
20 Recent Cyber Attacks & What They Tell Us About the Future of Cybersecurity
Anna Fitzgerald
Senior Content Marketing Manager
Rob Gutierrez
Senior Cybersecurity and Compliance Manager, CISA, CCSK, CMMC RP
Despite improving their defenses against cyber attacks, 7 out of 10 organizations still experienced an attack in the past year, according to the latest report by Veeam.
While organizations said they are allocating more resources to security and recovery efforts, the report found that CISOs, security professionals, and IT leaders are increasingly concerned about their ability to recover and restore mission-critical data after an attack.
One of the biggest challenges facing these leaders is that the landscape is constantly evolving due to emerging threats and technologies. To help you get a sense of priorities and focus areas for 2025, we’ve analyzed recent cyber attacks in the past 2 years to identify important patterns and trends. We’ve also included some actionable takeaways to help prevent cyber attacks even as they become more sophisticated.
Recent Cyber Attacks 2025
This year, cyberattacks are becoming more sophisticated, faster to execute, and impacting more sectors. From global ransomware campaigns to advanced zero-day exploits, these incidents highlight the evolving techniques used by today’s threat actors and the growing need for vigilance and resilience.
Below are five of the most notable cyberattacks so far this year, their impacts, and what organizations can learn from them.
1. National Defense Corporation ransomware attack
Date: March 2025
Impact: 4.2TB of sensitive data breached
The Interlock Ransomware Group targeted National Defense Corporation (NDC) and its subsidiary AMTEC in a March cyberattack, exfiltrating 4.2 terabytes of data later leaked on the dark web. NDC, which manufactures lethal and non-lethal ammunition, reported the breach to the SEC, calling it a “system outage caused by a cybersecurity incident.”
The attack marked a shift in Interlock’s targeting strategy from broad, opportunistic campaigns to high-value defense contractors. Though classified data wasn’t directly exposed, procurement documents, logistics details, and supply chain information were compromised, creating long-term risk across the defense industrial base (DIB).
Key learning
Compliance frameworks like CMMC 2.0 are critical for protecting sensitive, unclassified data, requiring defense contractors and subcontractors to implement robust access controls, encryption, and continuous monitoring, among other controls.
This incident emphasizes the importance of ensuring, even if you’re compliant yourself, that your entire supply chain, including third- and fourth-party vendors, meets similar security standards.
2. Microsoft zero-day vulnerability
Date: April 2025
Impact: Ransomware attacks via CLFS zero-day vulnerability on organizations across the globe
In April, Microsoft patched 126 vulnerabilities, including CVE-2025-29824, a zero-day flaw in the Windows Common Log File System (CLFS) exploited by the group Storm-2460. The attackers used a custom malware strain, PipeMagic, to escalate privileges and launch ransomware across multiple sectors worldwide.
While the entry point remains unclear, Microsoft confirmed the vulnerability allowed attackers with standard user access to gain elevated privileges, a key step in post-compromise ransomware deployment.
The CLFS vulnerability is part of a growing trend of privilege escalation flaws being actively exploited, according to Satnam Narang, senior staff research engineer at Tenable.
“Elevation of privilege flaws in CLFS have become especially popular among ransomware operators over the years,” Narang said. “While remote code execution flaws are consistently top overall Patch Tuesday figures, the data is reversed for zero-day exploitation. For the past two years, elevation of privilege flaws have led the pack and, so far in 2025, account for over half of all zero-days exploited.”
Key learning
With privilege escalation exploits now dominating zero-day attacks, organizations must implement a robust vulnerability management process that includes vulnerability scanning, patch management, and regular penetration testing to identify and fix vulnerabilities before attackers exploit them.
3. WestJet cyber attack
Date: June 2025
Impact: Intermittent disruptions on website and mobile app
In June, Canadian airline WestJet disclosed a cybersecurity incident that disrupted access to its website and mobile app. While flights and operations were unaffected, internal systems were compromised, and customers encountered intermittent access issues. WestJet stated it was still investigating whether sensitive data had been accessed.
The FBI later warned that the attack could be linked to Scattered Spider, a threat group increasingly targeting the airline sector. The group uses social engineering tactics to trick IT help desks into granting access to internal systems, often by impersonating employees and bypassing MFA protections. Once inside, they exfiltrate sensitive data and may deploy ransomware as a secondary tactic.
Key learning
Organizations must adopt a multi-layered defense that includes regular security awareness training, especially around social engineering tactics. Educating employees, especially IT and support teams, on recognizing impersonation attempts can prevent attackers from gaining a foothold.
Recommended reading

