats to Prepare For in 2023

1. Human Errors

2. Targeting Remote Working Employees

3. Attacks Against Critical Infrastructure

4. Mobile-First Attacks

5. Cloud Breaches

6. Attacks on Internet of Things (IoT) Devices

7. State Sponsored Political Cyber Attacks Targeting Govt Assets

Top 7 Attacks Your Organization Should Watch Out for in 2023

Top 7 Attacks Your Organization Should Watch Out for in 2023

1) Multi-Factor Authentication (MFA) Attack

2) Hardware and Software Vulnerabilities

3) Shadow APIs

4) Attacks through Mobile Devices

5) The Digital Supply-Chain Assault

6) Ransomware

7) Persistent Phishing

Cybersecurity Market Statistics (Infographics)

Cybersecurity Market Statistics
  1. The cybersecurity market is expected to grow to $300 billion by 2024.
  2. Global spending on cybersecurity exceeded $1 trillion in 2021.
  3. On average, small businesses spend less than $500 on cybersecurity.
  4. Microsoft invests $1 billion annually on cybersecurity.
  5. JPMorgan Chase spends $600 million on cybersecurity every year.
  6. The US government’s 2019 budget for cybersecurity is $15 billion.
  7. Every third US company has purchased data-breach insurance coverage or cyber liability insurance.
  8. The cyber insurance market is expected to be worth $20 billion by 2025.
  9. Companies pay up to $500,000 for hackers to test their systems.

The 10 Biggest Ransomware Attacks of 2021 (Infographic)

Below is the list of high profile Ransomware attacks on firms & corporations (Compilation Source: Touro College)

the 10 biggest ransomware attacks of 2021
  1. Colonial Pipeline (American Oil Pipeline System)
  2. Brenntag SE (German Chemical Distribution Company)
  3. Acer Inc. (Taiwanese Hardware and Electronics Corporation)
  4. JBS USA Holdings (American Food Processing Company)
  5. Quanta Computer Inc. (Apple Supplier)
  6. National Basketball Association (NBA)
  7. Axa S.A. (French Insurance Company)
  8. CNA (News Television Channel)
  9. CDProjekt Red (Videogame Development Firm of Poland)
  10. Kaseya Limited (IT Management Software Company)

Top 10 Countries Targeted For Cyber Attacks in 2021 (% Wise) – Infographic

Top 10 Countries Targeted For Cyber Attacks in 2021
  1. United States: 38%
  2. India: 17%
  3. Japan: 11%
  4. Taiwan: 7%
  5. Ukraine: 6%
  6. South Korea: 6%
  7. Brunei: 4%
  8. Russia: 4%
  9. Vietnam: 4%
  10. Pakistan: 3%

12 Strategic Technology Trends for 2022 According To Gartner (Infographic)

12 Strategic Technology Trends for 2022 According To Gartner

According to Gartner, 12 strategic technology trends that are being adopted by businesses in 2022

  • Data Fabric
  • Cybersecurity Mesh
  • Privacy-Enhancing Computation
  • Cloud-Native Platforms
  • Composable Applications
  • Decision Intelligence
  • Hyperautomation
  • AI Engineering
  • Distributed Enterprises
  • Total Experience
  • Autonomic Systems
  • Generative AI

14 Alarming Cybersecurity Statistics That You Must Know (Infographic)

14 alarming cybersecurity statistics that you must know

The compilation of the latest security trends & statistics by Cybertalk

  1. Cryptocurrency crime is predicted to surpass $30 billion by 2025. (Cybersecurity Ventures)
  2. There will be one ransomware attack every 11 seconds by 2022. (Cybersecurity Ventures)
  3. The healthcare industry has seen a 51% increase in breaches in the last three years. (Herjavec Group)
  4. Software supply chain attacks have increased by 650% in 2021. (VentureBeat)
  5. In 93% of cases, cybercriminals can penetrate an organization’s networks. (Positive Technologies)
  6. Over 84% of all cyberattacks were distributed via e-mail in 2021. (Checkpoint)
  7. By 2021, organizations experienced the highest average cost of a data breach in 17 years at $4.24 million. (IBM)
  8. The infamous .exe file type is making up 52% of all malicious files. (Checkpoint)
  9. In a recent phishing attack, $7 million in NFTs were stolen from OpenSea users. (The Verge)
  10. Cyberattacks are up 50% in 2021 largely due to Log4j exploitations (Checkpoint)
  11. 43% of all cyber-attacks are aimed at small businesses. (Accenture)
  12. Corporate networks experienced 31% of all cyberattacks in the form of Botnets. (Checkpoint)
  13. Trickbot malware is making up 11% of all corporate network attacks globally. (Malwarebytes)
  14. With an average of 1,605 weekly cyberattacks, Education and Research organizations were the most targeted sectors. (Checkpoint)

List of Sectors Which Suffered The Most Security Breaches (% Wise) – Infographic

list of sectors which suffered the most security breaches percentage wise
  • Healthcare & Health Sciences – 22%
  • Public Sector – 21%
  • Education – 14%
  • Technology & Media – 13%
  • Retail & Hospitality – 8%
  • Professional Services – 6%
  • Financial Sector – 4%
  • Manufacturing & Construction – 4%
  • Others – 8%

