CyberSight 360: Cyber trends that shaped 2023

As the cyber threat landscape continues to evolve, so too have countries, governments, businesses and individuals in their approach to cyber security.

If 2022 was the year Australia awakened to the stark reality of cyber threats and their serious implications following several high-profile data breaches, 2023 was the year Australia and many in the rest of the world strategised, developed further defence mechanisms and adopted offensive strategies to enhance their cyber resilience.

These are the six key cyber trends that shaped and defined 2023.

1. Governments take action on cyber security strategies

2023 was the year that cyber security strategies and action plans were launched or evaluated, particularly for Australia and its allies.

This was largely driven by the geopolitical landscape and global conflicts including the Russia-Ukraine war, China-Taiwan tensions and the Israel-Hamas conflict.

The US launched its National Cybersecurity Strategy Implementation Plan in the first part of 2023. The much-anticipated 2023-2030 Australian Cyber Security Strategy and Action Plan were released in November 2023. The UK published its National Cyber Strategy 2022-23 progress report and Ministry of Justice Cyber Security Strategy: 2023 to 2028. Germany released its first-ever National Security Strategy and New Zealand its National Security Intelligence Priorities, with cyber security as one of the key focus areas. It is evident that the governments of key global and regional powers are proactively setting up frameworks to secure their citizens and businesses from cyber threats, build up national cyber resilience, and establishing better coordination and international collaboration amongst allies on the cyber front.

In Australia, a National Cyber Security Coordinator was appointed in July 2023 to lead Australia’s strategic response to cyber security threats and enhance cyber resilience across business, critical infrastructure, and the broader community. The Coordinator supports the Minister for Cyber Security and is responsible for:

• national cyber security policy
• responses to major cyber incidents
• whole-of-government cyber incident preparedness efforts
• strengthening Commonwealth cyber security capability.

In 2024 and beyond, we expect to see cyber security strategies put into practice with domestic cyber security legislative reforms formulated, international cyber security law and norms fleshed out, enhanced coordination and collaboration domestically and internationally, and more countries taking on both a defensive and offensive stance towards global cyber threats.

2. Critical infrastructure continues to be a key target

Critical infrastructure assets and networks worldwide continued to be a key target of cyber attacks throughout 2023, causing major and debilitating disruptions for network operators and users dependent on these essential services.

Globally, the energy, health, transport, telecommunications and financial services industries are attractive targets for threat actors as these assets often possess sensitive information, maintain essential services and often have high levels of connectivity with other organisations. These sectors are often vulnerable to cyber attacks due to a broad attack surface, remote access points, interconnected systems and reliance on legacy systems.

In Australia during 2023, critical infrastructure networks were regularly subjected to a mix of targeted and opportunistic malicious cyberattacks. The Australian Signals Directorate (ASD) indicated in its annual cyber threat report that in the 2022-23 financial year, it responded to 143 incidents reported by entities that self-identified as critical infrastructure, an increase from the 95 incidents reported in 2021–22.¹ The ASD reported that the majority of these incidents were characterised as low-level malicious attacks or isolated compromises. About 57% of cyber incidents reported by critical infrastructure entities involved compromised accounts or credentials; compromised assets, networks or infrastructure; and denial of service attacks.

The DP World Australia cyber attack, which disrupted port operations for several days and severely impacted critical shipping operations nationwide, was a timely reminder of the cyber security risks to essential transportation services and the global supply chain, which can have serious implications for Australia's trade and commerce.

Looking ahead to 2024 and beyond, critical infrastructure will likely remain a target for cyber attacks by threat actors, including state-backed actors. Given its vulnerabilities, it continues to represent a significant cyber risk for countries worldwide due to the potential range of impacts on essential services. Governments and operators of critical infrastructure assets and networks must focus on continuing to enhance cyber security measures for critical infrastructure to ensure resilience against such attacks.

3. The growing trend of law firms being under attack

A growing number of law and professional services firms were the target of cyber attacks in 2023.