The 13 Most Common Types of Social Engineering Attacks + How to Defend Against Them
4. Aflac social engineering attack
Date: June 2025
Impact: Exposure of sensitive customer, employee, and health data
On June 12, Aflac detected suspicious activity on its U.S. network. The insurance giant quickly initiated its cyber incident response plan, containing the breach within hours. The attacker (likely Scattered Spider) used social engineering techniques to gain unauthorized access and exfiltrated sensitive data including Social Security numbers, health info, and policy details.
This campaign was part of a larger series of coordinated attacks targeting the insurance industry. Although ransomware wasn’t deployed, the data theft alone had serious consequences for customer privacy and trust.
Key learning
Today, malicious insiders like Scattered Spider are able to move faster and cause more damage.
“If Scattered Spider is targeting your industry, get help immediately,” said Cynthia Kaiser, who until last month was deputy assistant director of the FBI’s Cyber Division and oversaw FBI teams investigating the hackers. “They can execute their full attacks in hours. Most other ransomware groups take days.”
This underscores the importance of organizations having robust cybersecurity monitoring in place to detect intrusions early before attackers can escalate privileges or deploy ransomware. Real-time threat detection and anomaly monitoring are essential for stopping fast-moving actors like Scattered Spider.
5. Marks and Spencer Group attack
Date: April 2025
Impact: Data breach affecting 16.9 million customers and $27M in costs
U.K. retailer Marks & Spencer was one of several retailers impacted by a cyberattack linked to Scattered Spider The breach affected online shopping, inventory management, and exposed customer data, including payment details, though the company noted most payment data was masked.
The retail sector has become a hotbed for advanced persistent threat groups, with attackers disrupting operations and stealing data across multiple companies in coordinated campaigns.
Key learning
Considering that many of the most recent attacks in 2025 span multiple industries but are linked to the same group (Scattered Spider), this is a wakeup call for organizations across industries and the globe.
Having an incident response plan written down is essential, but only one step of the process. Actually testing it in a controlled environment through cybersecurity tabletop exercises is also a critical piece. Practicing realistic attack scenarios helps teams identify weak spots, refine response procedures, and reduce downtime during actual incidents.
Why we include cyber attacks from the past 24 months
While many cybersecurity news feeds highlight only the most recent breaches, we include attacks from the past two years so we can:
- Understand the root cause and contributing factors
- Share takeaways after full investigations conclude
- Accurately assess the true impact, including remediation and costs
- Avoid highlighting ongoing incidents that attackers could still exploit
Looking back at major attacks with the benefit of hindsight helps organizations learn from what went wrong and build stronger defenses. With this in mind, let’s look at some recent cyber attacks over the past 24 months.
Recent Cyber Attacks 2024
Cyberattacks in 2024 reflected an alarming expansion in both scale and tactics. From high-profile ransomware attacks to targeted phishing campaigns and third-party breaches, attackers focused on disrupting critical operations and exfiltrating sensitive data, often simultaneously.
Several common threads emerged:
- Credential abuse and phishing remained the top initial access methods
- Supply chain vulnerabilities were exploited to access broader ecosystems
- Regulatory pressure increased, with more organizations publicly disclosing incidents in SEC filings
- Attackers showed growing interest in infrastructure sectors like finance, energy, and logistics
These breaches serve as a critical reminder: even companies with mature cybersecurity programs aren’t immune. What matters most is how quickly and effectively they detect, respond, and recover.
6. LoanDepot ransomware attack
Date: January 2024
Impact: Data breach impacting 16.9M customers and $27M in response and recovery costs
In January, LoanDepot, a major mortgage lender, fell victim to a ransomware attack that exposed the sensitive data of approximately 16.9 million customers, including Social Security numbers, account numbers, names, addresses and other data.
The company took some systems offline in response to the cyberattack on January 8 and began restoring them on January 18. As a result of disrupted operations and other impacts of the cyber attack, LoanDepot incurred an estimated $27 million in response and recovery costs. This amount includes costs to investigate and remediate the cybersecurity incident, the costs of customer notifications and identity protection, professional fees including legal expenses, litigation settlement costs, and commission guarantees.
Key learning
This incident underscores the importance of having comprehensive security measures in place —including a strong cybersecurity remediation process — to safeguard sensitive customer information and minimize financial losses.
Having a robust cybersecurity remediation process that leverages automation and AI can help organizations proactively address vulnerabilities, minimize risks and potential damages if an incident does occur, and prevent similar attacks in the future. The remediation process should include identifying root causes, addressing weaknesses, and implementing lessons learned from incidents.
Recommended reading