Biggest Data Breaches of Organizations Reported in 2021 (Infographic)

biggest data breaches of organizations reported in 2021
  • Microsoft Exchange Servers have been attacked with 0-day exploits by Hafnium, a state-sponsored group operating out of China. (AP News)
  • Personal data of 533 million Facebook users in 106 countries have been leaked online. (Business Insider)
  • Hackers scrapped the data of 700 million Linkedin users and have put it up for sale online. (Fortune)
  • A vehicle for hire App called Bykea accidentally exposed 400 million records of its customer’s data on the production server. (SafetyDetectives)
  • 220 million Brazilian citizens’ data was hacked by Lapsus$ Group from the official website of Brazil’s Ministry of Health. (Statista)
  • Colonial Pipeline was attacked by ransomware linked to the DarkSide group which proactively took certain pipeline operations systems offline and demanded an amount of $4.4 million. (Bloomberg)

7 Top Trends in Cybersecurity For 2022 According To Gartner (Infographic)

7 top trends in cybersecurity for 2022

1. Attack surface expansion
2. Identity system defense
3. Digital supply chain risk
4. Vendor consolidation
5. Cybersecurity mesh
6. Distributed decisions
7. Beyond awareness

10 Cybersecurity Predictions For 2022 (Infographic)

10 cybersecurity predictions for 2022

1. User Awareness
2. Geo-Targeted Phishing Threats
3. Attacks on the Healthcare Sector
4. Machine Learning
5. Cloud Security
6. GDPR Compliance
7. Threats to Higher Education
8. Vulnerability of IoT
9. Mobile Devices as Attack Vectors
10. Financial Services Cyberattacks

Source: (financesonline)

Types of Network Security Attacks (Infographic)

types of network security attacks
  1. Denial of Service (DoS)
  2. Distributed Denial of Service (DDoS)
  3. Buffer Overflow Attacks
  4. Ping Attacks
  5. SYN Flood
  6. DNS Amplification
  7. Back Door
  8. Spoofing
  9. Smurf Attack
  10. TCP/IP Hijacking
  11. Man In The Middle Attacks
  12. Replay Attacks
  13. DNS Poisoning
  14. ARP Poisoning
  15. Domain Kiting
  16. Typosquatting
  17. Client Side Attacks
  18. Watering Hole Attacks
  19. Zero Day Attacks

Top 10 Ransomware Attacks By Revenue in 2021 (Infographic)

top 10 ransomware attacks by revenue in 2021

1. Conti – $175 million
2. DarkSide – $80 million
3. Phoenix Cryptolocker – $55 million
4. REvil/Sodinokibi – $35 million
5. Cuba – $17 million
6. Clop – $16 million
7. LockBit – $15 million
8. Hive – $15 million
9. BlackMatter -$14 million
10. Ryuk – $13 million

Historical Hacking Statistics (Infographic)

historical hacking statistics
  1. Security breaches have increased by 64% since 2014 and 11% since 2018. (Accenture)
  2. In the event of a security breach, 56% of Americans don’t know what steps to take. (Varonis)
  3. In 2020, personal data was involved in 58% of all security breaches. (Verizon)
  4. The average time to identify a security breach was 207 days in the year 2020. (IBM)
  5. From identification to containment, the average lifecycle of a breach was 280 days till 2020. (IBM)
  6. 64% of Americans have never bothered to check if they were affected by a data breach. (Varonis)
  7. In 2020, the average cost of a data breach is $3.86 million. (IBM)

Statistics For The Cost of Cyber Crime (Infographic)

Statistics For The Cost of Cyber Crime
  • Cybercrimes see a 600% increase and this increase was found during the covid 19 pandemic
  • Experts estimate that by the year 2025, around $ 10.5 trillion will be spent annually on cybercrimes all over the world.
  • The global annual cost of cybersecurity crime is estimated to be approximately $6 trillion per year.
  • The cost of cybercrime makes up 1% of the global GDP.
  • Did you know that on average, a malware attack costs any company more than $2.5 million (including the time cost required to troubleshoot the attack.
  • Do you know that ransomware is about 57 times more destructive and dangerous in the year 2021 than in the year 2015?
  • There are a total of 30 million SMBs in the United States and more than 66% of all SMBs have had at least 1 incident between 2018-2020.
  • Did you know that the average cost of a data breach for a small business or company can range from approximately $120,000 to $1.24 million.
  • The total cost of a data breach increased from $3.86 million to $4.24 million in 2021, the highest average total cost in the report’s 17-year history.
  • The average cost of breaches increased by $1.07 million with remote work being a significant contributing factor to the breach.
  • Security-driven AI had the finest cost mitigation, saving up to $3.81 million (80% cost variance).
  • Did you know that zero trust protection policies have saved up to $1.76 million per breach?
  • It costs $180 per record with a violation of PII.
  • Among all types of cyber-attacks, the largest number of attacks are carried out on SMBs with more than 50%.
  • Many enterprises experienced an average of about 130 security breaches per organization per year.
  • Enterprises saw a 22.7% increase in the total annual cost of cyber security in 2021.
  • Did you know that the annual number of security breaches at enterprise organizations increased by about 27.4%.
  • Did you know that an average company needs 50 days to solve an insider attack and 23 days to recover from a ransomware attack?
  • Around 71.1 million people worldwide are victims of cyber crimes every year.
  • Cybercrime causes up to $318 billion in damages to individuals.
  • Persons caught in phishing scams face an average loss of $225.
  • Access to a person’s entire online identity costs about $1,000.
  • Did you know you can get malware + tutorials and how to use it for $50?
  • A $34 monthly speculation could net the criminal $25,000 a month.