As governments and industries wise up to the importance of uplifting their cyber resilience and start taking action, the stakes have become higher for threat actors to secure monetary gain more efficiently and against more high-value targets. This leaves them looking for easier targets — such as law firms, which are lucrative because:

• they hold not only personal information but also high-value confidential commercial information, including intellectual property and clients’ trade secrets, and politically sensitive information. The theft of such information can cause serious reputational harm for law firms and their clients, which adds to the pressure to pay any cyber extortion demand
• they occupy a unique position within the supply chain, which means access to a law firm's data can be a gateway to the sensitive information of multiple clients at once, including high-value targets such as critical infrastructure industries and government clients. For threat actors, this presents an efficient way to extort multiple high-value victims with one attack
• they frequently deal with payments and account details through their main mode of communication — email, which provides another avenue for business email compromise or social engineering attacks

Law firms have also traditionally been playing catch-up with uplifting their cyber security posture, which makes them an easier target. The siege on law firms and professional services in general will likely continue and so, firms and in-house teams should map out their supply chains and take measures to address and mitigate any risks that may leave them exposed to a cyber attack.

4. A shift towards the offensive

2023 saw a definite shift by governments and cyber attack victims towards offensive strategies rather than relying on defensive mechanisms.

In Australia, the Hack the Hacker Taskforce was set up to enhance the country’s offensive capabilities. This is a permanent operation comprising approximately 100 police and defence personnel from the Australian Federal Police and ASD to “hack the hackers”, with an immediate priority to target ransomware groups.²

“This operation will collect intelligence and identify ring-leaders, networks and infrastructure in order to disrupt and stop their operations – regardless of where they are… [The operation will aim to] stop… incidents before they start… [and] where incidents do take place… cyber criminals will be hunted down and their networks disrupted.”³ – Clare O’Neil MP, Mark Dreyfus A-G and Richard Marles MP

Victims of cyber attacks and data breaches are also now taking proactive action and using the court system to assist preventing or minimising a data leak or publication. Victims have long felt powerless as they work on containing and recovering from an attack and at the mercy of the threat actor in regards to the misuse of their stolen information. However, in 2023, victims in Ireland and Australia have increasingly attempted to regain control through legal intervention and by securing injunctions to prevent the sale, publication, possession, or other use of any data that may have been stolen.

While serving an injunction order on a threat actor on the dark web is unlikely to stop them from publishing the stolen information, these court orders do prevent anyone else who has knowledge of the order, including the media, from publishing, making available to the public, or sharing any of the stolen information.

It is heartening that the courts, media and various social media providers have been willing to assist in such situations, and demonstrates that victims of cyberattacks are not entirely powerless. Perhaps this marks the beginning of victims’ ability to take control of the situation and slowly shift the power balance back to their side.

5. Cyber attacks continue to run parallel with geopolitical conflicts

Ongoing geopolitical tensions, and particularly prevailing tensions between Russia-Ukraine, China-Taiwan and Israel-Hamas, continued to influence cyber threats in 2023.

Notably, the Israel-Hamas conflict coincided with a significant surge in cyber attacks, mirroring the early days of the Russia-Ukraine conflict. Hacktivism has been prominent in the Israel-Hamas conflict, as outside groups with vested interests in the conflict engage in operations using DDoS attacks and defacements targeting popular websites, media outlets and emergency response infrastructure. These tactics have aimed to cause disruption and influence public opinion through disinformation campaigns.

The Russia-Ukraine conflict has led to the continued escalation of state-sponsored cyber attacks and offensive cyber operations. The destructive targeting of Ukrainian critical infrastructure and government agencies has been a major part of the conflict to disrupt systems and destroy supply chains.⁴ Despite this, Ukraine has demonstrated its ability to contain and defend against significant cyber activity from Russian and pro-Russian actors, noting that it has also received significant support from the international community.

The cyber front to China's offensive against Taiwan also gained momentum in 2023. Google has reportedly observed a massive increase in Chinese cyber attacks on Taiwan as tension heightens between them.⁵ A senior engineering manager in Google’s threat analysis unit reported that there are more than 100 groups in China alone trying to access the computers of Taiwan’s defence sector and government agencies.⁶ This has certainly prompted Taiwan to bolster its cyber resilience and brace for a potential cyber war.⁷

As the Russia-Ukraine conflict persists and the Israel-Hamas conflict unfolds, it is becoming increasingly evident that cyber attacks are increasingly shaping the dynamics of modern warfare. These conflicts reinforce the need for robust cyber security measures and international cooperation to address the risks and challenges presented by cyber warfare.