Cybersecurity Remediation: A Guide to Protecting Your Business
7. Schneider Electric ransomware attack
Date: January 2024
Impact: 1.5TB Data Breach
In mid-January, the ransomware-as-a-service group Cactus infiltrated the networks of multinational energy management company Schneider Electric, reportedly stealing 1.5 terabytes of data from its Sustainability Business Division.
Since this division provides renewable energy and regulatory compliance consulting services to high-profile companies worldwide, including Allegiant Travel Company, Clorox, DHL, DuPont, Hilton, Lexmark, PepsiCo, and Walmart, a data breach of this magnitude would include mountains of sensitive information about these customers’ industrial control and automation systems and information about environmental and energy regulations compliance. Experts believed that customers were likely exerting significant pressure on the company to make a “record” ransomware payment to forestall the release of the sensitive data as a result.
In addition to the ransomware payment, a data breach like this is costly in other ways. It can damage the organization's reputation, erode customer trust, and lead to regulatory scrutiny.
Key learning
Schneider Electric confirmed another cyber attack in November 2024, its third ransomware attack reported in 18 months.
The ongoing attacks on Schneider Electric evince a finding from the IBM X-Force Threat Intelligence Index 2024: Manufacturing has been ranked as the top attacked industry for three years in a row, representing over a quarter (25.7%) of incidents within the top 10 attacked industries in 2024.
Because they are prime targets for cybercriminals due to their critical role in the economy and heavy reliance on connected devices and technologies, manufacturing companies must adopt a proactive cybersecurity strategy to address their sector's unique risks. This includes protecting operational technology (OT), adhering to evolving regulatory requirements, and ensuring business continuity amid increasing threats.
Recommended reading

Cybersecurity for manufacturing: Essential best practices and industry frameworks
8. Kawasaki Motors Europe cyber attack
Date: September 2024
Impact: Servers taken offline and 487GB of data stolen
Kawasaki Motors Europe experienced a significant cyber attack that forced the company to take servers offline to contain the breach. The attackers exfiltrated 487GB of data, which contained critical business documents, including financial information, banking records, dealership details, and internal communications. Later that month, Kawasaki Motors Europe was able to recover most of its servers and resume business with third-party suppliers and dealers. It also implemented enhanced monitoring operations and tightened access restrictions to prevent unauthorized access in the future.
Key learning
Organizations operating in the EU or entering the market must prioritize compliance with regulations like NIS2 to enhance cyber resilience. Failing to meet these standards can result in operational disruptions, reputational harm, and regulatory penalties.
Recommended reading

Understanding EU Cybersecurity: History, Regulations, and Certifications
9. Crowdstrike incident
Date: July 2024
Impact: Global IT outage estimated to cost $1B
In July 2024, a global outage linked to CrowdStrike caused significant disruptions across various industries. The incident, which was caused by a flawed update to a cloud-based security software of CrowdStrike that affected 8.5 million Microsoft Windows devices, led to widespread disruptions of airlines, banks, broadcasters, healthcare providers, retail payment terminals, and cash machines globally. Airlines cancelled thousands of flights, supermarkets couldn’t accept credit card payments, and hospitals cancelled non-urgent surgeries, among other examples.
In total, the cost of the outage is estimated to be over $1 billion.
Key learning
This incident highlighted the risks of relying on a single IT service provider without robust incident response mechanisms in place.
Organizations need a resilient cyber incident response plan to reduce downtime and financial losses if a similar incident occurs. Such plans should include clear communication strategies, rapid containment protocols, and regular testing to ensure you can maintain the resilience of your business and services in the face of a cyber attack or cyber failure.
Recommended reading

How to Build a Resilient Cyber Incident Response Plan: Challenges & Best Practices
10. Salt Typhoon cyber attack
Date: September 2024
Impact: Data breach of DoD’s unclassified communications from multiple telecommunications companies
The Salt Typhoon cyber attack, attributed to Chinese threat actors, targeted at least eight US telecommunications companies in pursuit of sensitive information, including unclassified voice, video, and text communications of the Department of Defense (DoD).
The US believes that the hackers were able to gain access to communications of senior U.S. government officials and prominent political figures through the hack, as reported by Fast Company.
Key learning
This attack, considered the worst telecom attack in the country’s history, emphasizes the importance of safeguarding sensitive government information against nation-state actors, especially in the defense supply chain.
While advisors have called for new mandatory cybersecurity requirements for the telecom sector, including rules on secure configurations and network monitoring, CMMC 2.0 was created to help address concerns about the safety of critical national infrastructure and important information related to national security. Organizations bidding on DoD contracts or handling DoD information must comply with CMMC requirements. Achieving the appropriate CMMC level ensures baseline security and protects against advanced threats.
Recommended reading