Statistics For Security Spending and Costs (Infographic)

Statistics For Security Spending and Costs

1. According to a report, security services accounted for an estimated 50% of the cyber security budget in the year 2020 (Gartner)

2. You may not know that the average cost of a malware attack on a company is $2.6 million. (Accenture)

3. The healthcare industry bears the highest average data breach cost with $7.13 million. (IBM)

4. The total cost of cybercrime per company increased from $11.7 million in 2017 to $13.0 million in 2018. (Accenture)

5. Average annual security expense per employee increased from $2,337 in 2019 to $2,691 in 2020 (Deloitte)

6. The average cost of any lost business is $1.52 million. (IBM)

7. The average cost of time for any malware attack is 50 days. (Accenture)

8. The most costly component of any cyber attack is an information loss of $5.9 million. (Accenture)

9. The average cost of a lost or stolen record per person is $146. (IBM)

10. Data breaches cost an average of $3.92 million to any enterprise. (CSO Online)

11. In 2020, the average total cost of a data breach for smaller companies with around 500 employees or fewer fell from $2.74 million in 2019 to $2.35 million in 2020. Average total costs decreased in very large companies (more than 25,000 employees), as well, from $5.11 million in 2019 to $4.25 million. (IBM)

12. In 2019 compared to 2020, Scandinavia saw the largest increase in the total cost of data breaches at around 12%, while South Africa saw a major decrease of 7.4%. (IBM)

13. You may not know, but the United States experiences the highest data breach costs in the world, and has the highest number of cases on average at $8.64 million, followed by the Middle East at $6.52 million. (IBM)

14. About 50% of large enterprises (with more than 10,000 employees) are spending a total of $1 million or more on security, about 43% are spending $250,000 to $999,999, and just 7% spend under $250,000 are doing. (Cisco)

15. In the year 2018, spending in the cyber security industry reached approximately $40.8 billion USD. (Statista)

Latest Cybersecurity Job Statistics (Infographic)

Latest Cybersecurity Job Statistics

1. About 61% of companies feel that their cybersecurity applicants are not fully qualified. (ISSA)

2. Around 70% of cyber security professionals claim that their organization suffers from a lack of cyber security skills. (ESG and ISSA)

3. Since the year 2016, due to GDPR demands, the demand for Data Protection Officers (DPOs) has increased tremendously and has increased by almost 700%. (Reuters)

4. According to a report there are about 500,000 Data Protection Officers (IAAP)

5. Almost more than two-thirds of cyber security professionals are struggling to define their career path and job. (ISSA)

6. Around 61% of cyber security professionals are not completely satisfied with their current job. (ISSA)

7. There was an increase of about 350 percent in open cyber security positions from 2013 to 2021. (cybercrime magazine)

8. Nearly 40 percent of IT leaders and experts say that cybersecurity jobs are one of the toughest to fill. (CSO Online)

9. Cybersecurity experts are some of the maximum paying positions starting from an average of $140K annually. (cybint)

Covid-19 Cybersecurity Statistics (Infographic)

Covid-19 Cybersecurity Statistics
  1. It has been observed that there has been an increase of almost 300% in cyber-attacks since the start of the covid 19 pandemic, confirmed by the FBI itself (IMC GROUP)
  2. About 27% of COVID-19 cyber-attacks target banks or healthcare organizations and in the year 2020, the number of cyber-attacks on banks has increased to 238% and is responsible for all of them due to covid 19 (Fintech News)
  • Confirmed data breaches in the healthcare industry increased by almost 58% in 2020 (Verizon)
  • In May, about 33,000 unemployment applicants from the unemployment assistance program suffered a data security breach during the pandemic. (NBC)
  • Americans lost approximately $97.39 million to COVID-19 and stimulus check scams. (AtlasVPN)
  • During the Covid 19 pandemic in the month of April, in the year 2020, Google blocked more than 18 million daily malware and phishing emails related to coronavirus (Google)
  • Nearly 52% of legal and compliance leaders are concerned about third-party cyber risks due to remote working since COVID-19. (Gartner)
  • Remote work or work from home has increased the average cost of a data breach by $137,000. (IBM)
  • About 47% of employees suspected a phishing scam while working from home and cited it as a cause of distraction. (Tessian)
  • Around 81% of cyber security professionals have reported a change in their job function during the covid pandemic. (ISC)
  • In April 2020, nearly half a million Zoom user accounts were compromised and sold on a dark web forum. (CPO Magazine)
  • A report found that cloud-based cyber-attacks increased by almost 630% between January and April 2020. (Fintech News)
  • Remote workers have committed a security breach in about 20% of organizations. (Malwarebytes)