6. AI-generated deepfakes lead to a rise in political disinformation

In our 2023 edition of CyberSight 360 we warned that threat actors would increasingly automate and launch AI-powered cyber attacks, including the use of deepfake technology.

The number of deepfake videos available online increased by 900% between 2022 and 2023.⁸

AI-generated deepfakes have risen in prominence in 2023, particularly in the political arena, and the weaponisation of this cheap and widespread disinformation technology impacts both democracies and non-democracies alike.

Recent examples of deepfake footage being used to deceive the public about statements and actions purportedly taken by political leaders include the following:

• On 2 March 2022, shortly after Russia’s invasion of Ukraine, Ukraine24 released a video of President Volodymyr Zelenskiy taking to the lectern and asking Ukrainians to put down their arms and surrender to Russia. Except, this was not a true statement from President Zelenskiy but a deepfake video.⁹ That said, it is unclear how many viewers were fooled by the video due to the discrepancies between the skin tone and pixelation on President Zelenskiy's neck and face, and the odd accent heard in the video.
• Days before Slovakia's October 2023 election, deepfake audio recordings were circulated on Meta social media platforms of Michal Šimečka, leader of the pro-Western Progressive Slovakia party, talking about rigging the election and doubling the price of beer.¹⁰ Šimečka immediately denounced the audio as fake. Because the posts were audio, they were able to exploit a loophole in Meta’s manipulated-media policy, which dictates that only faked videos—where a person has been edited to say words they never said—go against its rules.¹¹ Progressive Slovakia eventually lost the election.
• In March 2023 a deepfake image of Pope Francis in an ankle-length, belted white puffer jacket was circulated. While the stakes of this fabrication were low compared to the potential harms inflicted by other political deepfakes, due to the Pope‘s status as a religious and political figure it hints at the pervasiveness of AI-generated deepfakes and the potential for disinformation. In recognition of this, the Pope called for a global treaty to regulate AI in a message titled "Artificial Intelligence and Peace".¹³
• Ahead of the 2023 Turkish presidential election, Recep Tayyip Erdoğan promoted a deepfake video that appeared to show his main rival, Kemal Kılıçdaroğlu, being endorsed by the Kurdistan Workers’ Party – a designated terrorist group in Turkey. Although Kılıçdaroğlu pointed out the manipulation, the video had already circulated widely, and he ultimately lost the election.¹⁴
• In June 2023 hackers aired a deep fake video of President Vladimir Putin on a number of Russian television broadcasting networks calling for military mobilisation and declaring martial law, an incident the Kremlin described as a “hack”.¹⁵
• In the US, ahead of the 2024 elections, Republican candidates were already resorting to AI-generated images in their campaign. On 5 June 2023 the DeSantis campaign published AI-generated images of Donald Trump and Anthony Fauci hugging, in a bid to sway public opinion.¹⁶ A pro-Ron DeSantis super PAC also used an AI version of Donald Trump’s voice in a television ad (Never Back Down) attacking the former president.¹⁷
• President Joe Biden has also been a target, including in a February 2023 deepfake video showing him announcing a military draft for Americans to fight in Ukraine,¹⁸ as well as a recent fake robocall urging Democrats not to vote in the New Hampshire primary.¹⁹

The use of impersonation in political ads is certainly not new. However, AI-generated deepfakes demonstrate considerable potential to impact political campaign advertising, sway public opinion and ultimately dictate political outcomes — particularly in democracies with elections, and when combined with other types of attacks such as DDoS or network shutdowns to prevent correction of the disinformation.

Deepfake technology is advanced, cheap and accessible. If done with the right tools, the discrepancies can be difficult to notice. To address this, Google announced it would impose new labels on deceptive AI-generated political advertisements that could fake a candidate’s voice or actions. From November 2023, Google has mandated all political advertisements label the use of artificial intelligence tools and synthetic content in their videos, images and audio.²⁰ US lawmakers are calling on social media platforms such as X (formerly Twitter), Facebook and Instagram to do the same in a bid to minimise voters' exposure to widespread disinformation.²¹

AI-generated disinformation (including political disinformation) is a cyber security threat because it can be used to fuel cyber attacks on a large scale. It uses deception to produce harm, particularly on widely-used social media platforms. By tapping into the political fervour surrounding elections, political campaigns and war, it can lead an unsuspecting individual to easily fall prey to social engineering attacks linked to AI-generated deepfakes and political disinformation being spread.