CMMC Hub: 30+ Free Resources to Simplify Certification
Recent Cyber Attacks 2023
In 2023, the cybersecurity landscape was defined by disruption at scale. Threat actors launched attacks that shut down production lines, compromised cloud environments, and affected tens of millions of consumers globally. The year’s biggest incidents weren’t just about data loss. They had serious implications for public safety, national security, and economic stability.
Key themes across 2023 breaches included:
- The rise of data extortion without deploying ransomware
- Attacks on managed service providers to gain downstream access
- Growing interest in healthcare and critical infrastructure
- Continued exploitation of known but unpatched vulnerabilities
Looking back at these events provides valuable insight into threat actor behavior and the defense strategies that proved (in)effective under pressure. Each example is a case study in how lapses in patching, access control, or third-party oversight can have ripple effects across entire industries.
11. ICBC Financial Services ransomware attack
Date: November 2023
Impact: Disruption of the US Treasury market
In November, a subsidiary of the Industrial and Commercial Bank of China (ICBC), the ICBC Financial Services, experienced a ransomware attack that disrupted some operating systems, including those used to clear US Treasury trades and repo financing. As a result of this disruption, the brokerage was unable to settle trades for other market players and temporarily owed BNY Mellon $9 billion.
This not only highlights the growing payment interruption risk that financial institutions face due to cybersecurity incidents — it also reflects the increasing scale of such incidents. Because financial systems and business operations are increasingly interconnected, the impact of a cyber attack is rarely limited to the target organization. Instead, it has a ripple effect that can affect organizations and economies across the world.
The attack on ICBC Financial Services, for example, disrupted the US Treasury market, which plays a crucial role in global finance.
Key learning
Cyber attacks like this are expected to increase as threat actors continue to target important financial institutions and infrastructure in major economies. If successful, an attack on one organization can impact partners, suppliers, and customers across the globe.
This emphasizes the importance of supply chain risk management. Supply chain risk management involves identifying and assessing threats throughout the supply chain and developing mitigation strategies to protect the integrity, trustworthiness, and authenticity of products and services within that chain. Having a defined process in place can help your organization minimize the likelihood and magnitude of these risks to the supply chain.
Recommended reading

Supply Chain Risk Management: A Breakdown of the Process + Policy Template
12. MGM Resorts phishing attack
Date: September 2023
Impact: Over $100 million in financial losses
After detecting a cyber attack that disrupted its operations in late September 2023, MGM Resorts International shut down its systems to contain the damage. It then reported that it would take a $100 million hit to its third-quarter results, as it worked to restore its systems. The casino giant also expected to incur a one-time cost of approximately $10 million related to the attack.
It appears that the hackers used a social engineering technique known as vishing. After finding an employee’s information on LinkedIn, the hackers impersonated the employee in a call to MGM’s IT help desk to obtain credentials to access and infect the systems.
Key learning
Social engineering attacks are expected to increase in sophistication and frequency due to AI, which enables threat actors to create more convincing and legitimate sounding phishing emails, deepfakes, vishing calls, and more.
Organizations that extensively use AI and automation to enhance their cybersecurity capabilities will be best positioned to defend against this weaponized use of AI by cybercriminals. In a study by Capgemini Research Institute, 69% of executives said that AI is necessary to effectively respond to cyberattacks and results in higher efficiency for cybersecurity analysts.
Recommended reading

AI in Cybersecurity: How It’s Used + 8 Latest Developments
13. Boeing ransomware attack
Date: October 2023
Impact: 43GB data leak
In October 2023, Boeing, one of the world's largest defense and space contractors, suffered a cyber attack that impacted its parts and distribution business. This attack was traced to a vulnerability in Citrix’s software, known as Citrix Bleed, that was exploited by the ransomware group LockBit 3.0. LockBit later leaked more than 43 gigabytes of data allegedly stolen from Boeing’s system when the aerospace company refused to pay the demanded ransom.
Exploitation of CitrixBleed impacted other major organizations as well, including the U.S. branch of ICBC and logistics firm DP World. The majority of affected systems were reported to be located in North America. It’s estimated that US organizations hit by LockBit paid as much as $90 million in ransom between 2020 and mid-2023.
As a result of the incident at Boeing, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and Australian Cyber Security Center issued a cybersecurity advisory urging organizations to patch against the actively exploited flaw immediately if they haven’t done so already.
Key learning
In October, Citrix posted a security bulletin rating the bug a 9.4 out of 10 on the CVSS severity scale. However, in November, thousands of instances where the tool was used were still vulnerable to the issue, including nearly 2,000 in North America alone. There was widespread exploitation of the Citrix vulnerability in unpatched software services throughout both private and public networks as a result.
Managing exposure to discovered vulnerabilities is a key aspect of vulnerability management, alongside discovering, categorizing, and prioritizing vulnerabilities and analyzing the root cause of vulnerabilities. Having a robust vulnerability management program can help an organization develop a comprehensive understanding of its risk profile, understand what controls need to be implemented for risk mitigation, and prevent repeat vulnerabilities.
Recommended reading