GDPR Cybersecurity Statistics (Infographic)

GDPR Cybersecurity Statistics

1. The companies reported that they spent approximately $9 billion on GDPR preparation and, in 2018, legal advice and teams spent around 40% of their GDPR budget, or $2.4 million, on UK FTSE 350 companies. (Forbes)

2. It has also been found that about 88% of companies spent more than $1 million on the preparation of their GDPR. (IT governance)

3. In the first year of GDPR, 1, 44,000 complaints were filed with various GDPR enforcement agencies, in addition to 89,000 data breaches. (EDPB)

4. Nearly 1,000 news sources blocked EU readers to avoid and hide GDPR compliance rules. (Nieman Lab)

5. You might not know that GDPR imposed a total of $63 million in fines in its first year. (GDPR.EU)

6. Google too could not escape the GDPR violations. A French data protection agency named CNIL fined Google $57 billion for GDPR violations. (TechCrunch)

7. A lot of companies have seen improvement after the implementation of GDPR Around 31% of consumers feel that their overall experience with companies has improved. (Marketing week)

8. As of 2019, only 59% of companies have claimed that they are GDPR compliant. (ZDNet)

9. Almost 70% of the companies absolutely agree that the systems put in place by them will not be big when the new GDPR rules come in. (Datagrell)

Historical Data Breaches Statistics (Infographic)

Historical Data Breaches Statistics
  1. During the year 2020, well-known social platforms like Twitter were hacked due to which about 130 accounts including some celebrities like Elon Musk and former presidents were compromised. As a result, the attackers carried out over 300 transactions in which $121,000 in Bitcoin was defrauded. (CNBC)
  2. According to a report, in the year 2020, Marriott disclosed security breaches and data impacts on more than 5.2 million hotel guests. (Marriott)
  3. As a result of the MGM data breach in 2019, some hackers leaked records of approximately 142 million hotel guests, including their personal information as well as banking information. (CPO Magazine)
  4. More than 500 million users dating back to 2014 had their information compromised in a Marriott-Starwood data breach made public in 2018. (CSO Online)
  5. In 2018, Under Armor, itself reported that “My Fitness Pal” was hacked, during which about 150 million users were affected. (Under Armour)
  6.  In the year 2017, about 147.9 million users were affected by the Equifax breach. (Equifax)
  7. The Equifax breach proved to be very costly for the company, and it lost about $4 billion. (Time magazine)
  8. In the year 2017, a site called Friendfinder was also a victim of hacking, in which about 412 million user accounts were stolen. (Wall Street Journal)
  9. Once again in the year 2017, a virus named WannaCry troubled everyone and infected about 100,000 groups and more than 400,000 machines in at least 150 countries, causing a huge loss which was about $ 4 billion. (Technology Inquiry)
  10. In the year 2016, hackers hacked the popular company Uber and stole the information of more than 57 million riders and drivers. Uber itself disclosed this thing. (Uber)
  11. Uber Company likely tried to pay hackers so that they could delete the stolen data of 57 million users, due to the possibility of more damage by this hack. (Bloomberg)
  12. If we talk about the biggest breaches of all time, then in the year 2013, more than 3 billion Yahoo accounts were hacked by hackers (New York Times)

Statistics of Phishing Attacks (Infographic)

Statistics of Phishing Attacks

1. Phishing attacks are on the decline the simple example is that after declining in 2019, phishing attacks increased to just 1 out of every 4,200 emails in 2020. (Symantec)

2. About 65% of the groups used spear-phishing as the primary infection vector. (Symantec)

3. Did you know that almost 1 in 13 web requests leads you to malware? (Symantec)

4. the most common security incident is that phishing is responsible for more than 80% of all cases. (CSO Online)

5. Another example of why phishing attacks can be very damaging is that phishing causes a loss of $17,700 per minute. (CSO Online)

Statistics of Ransomware and Malware Attacks (Infographic)

Statistics of Ransomware and Malware Attacks

1. The average Ransomware payout in 2020 increased by 33% to approximately $111,605 compared to the year 2019. (Fintech News)

2. In the year 2018, an average of 10,573 malicious mobile apps were completely blocked per day. (Symantec)

3. Did you know that 94% of malware is delivered by email? (CSO Online)

4. The average cost of a ransomware attack on a business is $133,000 which may increase with severity. (Safe final)

5. About 48% of malicious email attachments are related to office work or files. (Symantec)

6. Detection of ransomware attacks has been more successful in countries where the number of people connected to the Internet is higher, with the US topping the list with 18.2% of all types of ransomware attacks. (Symantec)

7. Most malicious domains, about 60%, are associated with spam activities. (Cisco)

8. You might hardly know that about 20% of malicious domains are created recently and are used about a week after they are registered. (Cisco)

Statistics of IoT, DDOS, and Other Attacks (Infographic)

