Motivations January H1 2023

No Data Found

Attack Techniques January H1 2023

No Data Found

I am back with the first timeline of this 2024 (I know, I am seriously late). With the (not so) new year, I have decided to bring some changes, in particular: to count ransomware as a specific attack technique (in fact the ransom demand can be consequent to different malicious actions against the targets, not necessarily encryption alone), but also to optimize the number of sources so that I can hopefully list only the real meaningful events and also be faster in compiling the timelines (even if this means that a comparison with the data of the previous timelines is not completely correct.)

With this new methodology I collected 116 events, a number that is comparable with the last timeline of 2023, and for the first time, the threat landscape of early January was dominated by account takeovers (18.1%), a consequence of the numerous crypto scams that have flooded X (previously Twitter), in some cases compromising high-profile accounts such as Google’s Mandiant and the U.S. Securities and Exchange Commission (SEC). Ransomware ranked at the second place together with malware (16.4%), and ahead of the exploitation of vulnerabilities (9.5%).

In terms of mega breaches, the new year did not start well with some remarkable leaks targeting Cross Switch (3.6 million records), Hathway (4 million) and the Jakarta Provincial Government (6.8 million).

And the new year could not start worse for the fintech sector, especially for Orbit Chain, which experiences a security breach resulting in a loss of $86 million in cryptocurrency. But as I mentioned earlier, individuals operating in the crypto space were the targets of multiple scams carried out compromising high profile accounts on social media, especially X.

In terms of cyber espionage, threat actors, primarily from China, were quite busy in exploiting the two Ivanti vulnerabilities (CVE-2023-46805 and CVE-2024-21887), other active groups include: UAC-0050, targeting organizations in Ukraine), the North Korean TA444, and the Turkish Sea Turtle, targeting ISPs in The Netherlands.

In terms of hacktivism, the complicated situation in Ukraine and Gaza continued to influence the threat landscape, with several DDoS campaigns carried out by the pro-Russia groups NoName057(16) and Anonymous Sudan, an attack launched by pro-Ukraine hacktivists from the ‘Blackjack’ group against a Russian ISP (M9com), and for the middle east, the hack of flight information display screens at Beirut’s international airport to display politically motivated messages.

I will publish the next timeline more quickly, but for the moment my suggestion is always the same: browse the timeline, and obviously share it to support my work in spreading the risk awareness across the community. And don’t forget to follow @paulsparrows on X (formerly Twitter,) or even connect on Linkedin, or Mastodon for the latest updates.

Geo Map January H1 2023

No Data Found



Creating the timelines is a very time-consuming task.

Any little helps!


No Data Found

The “Breachometer” compares the current number of events/day with the max and min values recorded in the previous 12 months.


No Data Found

  • 2023 Stats Featrured Image2024 Cyber Attacks Statistics

    In 2023, there was a 35% increase in cyber attacks to 4,128 events, with the MOVEit CVE-2023-34362 vulnerability being heavily exploited. Cybercrime dominated as the main motivation at 79%, while malware led attack techniques with 35.9%. Healthcare remained a top target for ransomware. The data ...

  • computer program language text1-15 February 2024 Cyber Attacks Timeline

    In the cyber attacks timeline of February H1 2024, I collected 139 events dominated by malware attacks. Ransomware and vulnerabilities also played an important role in the threat landscape.

  • Q4 2023 Featured ImageQ4 2023 Cyber Attacks Statistics

    In Q4 2023, cyber attack events decreased by 7.1% to 1029 compared to the previous quarter. Cybercrime remains the primary motive, although slightly reduced, while malware tops attack techniques, increasing from the last quarter. Multiple industries and healthcare are the most targeted sectors. These statistics ...

  • network servers on an enclosureCVEs Targeting Remote Access Technologies

    In this first quarter of 2024, threat actors have been particularly busy in exploiting vulnerabilities (0-days but also old unpatched flaws) targeting traditional remote access technologies. In this blog post I summarized the main CVEs exploited so far in 2024.

  • January 2024 Cyber Attacks Statistics

    In January 2024 I collected 288 events, with Cyber Crime continuing to lead the motivations, and ransomware leading the known attack techniques, ahead of Malware.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.