A Step-by-Step Guide to the Vulnerability Management Process [+ Policy Template]
14. The British Library ransomware attack
Date: October 2023
Impact: Major disruptions to systems and operations and 600GB data leak
The UK's largest library was hit by a cyber attack on the last weekend of October. While the British Library took immediate action to isolate and protect its network, its online systems and services were massively disrupted, its website went down, and it initially lost access to even basic communication tools such as email.
On January 15, it began a phased return of certain key services, starting with the restoration of a reference-only version of its main catalog. However, the disruption to some of its operations is expected to persist for months, possibly until next fall or even longer.
In total, the cost of recovering the British Library’s IT systems is estimated to be as high as £7 million, which represents about 40% of its unallocated cash reserves.
Key learning
To help prevent lengthy and costly recoveries in the event of a successful ransomware attack, organizations must update their cyber resiliency measures, including putting a disaster recovery plan in place.
Having a disaster recovery plan in place that is well-designed and regularly maintained can help organizations minimize downtime, reduce financial losses, protect critical data, and provide peace of mind for employees.
Recommended reading

How to Write a Disaster Recovery Plan + Template
15. TruePill data breach
Date: August 2023
Impact: Data breach impacting 2.3M patients
Truepill experienced a data breach in late August, which exposed the personal data of more than 2.3 million patients. Postmeds, the parent company behind TruePill, published a data breach notice that explained that the attackers accessed files containing sensitive patient data, including names, unspecified demographic information, medication type, and the name of the patient’s prescribing physician.
While the company did not say how its systems were compromised or what specific measures it implemented to prevent future breaches, a class action lawsuit alleges that the cybersecurity incident was the result of inadequate data security measures — including the failure to encrypt sensitive healthcare information stored on its servers.
Key learning
Healthcare is one of the most targeted industries by threat actors. In 2022, 89% of the healthcare organizations experienced an average of 43 attacks in the past 12 months, which equates to almost one attack per week. The healthcare industry was also the most common victim of third-party breaches in 2022, accounting for almost 35% of all incidents.
While third-party security is critical across industries, it’s particularly important in the healthcare industry due to its susceptibility to cyber attacks. Conducting third-party risk assessments, tracking metrics and KPIs like pass rate for security questionnaires, and using automation can help strengthen a healthcare organization’s third-party risk management program and protect it from data breaches like this one.
Recommended reading

Third-Party Security: 8 Steps To Assessing Risks And Protecting Your Ecosystem
16. 23andMe hack
Date: October 2023
Impact: Data breach impacting 6.9 million users
23andMe disclosed that hackers accessed about 14,000 accounts in a cybersecurity incident in October. The scope ended up being much larger due to 23andMe’s DNA Relatives feature, which matches users with their relatives. By accessing those 14,000 accounts, hackers were also able to access the profile information of millions of other users. In total, the data breach is known to affect roughly half of 23andMe’s total reported 14 million customers.
When disclosing the incident in October, 23andMe said the data breach was caused by customers reusing passwords. Hackers were able to use publicly known passwords released in other companies’ data breaches to brute-force the victims’ accounts.
Key learning
While the 23andMe breach showed the impact that poor password hygiene can have on data security, it also highlighted the need for organizations to take responsibility for protecting user data.
Maintaining a strong incident response plan is one security tactic that organizations can implement. For example, following the data security incident, 23andMe required all users to reset their passwords and now requires all new and existing users to use two-step verification when logging in to the website.
Recommended reading

How to Create an Incident Response Plan + Template
17. Mr. Cooper ransomware attack
Date: October 2023
Impact: Data breach impacting 14.7M customers and $25Min response and recovery costs
After reviewing a cyberattack that took place in October 2023, Mr. Cooper determined that personal data on every current and former customer of Mr. Cooper Group was stolen, which amounted to more than 14 million people.
Mr. Cooper shut down multiple systems after it discovered the cyberattack, which prevented millions of customers from making payments and processing mortgage transactions. The company set up alternative payment methods for customers after the attack, including by phone, mail service, Western Union and MoneyGram..
The mortgage and loan giant expected vendor expenses related to its response, recovery, and identity protection services to reach $25 million in the fourth quarter.
Key learning
Mr. Cooper is just one of many financial services firms that was hit by a suspected ransomware attack in 2023. Other notable examples include LoanDepot, Fidelity National Financial, and First American Financial.
Since these cyberattacks undermine the security and confidence in national and international financial systems and endanger financial stability, regulatory expectations for all financial services institutions have increased. More regulation has passed, expanded, or been increasingly enforced to ensure these institutions have a comprehensive information security program in place, including the FTC Safeguards Rule and New York Department of Financial Services (NYDFS) NYCRR 500.
Meeting these regulatory requirements can not only help avoid penalties and fines — it can also help protect the security and confidentiality of customer information held by financial institutions.
Recommended reading