Statistics of IoT, DDOS, and Other Attacks
  1. A staggering statement by the year 2023, the total number of DDoS attacks worldwide is expected to reach 15.4 million. (Cisco)
  2. Attacks on IoT devices tripled in the first 6 months of 2019 (CSO Online)
  3. In 2018 there was a 1,000% increase in malicious PowerShell scripts being blocked at endpoints. (Symantec)
  4. The Mirai-distributed DDoS worm proved to be the third most common IoT threat in 2018. (Symantec)
  5. About 30% of data breaches and attacks have internal factors. (Verizon)
  6. IoT devices are exposed to an average of 5,200 attacks per month. (Symantec)
  7. About 90% of remote code execution attacks are linked to crypto mining. (Purpleseek)
  8. About 70% of organizations deny that threats such as hacking they know can be prevented with anti-virus software (Cost of the Ponemon Institute’s Data Breach Study)
  9. About 1 in 36 mobiles are at risk of installing high-risk apps. (Symantec)

Statistics of Cybersecurity Compliance and Governance (Infographic)

Statistics of Cybersecurity Compliance and Governance

1. According to a report, about 66% of the companies have been found to have spent the compliance mandates. (CSO Online)

2. In 2018, businesses spent an average of $1.3 million meeting compliance requirements and were expected to put in more than $1.8 million. (IAAP)

3. Each employee has an average of up to 11 million files of information. (Varonis)

4. About 15% of the companies found that about 1,000,000+ files are open for every single employee. (Varonis)

5. About 17% of all sensitive files are accessible to all employees. (Varonis)

6. About 60% of the companies are such that they have more than 500 and whose passwords are not being changed or expired. (Varonis)

7. More than 77% of organizations do not have a counter plan in the event of an attack. (cybint)

6 Common Crimes And Risks Online According To the FBI (Infographic)

6 Common Crimes And Risks Online According To the FBI
  • Business email compromise (BEC) scams exploit the fact that so many of us rely on email to conduct business—both personal and professional—and it’s one of the most financially damaging online crimes.
  • Identity theft happens when someone steals your personal information, like your Social Security number, and uses it to commit theft or fraud.
  • Ransomware is a type of malicious software, or malware, that prevents you from accessing your computer files, systems, or networks and demands you pay a ransom for their return.
  • Spoofing and phishing are schemes aimed at tricking you into providing the sensitive information to scammers.
  • Online Predators are a growing threat to young people.
  • Other common Cyber crimes and Online scams

Global Cyber Strategies Index (Infographic)

Global Cyber Strategies Index

National Strategy: Overarching doctrine guiding national, coordinated deterrents and
responses to cyber threats.
Military: Strategies detailing offensive or defensive military capabilities in cyberspace.
Content: Laws regulating or restricting certain digital content.
Privacy: Strategies regulating the collection and handling of personal data.
Critical Infrastructure: Strategies for mitigating cybersecurity threats to critical infrastructure
networks and increasing resilience.
Commerce: Laws governing digital trade and the provision of internet services.
Crime: Strategies or legislation for countering cybercrime

Cyber Attack Lifecycle Stages Involved in a Breach (Infographic)

Cyber Attack Lifecycle Stages Involved in a Breach
  1. Reconnaissance
  2. Weaponization and Delivery
  3. Exploitation
  4. Installation
  5. Command and Control
  6. Actions on the objectives

The Threat Intelligence Lifecycle (Inforgraphic)

The Threat Intelligence Lifecycle
  • Collection 
  • Planning
  • Processing
  • Analysis 
  • Dissemination
  • Feedback

Types of Data Breaches (Infographic)

Types of Data Breaches
  • Unauthorized third-party access
  • Online credential stuffing
  • Unauthorized internal access
  • Unintentional disclosure
  • Records not securely destroyed
  • Loss of computer or device

Cybersecurity Essentials According To CISA (Infographic)

Cybersecurity Essentials According To CISA
  • Yourself, The Leader
  • Your Staff, The Users
  • Your Systems, What Makes You Operational
  • Your Surroundings, The Digital Workplace
  • Your Data, What the Business Is Built On
  • Your Crisis Response

Cyber Attack Incidents According To CSIS From (2020-2022*) – Timeline

Year 2022

October 2022. Russian official, Vladimir Shin, accused the U.S. government and its allies of a coordinated campaign of cyberattacks against Russia. Shin cited comments from General Paul Nakasone confirming the U.S. “conducted a series of operations” in response to Russia’s invasion of Ukraine.

October 2022. Hackers targeted Bulgarian websites belonging to the presidential administration, the Defense Ministry, the Interior Ministry, the Justice Ministry, and the Constitutional Court in a DDoS attack. A pro-Russian hacking group claimed responsibility for the attack, stating it was a punishment “for betrayal to Russia and the supply of weapons to Ukraine.”

October 2022. Hackers targeted several major U.S. airports with a DDoS attack, impacting their websites. A pro-Russian hacking group promoted the attack prior to its execution.

October 2022. Pro-Russian hackers claimed responsibility for an attack that knocked U.S. state government websites offline, including Colorado’s, Kentucky’s and Mississippi’s.

