TMHCCI reveals 2023's 10 worst cyber incidents

The cyber attack on Israel during the Israel-Hamas war as one of the most impactful cyber incidents of 2023. This is amongst the findings of research compiled by the cyber team at Tokio Marine HCC International, whose Top 10 Cyber Incidents 2023 report uncovers the worst and most significant cyber incidents in terms of financial impact and reputational damage.

It was the second year in a row that nation-state attacks featured prominently on the list, with multiple cyber attacks launched by Hamas and its allies against Israel at the start of the conflict in the Middle East. A large DDoS attack was detected against websites that provided critical information to civilians on rocket attacks and criminal group AnonGhost also exploited a vulnerability in a mobile app that alerts Israeli civilians, most notably allowing them to intercept requests and send fake alerts. In line with a growing presence of ransomware attacks, this attack vector featured heavily, making up four of the 10 spots on the list.

Data breaches were the second most common type of attack, appearing three times. The report also features the largest DDoS attack ever recorded – a failed attack on Google that peaked at 398 million requests per second.

Isaac Guasch, cyber security leader at Tokio Marine HCC, and one of the authors of the report, commented: “The normalisation of cyber attacks has meant that these stories do not make the headlines as much as they would in the past, but businesses must stay vigilant as criminal organisations such as LockBit continue to commercialise the industry, particularly in relation to ransomware. 2023 was a busy year for cyber criminals and ransomware has proven to be one of the most profitable and effective attack vectors for the gangs to utilise, hence it’s prevalence in recent years. With the advent of new technologies to enable more effective attacks, this upwards trend is only going to accelerate.

“Nation-state cyber attacks are now an important part of military aggression, working in tandem with real-world forces to neutralise defensive capabilities, as demonstrated in both Hamas’ attack on Israel and in Russia’s invasion of Ukraine. In the years to come, it is likely we will see these types of attacks continue to dominate the cyber security landscape.

“As is already frequently discussed, artificial intelligence is going from strength to strength. In an already highly dynamic industry, cyber security specialists are going to experience new waves of innovative attacks made possible through generative AI. However, by leveraging these new tools, businesses will also be able to bring about new innovative cyber security solutions, leading to a potential arms race between criminal gangs and those trying to stop them.”

Top 10 Cyber Incidents 2023 (Source: TMHCCI)

TMHCCI’s top incidents list includes the following attacks:

Hamas’ kinetic cyber attack against Israel
Supply chain attack against ION Derivatives
Data breaches caused by vulnerability in MoveIT software
LockBit ransomware attack against ICBC
Scattered Spider ransomware group attacks against Caesars and MGM Casinos
Marina Bay Sands data breach incident
Credit card data interception attack against Air Europa
LockBit ransomware attack against UK Royal Mail
LockBit ransomware attack against Boeing
Largest DDoS attack ever recorded against Google

Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023