Secureframe Adds New Frameworks to Help Financial Institutions Achieve and Maintain Cybersecurity Compliance
18. Dollar Tree third-party breach
Date: August 2023
Impact: Data breach impacting 2M people
In August 2023, Dollar Tree was impacted by a third-party data breach affecting approximately 1.98 million people. One of its vendors, Zeroed-In Technologies, LLC, suffered a security incident in which threat actors stole the information of Dollar Tree and Family Dollar employees and customers, including names, dates of birth, and Social Security numbers (SSNs).
Allegedly, Dollar Tree shared the private, unencrypted information of its employees and customers with Zeroed-In, which stored that information in an unencrypted, Internet-accessible environment on its public network. An unauthorized party then gained access to the company’s systems.
Key learning
Many organizations work with outside vendors to cut down on costs or better serve customers, which requires them to share access to sensitive information with third parties. That means organizations must put the same amount of scrutiny on the risk management practices of outside vendors as they do their own.
A vendor risk management program provides companies with visibility into who they work with, how they work with them, what security controls each vendor has implemented, and their security posture over time, which can help them identify potential threats before they impact their business.
Recommended reading

Vendor Risk Management (VRM): How to Implement a VRM Program that Prevents Third-Party Breaches
19. DP World Australia cyber attack
Date: November 2023
Impact: Major disruptions to operations that led to 30K shipping container backlog
DP World Australia is one of the country's largest ports operators and manages approximately 40% of Australia’s total flow of goods. In November 2023, it experienced a cyber attack that crippled its operations at container terminals in Melbourne, Sydney, Brisbane, and Fremantle.
Once it detected unauthorized access to the company’s Australian corporate network, DP World Australia disconnected the network from the Internet in order to contain the incident. This shut down port operations across Australia for three days, prompting a backup of some 30,000 shipping containers.
Key learning
The DP World cyber attack represents one of the latest large-scale criminal attacks on critical infrastructure and has prompted demand for governments to prioritize and invest in cybersecurity measures, especially for critical infrastructures like ports. The demand is especially high in Australia, since attacks against the country’s critical infrastructure, businesses and homes have surged recently, with one attack happening every six minutes according to the Australian Cyber Security Centre.
Cybersecurity measures can help protect the availability and resilience of critical infrastructure and the essential services it provides.
Recommended reading

Cybersecurity Explained: What It Is & 12 Reasons Cybersecurity is Important
20. Ardent Health Services ransomware attack
Date: November 2023
Impact: Critical care impacted in at least three states
Ardent Health Services owns and operates 30 hospitals and more than 200 sites of care with more than 1,300 aligned providers in six states. When it was hit by a ransomware attack in November 2023, the company proactively took its network offline, suspending all user access to its information technology applications.
This resulted in disruptions to operations in facilities across multiple states. Some had to reschedule non-emergent, elective procedures and divert emergency room patients to other area hospitals until systems were back online. Patients also reported being unable to refill prescriptions and make appointments online, and having their procedures rescheduled or postponed.
Key learning
According to a report by the FBI’s Internet Crime Complaint Center (IC3), the FBI received 870 reports of ransomware attacks aimed at organizations belonging to 16 critical infrastructure sectors and the healthcare sector topped the list with 210 reports of ransomware attacks.
Increasingly sophisticated and malicious cyber campaigns targeting critical infrastructure like the example above threaten the public and private sector as well as the American people’s security and privacy. In response, the US government has created several information security standards and frameworks for reducing risk and improving data security.
Federal contractors and government agencies typically comply with these standards and frameworks, but any organization can benefit from implementing these stringent and comprehensive requirements. Doing so will have important ramifications for the public sector, the private sector, and ultimately national security and privacy.

The Ultimate Guide to Federal Frameworks
Get an overview of the most common federal frameworks, who they apply to, and what their requirements are.
Cyber attack trends
Cyberattacks are constantly evolving, and so must your defenses. Looking across major breaches over the past two years, we’ve pulled out high-level trends to help you better understand the latest threat landscape.
These aren’t just headlines. They’re signals that attackers are adapting faster, targeting more strategically, and taking advantage of emerging technologies and global instability. Understanding these trends is essential for strengthening your defenses and aligning with security frameworks that address modern risks.
1. AI-generated attacks are scaling threats at speed
Cybercrime is expected to cost $15.6 trillion globally by 2029 and one major driving factor is AI. AI not only lowers the bar for entry into cyber crime, it also enhances their capability by improving the scale, speed, and effectiveness of existing attack methods.
The rapid advancement of AI technologies, particularly generative AI, is expected to lead to an increase in all cyber attacks, according to Britain’s GCHQ spy agency. They specify that a surge in ransomware attacks and large-scale phishing and disinformation campaigns that use more convincing fake audio, video, and images is likely.
Recommended reading