October 2022. CISA, the FBI, and NSA announced that state-sponsored hacking groups had long-term access to a defense company since January 2021 and compromised sensitive company data.

September 2022. Iranian hackers targeted Albanian computer systems, forcing Albanian officials to temporarily shut down the Total Information Management System, a service used to track individuals entering and exiting Albania.
This attack closely followed Albania’s decision to sever diplomatic ties with Iran as well as the American sanctions and NATO’s condemnation of an Iranian cyberattack against Albania in July.

September 2022. Hackers targeted Montenegro’s government networks, rendering Montenegro’s main state websites and government information platforms inaccessible. Montenegrin officials blamed Russia for the attack.

September 2022. Hackers targeted the state-level parliamentary website of Bosnia and Herzegovina, rendering the sites and servers inaccessible for multiple weeks.

September 2022. The group Anonymous took responsibility for a series of cyberattacks against the Iranian government that took down two main Iranian government websites and the websites of several state media organizations.

September 2022. A Russian-based hacking group targeted the website of the United Kingdom’s intelligence agency MI5 with a DDoS attack that temporarily took the site offline.

August 2022. Hackers used a DDoS attack to temporarily take down the website of Taiwan’s presidential office. The Taiwanese government attributed the attack to foreign hackers and stated normal operations of the website resumed after 20 minutes.
Taiwan’s Foreign Ministry also noted hackers targeted their website and the main portal website for Taiwan’s government.

August 2022. Hackers targeted the Finnish Parliament with a DDoS attack that rendered the Parliamentary website inaccessible. A Russian group claimed responsibility for the attack on Telegram.

August 2022. Hackers targeted the website of Ukraine’s state energy agency responsible for the oversight of Ukraine’s nuclear power plants. The agency stated that Russian hackers carried out the attack.

August 2022. Hackers targeted the website of the Latvian Parliament with a DDoS attack that temporarily paralyzed the website’s server. A Russian hacking group claimed responsibility for the attack on Telegram.

August 2022. A DDoS campaign targeted the websites of both government and private Estonian institutions. Estonia stated that the attack was largely repelled, and the impact was limited.

August 2022. Hackers used phishing emails to deploy malware in government institutions and defense firms throughout Eastern Europe in January 2022. A report by Russian-based company Kaspersky linked the campaign to a Chinese hacking group.

July 2022. Belgium’s Foreign Ministry accused China of a cyberespionage campaign against Belgian targets, including Belgium’s Ministries of Interior and Defense. A spokesperson for the Chinese Embassy in Belgium denied the accusations.

July 2022. Hackers targeted social media accounts owned by the British Royal Army. The attack included the takeover of the British Army’s Twitter and YouTube accounts.

July 2022. Hackers targeted Lithuania’s state-owned energy provider in a DDoS attack. Killnet, which Lithuanian officials link to Russia, claimed responsibility for the attack.

July 2022. Hackers temporarily took down websites belonging to the Albanian Prime Minister’s Office and the Parliament, and the e-Albania portal used to access public services.

June 2022. Hackers targeted Lithuania’s state railway, airports, media companies, and government ministries with DDoS attacks. A Russian-backed hacking group claimed responsibility for the attack.

June 2022. Hackers targeted former Israeli officials, military personnel, and a former U.S. Ambassador to Israel. An Israeli cybersecurity firm stated that Iranian-linked actors used a phishing campaign to gain access to the targets’ inboxes, personally identifiable information, and identity documents.

June 2022. Hackers targeted three Iranian steel companies, forcing the country’s state-owned plant to halt production.

June 2022. An attack targeted users of Australia’s largest Chinese-language platform, Media Today. The hackers made over 20 million attempts to reset user passwords in the platform’s registration system.

June 2022. Hackers targeted municipal public address systems in Jerusalem and Eliat, triggering the air raid siren systems throughout both cities. An Israeli industrial cybersecurity firm attributed the attack to Iran.

June 2022. A Chinese-linked disinformation campaign targeted Australian mining company Lynas Rare Earths. The campaign included spreading disinformation on social media platforms and websites regarding Lynas Rare Earths’ alleged environmental record.

June 2022. A phishing campaign targeted U.S. organizations in the military, software, supply chain, healthcare, and pharmaceutical sectors to compromise Microsoft Office 365 and Outlook accounts.

June 2022. Hackers compromised accounts belonging to officials in Germany’s Greens party, including ones used previously by Annalena Baerbock and Robert Habeck, who now serve as Minister for Foreign Affairs and Minister for Economic Affairs and Climate Action.

June 2022. Hackers targeted Norwegian public institutions with DDoS attacks, disrupting government websites. The Norwegian NSM security authority attributed the attack to pro-Russian hackers.

May 2022. A DDoS attack targeted the Port of London Authority, forcing its website to go offline. A group linked to Iran took responsibility for the hack.

May 2022. A phishing campaign targeted the Jordan Ministry of Foreign Affairs. Researchers attributed the attack to an Iranian cyber espionage actor.

May 2022. The Ethiopian Information Network Security Agency (INSA) stated hackers targeted the Grand Ethiopian Renaissance Dam (GERD). Ethiopia’s communications security agency thwarted the attacks before hackers could gain access to the networks.

