The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.

I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “’mega-breaches’ were relatively rare, but now feel like an everyday occurrence.”

A summary of the past decade in global cyberattacks

The cybersecurity landscape has been impacted by major world events, especially in recent years. These include the COVID-19 pandemic, as well as recent military conflicts between Russia and Ukraine and between Israel and Hamas.

These events activated both financially motivated threat actors looking to profit from these crises, as well as state-sponsored activity, according to Alvarez. Social engineering attacks exploited public anxiety about global geopolitical events, such as in email campaigns that aimed to spread malware. Supply chains became more vulnerable during the pandemic.

While the major national targets for the biggest attacks remained North America, Europe and Asia, Alvarez also stated that the decade saw big new increases in Latin America.

2013: Cloud computing

Global context: The year 2013 was attended by the rise of cloud computing, which expanded the attack surface for cyber criminals. The Snowden revelations began in June 2013.

In 2013, ransomware began to gain traction as a significant threat, and data breaches became more prevalent.

The Target data breach compromised 40 million credit and debit card accounts and 70 million customer records. Adobe Systems also suffered a breach that exposed 38 million user accounts. Additionally, the New York Times was attacked by the Syrian Electronic Army, taking its website offline for almost two hours. And the Yahoo data breach compromised 500 million user accounts, although it would not be reported for three years.

In 2013, more than half a billion records of personally identifiable information, including names, emails, credit card numbers and passwords—were stolen.

2014: IoT attack vectors

Global context: In 2014, the complexity of cyberattacks was on the rise, as was the overall sophistication of internationally coordinated operations of law enforcement and security vendors.

As with the previous year, data breaches were a significant issue, with notable breaches in finance and insurance, information and communication and also the manufacturing sector. Advanced Persistent Threats (APTs) became more sophisticated, and the Internet of Things (IoT) emerged as a new attack vector.

The Sony Pictures hack exposed sensitive corporate data and unreleased films. The Home Depot breach compromised 56 million credit card numbers and 53 million email addresses. The Heartbleed bug, a critical vulnerability in the OpenSSL cryptographic software library, also made headlines.

2015: Protecting critical infrastructure

Global context: The year saw a focus on critical infrastructure protection and the rise of cyber-physical systems. The increasing sophistication of cyber incidents highlighted the need for better threat intelligence.

Unauthorized access incidents skyrocketed. Some 60% of attacks were carried out by insiders, either maliciously or accidentally. Attackers sped up the exploitation of zero-day flaws. Ransomware continued to grow, targeting both individuals and organizations. IoT vulnerabilities increased and phishing remained a prevalent attack vector.

The Anthem breach exposed the personal information of 78.8 million people. The Ashley Madison hack leaked sensitive user data from the dating site. And the TalkTalk data breach involved sophisticated phishing attacks. Major impacted industries included healthcare, retail, financial services and the pharmaceuticals industry.

2016: State-sponsored cyberattacks

Global context: Marked by significant geopolitical tensions, including the U.S. presidential election, which saw extensive cyber interference.

State-sponsored groups targeted political entities and ransomware became more targeted and sophisticated. Distributed Denial of Service (DDoS) attacks increased in frequency and scale.

The Democratic National Committee (DNC) hack exposed emails and documents. And the Mirai botnet launched massive DDoS attacks, disrupting major websites.

Over 4 billion records were leaked in 2016, more than the two previous years combined. In one case, a single source leaked more than 1.5 billion records.

2017: Cryptocurrency boosts cyber crime

Global context: The year saw continued geopolitical tensions and the rise of cryptocurrency, which boosted cyber criminal activities.

Ransomware attacks like WannaCry and NotPetya caused widespread disruption. Cryptojacking emerged as a real threat, leveraging compromised systems to mine cryptocurrency. Supply chain attacks increased.

The WannaCry ransomware affected over 200,000 computers across 150 countries. The Equifax breach exposed the personal information of 147 million people. The NotPetya attack caused significant disruption to businesses globally.

Read the Threat Intelligence Index

2018: Tightening regulations

Global context: Increased regulatory scrutiny, such as the implementation of GDPR, made 2018 a difficult one for some large organizations.

Ransomware continued to evolve with ever more sophisticated tactics. Phishing remained a significant threat, with more targeted spear-phishing attacks. Cloud security became a focus.

The Marriott breach exposed the data of 500 million guests. The Facebook-Cambridge Analytica scandal highlighted issues of data privacy and misuse. The SingHealth breach in Singapore compromised the personal data of 1.5 million patients.

Cryptojacking attacks increased by 450% from Q1 to Q4 in 2018.

2019: Attacks on healthcare

Global context: The year saw a focus on securing critical infrastructure and addressing the growing threat of ransomware and phishing.

Ransomware dominated the cybersecurity field, with attacks on municipalities and healthcare. Phishing evolved with more sophisticated techniques. IoT security saw increased attacks on connected devices.