35+ AI Statistics to Better Understand Its Role in Cybersecurity [2023]
2. Cyberattacks are operating at global scale
Nation-state actors are increasingly leveraging cyber capabilities to conduct global-scale attacks, targeting critical infrastructure, multinational corporations, and supply chains. These attacks often involve cross-border collaboration between cybercriminal groups, hacktivists, and state-sponsored actors.
This poses significant challenges for international cybersecurity efforts and will require enhanced cooperation among governments and private sector entities to mitigate threats.
3. Ransomware is evolving and still the top threat
Back in 2021, cybersecurity authorities in the US, Australia, and UK observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.
According to the World Economic Forum's latest Global Cybersecurity Outlook, 72% of respondents reported an increase in organizational cyber risks, with ransomware remaining a top concern.
Already one of the biggest global threats, ransomware is likely to increase in the coming years due to advancements in AI and threat actors employing increasingly sophisticated techniques, including double extortion tactics and supply chain compromises. The emergence of ransomware-as-a-service platforms has also democratized access to ransomware tools, enabling even more cybercriminals to participate in extortion schemes.
With the help of automation and AI, ransomware operators are now moving faster, sometimes encrypting and exfiltrating data within hours of initial access.
4. Governments remain high-value targets
Governments worldwide are facing unprecedented threats as they become the third most targeted sector by nation-state actors, according to the recent Microsoft Digital Defense Report. These attacks frequently aim to gather intelligence, disrupt operations, or influence political outcomes. Recent examples include cyberespionage campaigns targeting public-sector entities and coordinated disinformation campaigns intended to destabilize nations.
This trend highlights the urgent need for stronger international cooperation and improved defenses for public-sector networks.
5. EU organizations face rising attack frequency and severity
Cyberattacks targeting organizations and governments in the European Union in particular are becoming more frequent and severe. These attacks often focus on critical sectors such as healthcare, energy, and finance, exploiting vulnerabilities to steal sensitive data, disrupt operations, and erode trust. In the last year, 10,000 cyber attacks were recorded in the EU, with the top sectors affected being public administration (19%), transportation (11%) and banking and finance (9%).
Notable campaigns include ransomware targeting EU institutions and high-profile retail and logistics organizations. The trend underscores the urgent need for coordinated cybersecurity strategies across member states, including compliance with regulations like the NIS2 Directive.
6. Zero-day exploitation is accelerating
Zero-day vulnerabilities, flaws that are exploited before vendors release patches, are now central to many high-profile attacks. Threat actors are weaponizing zero-days not just for access, but also for privilege escalation, lateral movement, and data exfiltration.
Both Microsoft and CISA have reported a spike in zero-day exploitation, particularly in widely used platforms like Windows, Exchange, and VMware. These vulnerabilities are especially valuable to ransomware groups and state-sponsored attackers seeking to gain early access before defenses are updated.
7. Time between disclosure and exploitation is shrinking fast
One of the most alarming trends is how little time defenders now have. According to CISA’s Known Exploited Vulnerabilities (KEV) data, over 25% of vulnerabilities exploited in Q1 2025 were attacked within 24 hours of being disclosed.
This trend, sometimes called “patch gap exploitation,” puts intense pressure on IT and security teams to move quickly from detection to remediation, often with incomplete context or limited resources. Automation and prioritization are now essential for effective vulnerability management.
8. CVE volumes are overwhelming defenders
The number of known vulnerabilities continues to explode. In 2024, over 40,000 CVEs were disclosed, and 2025 is on pace to hit nearly 50,000. The volume alone makes it difficult to identify which issues to patch first, especially as attacker playbooks grow more dynamic.
Vulnerability exploitation was linked to 20% of breaches in the 2025 Verizon Data Breach Investigations Report (DBIR), putting it on par with stolen credentials and ahead of phishing as a breach vector. This means defenders must focus not only on quantity but on prioritizing what matters most, with the help of tools like CVSS scoring, threat intelligence, and AI-based vulnerability triage.
Get industry insights, news & more in your inbox
Secureframe Insights is our monthly newsletter covering the latest cybersecurity and compliance news, insights, and events — from changing regulations to compliance checklists and more.
Join thousands of subscribers in getting these expert insights delivered straight to your inbox.