May 2022. A Chinese hacking group stole intellectual property assets from U.S and European companies in 2019 and went largely undetected. Researchers believe the group is backed by the Chinese government.

May 2022. State-sponsored hackers took down RuTube, the Russian version of YouTube, according to the company.

May 2022. Russian hackers hit Italian websites with a DDoS attack, including the Senate, the Ministry of Defence and the National Health Institute. The group states its goal was to target NATO countries and Ukraine.

April 2022. The Romanian National Directorate of Cyber Security said that multiple public and private sector websites were hit with DDoS attacks. The victims included the ministry of defense, border police, the national railway company, and the OTP Bank. A group claiming credit for the attack said on Telegram that it hacked the websites because Romania supported Ukraine since the Russian invasion of the country.

April 2022. Cybersecurity researchers identified a new campaign by Russian-linked hackers that started in January and targeted diplomats and embassy officials from France, Poland, Portugal, and other countries. The hacks started with a phishing email to deliver a malware-laden file to the target.

April 2022. Iranian state television claimed that the government foiled cyber intrusions that targeted more than 100 public sector agencies. They provided no further information on the incident.

April 2022. Hackers targeted members of the European Commission with spyware developed by NSO Group. An Apple notification from November to thousands of iPhone users stating they were targeted by state-sponsored actors alerted the Commission of this spyware use.

April 2022. A North Korea-linked hacking campaign using phishing emails sent from fake job recruiters targeted chemical companies in South Korea.

April 2022. A Citizen Lab study discovered actors used NSO Group spyware to target at least 65 Catalonian activists and political figures.

April 2022. The U.S. Treasury Department’s Office of Foreign Assets Control attributed the March 29 hack of Ronin Network to a North Korean hacking group and announced sanctions against the hackers. The group stole over $540 million in Ethereum and USDC.

April 2022. Hackers launched DDoS attacks against websites belonging to the Finnish Ministries of Defence and Foreign Affairs. The attack’s botnet used over 350 IP addresses from around the world and the denial of service was sustained for four hours.

April 2022. Hamas-linked cyber actors used a network of fake Facebook and Twitter profiles to surveil members of the Israeli security establishment. The actors also used WhatsApp to grow trust with their targets, then requested them to download an app with malware.

April 2022. Hackers targeted the Telegram accounts of Ukrainian government officials with a phishing attack in an attempt to gain access to the accounts.

April 2022. Cybersecurity researchers observed hackers penetrating the networks of at least 7 Indian State Load Dispatch Centres (SLDCs) which oversee operations for electrical grid control. The SLDCs manage SCADA systems and researchers suggested that PLA-linked hackers may be involved.

April 2022. A social media platform disrupted two Iranian-linked cyber espionage campaigns that targeted activists, academics, and private companies. The campaign targeted businesses in the energy, semiconductor, and telecom sectors in countries including the U.S., Israel, Russia, and Canada by using phishing and other social engineering techniques.

April 2022. A group targeted several Ukrainian media organizations in an attempt to gain long-term access to their networks and collect sensitive information, according to researchers. The group has connections to the Russian GRU.

April 2022. The United States removed Russian malware from computer networks around the world, a move made public by Attorney General Merrick B. Garland. While it is unclear what the malware’s intention was, authorities noted it could be used for anything from surveillance to destructive attacks. The malware created a botnet controlled by the Russian GRU.

April 2022. Hackers targeted a Ukrainian energy facility, but CERT-UA and private sector assistance largely thwarted attempts to shut down electrical substations in Ukraine. Researchers believe the attack came from the same group with ties to the Russian GRU that targetedUkraine’s power grid in 2016, using an updated form of the same malware.

April 2022: Hackers targeted Ukraine’s National Post Office with a DDoS attack, days after releasing a new stamp honoring a Ukrainian border guard. The attack affected the agency’s ability to run its online store.

March 2022. Hackers used a DDoS attack to shut down the National Telecommunications Authority of the Marshall Islands. The attack disrupted internet services on the Islands for over a week.

March 2022. Pakistani government-linked hackers targeted Indian government employees in an espionage operation. The group also created fake government and military websites to deliver malware to their targets.

March 2022. An attack on a satellite broadband service run by the American company Viasat disrupted internet services across Europe, including Ukrainian military communications at the start of the Russian invasion. The attackers hacked satellite modems belonging to thousands of Europeans to disrupt the company’s service.

March 2022. Hackers penetrated the websites belonging to multiple Russian agencies including the Energy Ministry, the Federal State Statistics Service, the Federal Penitentiary Service, and the Federal Bailiff Service. The websites displayed several anti-government and anti-invasion images and messages before the agencies were able to expel the attackers.

March 2022. Hackers targeted Greenland’s parliamentary authority in an apparent espionage operation, forcing the parliament to cancel meetings and slowing social benefit payments.

March 2022. The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) stated that hackers from the United States targeted Chinese computers to carry out attacks on Russia, Ukraine, and Belarus.