The Capital One breach exposed the data of 100 million customers. The Baltimore ransomware attack disrupted city services for weeks. The Quest Diagnostics breach (which began in 2018 but didn’t end until March 2019) affected 11.9 million patients.

2020: Cybersecurity in the pandemic

Global context: The COVID-19 pandemic drastically changed the cybersecurity landscape. A surge in remote work took cybersecurity pros off guard and increased the attack surface. Plus, the year saw increased attacks on healthcare systems.

Ransomware primarily targeted healthcare and critical infrastructure. Phishing exploited pandemic-related fears. Remote work vulnerabilities saw increased attacks on remote work infrastructure.

The SolarWinds hack, which took place in both 2019 and 2020, compromised multiple US government agencies and private companies. A Twitter hack saw high-profile accounts hijacked to promote a cryptocurrency scam. The Magellan Health ransomware attack affected 365,000 patients. And the Accellion breach started impacting multiple organizations.

2021: The Colonial Pipeline attack

Global context: The pandemic continued to influence cyber threats.

Ransomware remained the top threat, with even more sophisticated attacks. Supply chain attacks increased. Phishing continued to be a significant threat.

The Colonial Pipeline ransomware attack disrupted fuel supply in the US. The Kaseya VSA ransomware attack affected hundreds of businesses globally. And the Log4j vulnerability was widely exploited, affecting numerous organizations.

2022: Supply chain threats

Global context: The year saw continued geopolitical tensions, particularly the Russia-Ukraine conflict.

Ransomware continued to dominate, with more targeted attacks. Supply chain attacks remained a significant threat. AI and machine learning were increasingly used by both attackers and defenders.

The Costa Rica ransomware attack disrupted government services. The Nvidia data breach exposed sensitive employee information.

2023: AI shifts the discussion

Global context: The ongoing geopolitical tensions and the rise of AI and quantum computing posed new challenges.

Ransomware saw a resurgence in attacks with more sophisticated tactics. AI-powered attacks increased, automating and accelerating attacks. Supply chain attacks continued to be a significant threat.

The MOVEit Transfer vulnerability was exploited to steal data from multiple organizations. The Microsoft Exchange Server vulnerability was widely exploited, affecting numerous organizations. The T-Mobile data breach exposed the data of 37 million customers.

A decade of major cybersecurity trends

What’s clear in this summary is that the major trends are the rise in the sophistication and severity of ransomware attacks (which have grown radically since 2013) and also general exploitation of the pandemic and remote work phenomena. Alvarez said that a decade ago, ransomware was known mainly by security professionals. Now, the threat is widespread enough to be generally known by the public.

Two other trends were the rise of cloud vulnerability exploitation attacks and business email compromise (BEC) attacks, according to Alvarez. These trends are due in part to the exploitation of security misconfigurations or cloud security gaps, misuse of passwords and usernames and inadequate training.

Who knows what will happen in the next decade? But if history is any guide, the threat landscape will continue to rise, threat actors will grow increasingly sophisticated (with the help of AI) and malicious and financially motivated and state-sponsored actors will go after increasingly bigger payoffs and prizes.

Get details on the current cyber security situation by downloading the IBM X-Force Threat Intelligence Index 2024 and watching the associated webcast.

More from Risk Management

Digital solidarity vs. digital sovereignty: Which side are you on?

4 min read - The landscape of international cyber policy continues to evolve rapidly, reflecting the dynamic nature of technology and global geopolitics. Central to this evolution are two competing concepts: digital solidarity and digital sovereignty.The U.S. Department of State, through its newly released International Cyberspace and Digital Policy Strategy, has articulated a clear preference for digital solidarity, positioning it as a counterpoint to the protectionist approach of digital sovereignty.What are the main differences between these two concepts, and why does it matter? Let’s…

It all adds up: Pretexting in executive compromise

4 min read - Executives hold the keys to the corporate kingdom. If attackers can gain the trust of executives using layered social engineering techniques, they may be able to access sensitive corporate information such as intellectual property, financial data or administrative control logins and passwords.While phishing remains the primary pathway to executive compromise, increasing C-suite awareness of this risk requires a more in-depth approach from attackers: Pretexting.What is pretexting?Pretexting is the use of a fabricated story or narrative — a “pretext” — to…

Manage AI threats with the right technology architecture

4 min read - In an increasingly digital world, companies continuously face the threat of cyberattacks. Current advances in artificial intelligence (AI) promise significant improvements in detecting and defending against such threats.However, it is no secret that attackers are increasingly using AI. Cyber criminals leverage AI and machine learning to optimize and automate attacks. AI-driven malware can quickly adapt to new security measures and exploit vulnerabilities in real time. These AI tools enable cyber criminals to scale their attacks and employ highly complex methods…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today