How to prevent cybersecurity attacks
Cybersecurity attacks aren’t just increasing in number. They’re evolving in speed, complexity, and impact.
While no defense is foolproof, there are proven strategies that can dramatically reduce your organization’s risk exposure and ability to recover from an attack.
The tips below combine technical, procedural, and organizational best practices to help mitigate the likelihood and impact of a successful cyberattack. Many of these are also foundational requirements in security frameworks like SOC 2, NIST 800-53, CMMC, and ISO 27001, making them not only smart security decisions but essential steps for compliance.
1. Provide security awareness training to employees
A comprehensive training program can help employees understand common cyber threats such as phishing attacks, social engineering tactics, and malware, identify suspicious emails, links, and attachments, and understand the importance of following best practices and reporting any security incidents promptly.
Having a program in place that trains employees as they onboard and on a recurring basis about cybersecurity best practices, common threats, and their roles and responsibilities in safeguarding sensitive information can help your organization reduce the risk of human error leading to cyber attacks and breaches. It can also help you meet security and privacy compliance requirements for SOC 2®, HIPAA, PCI DSS, GDPR, and other frameworks.
2. Implement security controls to reduce your risk exposure
You can reduce your organization’s exposure to some types of cyber attack on systems that are exposed to the Internet by implementing security controls like:
- Malware defenses
- Boundary firewalls and internet gateways
- Password policy
- User access controls
- Patch management
3. Comply with cybersecurity standards and regulations
Cybersecurity frameworks require organizations to implement robust security measures, establishing a baseline of protection against cyber threats. By adhering to these standards, organizations must conduct regular risk assessments, identify vulnerabilities and potential attack vectors, and implement technical and administrative safeguards. These controls bolster defenses and mitigate the likelihood and impact of cyber attacks.
4. Continuously monitor for threats and misconfigurations
Attackers move fast, sometimes within hours of gaining access, so real-time detection is critical. Continuous monitoring helps you spot suspicious behavior, unauthorized changes, or misconfigured systems before they’re exploited. Continuous monitoring also supports compliance and audit readiness by maintaining visibility into your control environment.
5. Evaluate and manage third-party risks
Vendors, contractors, and other third parties can introduce serious vulnerabilities into your environment. Many recent breaches began not with a direct attack on the victim organization, but through a trusted partner or service provider.
Establish a formal third-party risk management (TPRM) process. Assess the security posture of your vendors, ensure they meet your security requirements, and monitor their compliance over time. Include third-party security in your incident response and business continuity planning.
6. Implement Secure-by-Design principles
Patching and scanning are still necessary, but they can no longer keep pace with today’s exploitation speed and scale. To stay ahead of attackers, organizations must rethink how systems are built in the first place.
CISA and its international partners are calling on every technology provider to take ownership at the executive level to ensure their products are “secure by design.” Secure by design means embedding security into every stage of system development and procurement, not just bolting it on after deployment. This includes minimizing the attack surface, eliminating default credentials, disabling unnecessary features, and enforcing strong authentication by default.
Reducing the exploitability of software and infrastructure upfront is key to long-term security resilience.
Recommended reading

Secure by Design: What Does It Mean & How to Reasonably Implement It
How Secureframe can help bolster your cybersecurity posture
Organizations today are challenged with mitigating increasingly complex risks and threats and continuing to comply with an increasing depth and breadth of regulation.
Secureframe can help by simplifying and automating manual tasks related to security, privacy, and compliance. With Secureframe, you can:
- Consolidate compliance and risk data in one source of truth via 300+ native integrations and the Secureframe API.
- Automate cloud remediation, risk assessments, policy management, and security questionnaires with AI.
- Closely monitor and manage your third-party vendor relationships.
- Conduct continuous monitoring to look for gaps in controls to maintain continuous compliance
- Automate the assigning, tracking, and reporting of required security and privacy compliance training.
- Get personalized advice based on your company’s unique risks and industry requirements from our in-house compliance team.
To learn more about how Secureframe can play an integral part in enhancing your security and compliance posture, request a demo today.
Use trust to accelerate growth
FAQs
What is the most famous cyber attack?
One of the most famous recent cyber attacks is the NotPetya attack, which began in 2017, when Russian military hackers launched a malware attack targeting Ukraine that rapidly spread to more than 60 countries and destroyed the systems of thousands of multinational companies, including the global transport and logistics giant Maersk, the pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondelēz, and manufacturer Reckitt Benckiser, among others. With the total damage estimated at more than $10 billion, NotPetya is still considered the most destructive and costly cyberattack in history.
What was the largest data breach in 2023?
More than 3.6 billion records were exposed when DarkBeam, a digital protection firm, left an Elasticsearch and Kibana interface unprotected. These records contained user emails and passwords from previously reported and non-reported data breaches.
What was the massive ransomware attack in 2023?
CL0P Ransomware Gang, also known as TA505, began launching a widespread attack in May 2023 after exploiting a previously unknown SQL injection vulnerability in Progress Software's MOVEit Transfer. This attack targeted thousands of government, public, and business organizations all over the world, with the vast majority being US-based entities.
What is the most recent cyber attack?
The International Criminal Court (ICC) was recently targeted by a sophisticated and targeted cyberattack discovered last week and now under investigation. Although the incident has been contained, the ICC hasn’t disclosed whether sensitive data was impacted. Ongoing analysis is underway to determine the full scope and potential fallout.
What websites show recent cyber security attacks?
To stay updated on real-time cyber threats, incidents, and breaches, consider these reputable sources:
- The Hacker News: Leading cybersecurity news site with threat intelligence, breach updates, and expert analysis
- Dark Reading (Cyberattacks & Data Breaches): Covers data breaches, advanced threats, and operational cybersecurity news
- CSIS Significant Cyber Incidents Timeline: A timeline listing major global cyber incidents, especially state-level or high-impact breaches