2024 is going to be a big year for elections, with major electoral events taking place in the US, Taiwan, India, Indonesia, Brazil and Russia. It will be interesting to see how deepfake technology will drive and determine the outcome of these elections, and the corresponding cyber security threat that comes with it.

Access CyberSight 360 - A legal perspective on cyber security and cyber insurance for more on the key events, legislative and regulatory changes, trends and lessons from the year in cyber, and what we can expect in the year ahead.

¹ Fourth ASD Cyber Threat Report 2022-2023 published on 15 November 2023. https://www.asd.gov.au/news-events-speeches/news/2023-11-15-australian-signals-directorate-releases-2023-asd-cyber-threat-report

² https://www.afr.com/politics/federal/australia-to-hack-the-hackers-behind-medibank-attack-o-neil-20221112-p5bxor

³ https://ministers.ag.gov.au/media-centre/joint-standing-operation-against-cyber-criminal-syndicates-12-11-2022

⁴ https://www.reuters.com/world/europe/russian-hackers-were-inside-ukraine-telecoms-giant-months-cyber-spy-chief-2024-01-04/

⁵ https://www.thedefensepost.com/2023/12/01/china-cyberattacks-taiwan-rising/; https://www.bloomberg.com/news/articles/2023-11-29/google-warns-china-is-ramping-up-cyberattacks-against-taiwan

⁶ https://www.thedefensepost.com/2023/12/01/china-cyberattacks-taiwan-rising/

⁷ https://www.thedefensepost.com/2023/10/04/taiwan-bracing-cyberwar-china/

⁸ https://kpmg.com/kpmg-us/content/dam/kpmg/pdf/2023/deepfakes-real-threat.pdf

⁹ https://www.reuters.com/world/europe/deepfake-footage-purports-show-ukrainian-president-capitulating-2022-03-16/

¹⁰ https://www.wired.co.uk/article/slovakia-election-deepfakes

¹¹ https://transparency.fb.com/en-gb/policies/community-standards/manipulated-media/

¹² https://www.bloomberg.com/news/newsletters/2023-04-06/pope-francis-white-puffer-coat-ai-image-sparks-deep-fake-concerns

¹³ https://www.forbes.com/sites/britneynguyen/2023/12/14/pope-francis-calls-for-global-treaty-to-regulate-ai-after-viral-deepfake-of-him-wearing-a-puffer-jacket/?sh=74ff8545f0fa

¹⁴ https://www.reuters.com/world/middle-east/erdogan-rival-accuses-russia-deep-fake-campaign-ahead-presidential-vote-2023-05-12/; https://www.afr.com/technology/deepfakes-will-supercharge-conspiracies-in-biggest-election-year-ever-20240103-p5euvo

¹⁵ https://www.nytimes.com/2023/06/05/world/europe/putin-deep-fake-speech-hackers.html

¹⁶ https://edition.cnn.com/2023/06/08/politics/desantis-campaign-video-fake-ai-image/index.html; https://www.washingtonpost.com/politics/2023/06/08/desantis-fauci-trump-ai-video/

¹⁷ https://www.politico.com/news/2023/07/17/desantis-pac-ai-generated-trump-in-ad-00106695

¹⁸ https://factcheck.afp.com/doc.afp.com.33YP34M

¹⁹ https://www.nbcnews.com/politics/congress/fake-biden-robocall-alarms-capitol-hill-unclear-congress-will-act-rcna135248; https://www.wired.com/story/biden-robocall-deepfake-danger/

²⁰ https://www.politico.com/news/2023/09/06/google-ai-political-ads-00114266

²¹ https://www.pbs.org/newshour/politics/u-s-lawmakers-question-meta-and-x-over-ai-generated-political-deepfakes-ahead-of-2024-election