March 2022. The U.S. Department of Justice charged four Russian government employees involved in hacking campaigns that took place between 2012 and 2018. The hacks targeted critical infrastructure companies and organizations largely in the energy sector. The hackers sought to install backdoors and deploy malware in the operational technology of their targets.

March 2022. Hackers defaced and disrupted several Russian government and state media websites, according to the Russian Ministry of Digital Development and Communications. The Emergency Situations Ministry website was hacked, and the attackers wrote messages encouraging Russian soldiers to defect. Tass, a state-run news agency, was also penetrated and hackers displayed a call for people to “take to the streets against the war.”

March 2022. The National Research Council, Canada’s biggest state-funded research agency, shared that hackers penetrated its networks. An announcement on the Council’s website explained that parts of its online presence were taken offline as a result of this incident.

March 2022. Hackers linked to the Chinese government penetrated the networks belonging to government agencies of at least 6 different U.S. states in an espionage operation. Hackers took advantage of the Log4j vulnerability to access the networks, in addition to several other vulnerable internet-facing web applications.

March 2022. Hackers used a DDoS attack to target a major Israeli telecommunication provider. As a result, multiple Israeli government websites were taken offline.

February 2022. Researchers identified campaigns by two North Korean government-backed groups targeting employees across numerous media, fintech, and software companies. The hackers used phishing emails advertising fake job opportunities and exploited a vulnerability in Google Chrome to compromise the companies’ websites and spread malware.

February 2022. The websites of the Ukrainian Cabinet of Ministers and Ministries of Foreign Affairs, Infrastructure, and Education were disrupted in the days before Russian troops invaded Ukraine. Wiper malware was also used to penetrate the networks of one Ukrainian financial institution and two government contractors.

February 2022. A Beijing-based cybersecurity company accused the U.S. National Security Agency of engineering a backdoor to monitor companies and governments in over 45 countries around the world. A Foreign Ministry spokesman said that operations like this may threaten the security of China’s critical infrastructure and compromise trade secrets.

February 2022. On February 15, a DDoS attack knocked websites belonging to the Ukrainian Defense Ministry and two of the country’s largest banks offline. The U.S. and the UK attributed the attack to the Russian GRU. The Ukrainian Cyber Police claimed that the attack was connected to another “information attack” where Ukrainian citizens received spam text messages claiming that ATMs were not working.

February 2022. A Beijing-based cybersecurity company accused the U.S. National Security Agency of engineering a back door to monitor companies and governments in over 45 countries around the world. A Foreign Ministry spokesman said that operations like this may threaten the security of China’s critical infrastructure and compromise trade secrets.

February 2022. A Pakistani group deployed a remote access trojan to conduct espionage against Indian military and diplomatic targets. The group generally uses social engineering and/or USB- based worms to penetrate a network.

February 2022. An Iranian-linked group conducted espionage and other malicious cyber operations against a range of private companies and local and federal governments.

February 2022. Multiple oil terminals in some of Europe’s biggest ports across Belgium and Germany fell victim to a cyberattack, rendering them unable to process incoming barges. A ransomware strain associated with a Russian-speaking hacking group was used to disrupt the ability of energy companies to process payments.

February 2022. Since October 2021, a hacking group targeted Palestinian individuals and organizations with malware. Researchers suggest that the operation could be connected to a broader campaign by a hacking group commonly attributed to the cyber arm of Hamas that started in 2017.

February 2022. A U.N. report claimed that North Korean hackers stole more than $50 million between 2020 and mid-2021 from three cryptocurrency exchanges. The report also added that in 2021 that amount likely increased, as the DPRK launched 7 attacks on cryptocurrency platforms to help fund their nuclear program in the face of a significant sanctions regime.

February 2022. The networks of the U.K. Foreign Office were penetrated by hackers. All details of the incident remain confidential.

January 2022. Hackers shut down internet traffic to and from North Korea twice in two weeks from what researchers say was likely a series of DDoS attacks. The second attack came just after North Korea’s 5th missile test of the month.

January 2022. A series of DDoS attacks targeted a high-stakes Minecraft tournament and ended up impacting Andorra Telecom, the country’s only internet service provider. The attack disrupted 4G and internet services for customers.

January 2022. The Informatic Directorate of the Greek Parliament identified an attempt to hack into 60 parliamentary email accounts. In response, authorities temporarily shut down the mailing system in the legislature.

January 2022. An Australian spokesman accused WeChat of taking down Prime Minister Scott Morrison’s account and redirecting users to a website that provides information for Chinese expatriates. The Government claims that they first encountered problems posting to the Prime Minister’s account in mid-2021.

January 2022. A cyberattack targeted the Ukrainian government, hitting 90 websites and deploying malicious software masquerading as ransomware to damage dozens of computers in government agencies.

January 2022. Hackers attacked several Israeli media outlets, including Maariv and the Jerusalem Post, posting threatening messages on their websites. One message stated “we are close to you where you do not think about it” in English and Hebrew.

January 2022. A DRPK-affiliated group targeted multiple Russian diplomats with malware. The diplomats received an email disguised as a New Year greetings screensaver but which, after being opened, installed a remote access trojan.