4 Ways The Internet Became More Dangerous In 2023

Our Year in Review series examines the most important trends, people and companies within science and technology in 2023.

Between increasingly ruthless attackers and increasingly clever attacks, 2023 was a very dangerous year to be in hackers’ crosshairs.

Over the past year, alarming phenomena (like teenagers getting more involved  in cybercrime) became increasingly common, while new kinds of threats (like artificial intelligence) emerged to transform how criminals, activists and government operatives penetrate computers to steal data, spy on rivals and cause mayhem.

Here are four ways that the internet became a more dangerous place this year.

1. Teenage hackers take off the kid gloves

Many of the most famous cyberattacks in recent memory — from Russia’s 2020 SolarWinds espionage campaign to a hacker gang’s 2021 breach of Colonial Pipeline — were the work of hardened cyber criminals or seasoned government-backed operatives. But this year saw the rise of a new breed of less experienced but even more reckless hackers: teenagers. The idea of reckless youngsters bringing down companies from their parents’ basements used to be mostly a Hollywood fantasy, but now it’s dangerously real.

Over the past few months, the casino giants Caesars Entertainment and MGM Resorts International and Clorox have all fallen prey to a group of teenagers and young adults that security experts have dubbed “Scattered Spider.” The hackers use a simple technique to breach their victims, impersonating corporate employees and tricking IT workers into disabling security measures to grant them access. Their strategy of eschewing more technically complex break-in methods — such as taking advantage of software flaws that have not yet been discovered and fixed — sets them apart from the groups behind many other high-profile attacks, and their success rate has highlighted how vulnerable many companies remain to the simplest social-engineering methods.

These teenagers have also displayed a violent streak, working within a broader cybercrime community known as “The Com” whose members target young women with sextortion schemes and threaten to send gunmen to their victims homes. “There is something really sociopathic going on with these people,” a security researcher told The Washington Post.

Scattered Spider’s members are mostly 19 to 22 years old and live in the U.S. and the U.K., security researchers told Bloomberg. But despite the fact that the hackers are within easy reach of U.S. law enforcement, the FBI still hasn’t arrested them.

Teenage hackers are likely to continue bringing major corporations to their knees in the years to come. “Young cybercrime offenders, unlike counterparts operating primarily in the physical world, are often able to evade parental, educator, community, and law enforcement scrutiny and intervention on their journey to significant cybercriminal activity,” the Cyber Safety Review Board, a Department of Homeland Security panel composed of government and private-sector experts, said in a recent report on the activities of another teenage hacker gang.

And America is doing nothing to stop it. The board’s report found no “notable juvenile cybercrime prevention and intervention programs in the U.S. at the federal government, local government, community, or private sector level.”

2. Double extortion on the rise

Ransomware intrusions, in which hackers seize victims’ files and demand payments to make the problem go away, are nothing new. But this was the year that brought a relatively different and especially disturbing offshoot of ransomware into focus.

In a traditional ransomware attack, the hackers encrypt the victim’s files — rendering them  useless — and demand a payment in exchange for providing a piece of code to decrypt the files. But as companies get better at backing up their files, many hackers have started issuing a more chilling threat: If you don’t pay us, we won’t just keep your data locked up. We’ll also post it online.

For some victims, this “double-extortion” threat could result, at worst, in the disclosure of corporate trade secrets or embarrassing email conversations. But for hospitals or schools, the results could be catastrophic: millions of pages of sensitive medical, financial or other personal records spilled across the internet.

Unsurprisingly, hackers have ruthlessly exploited the fear of this kind of attack. Criminals who breached Nevada’s Clark County School District have emailed parents bragging that they’ve stolen their children’s data. A ransomware attack on the Los Angeles school system resulted in the leak of students’ psychological examination reports and disciplinary records. And a breach of the Minneapolis public school system led to the publication of documents describing alleged rapes and child-abuse incidents.

The double-extortion attacks that lead to these kinds of disclosures have surged over the past 12 months. In 2021, the security firm Zscaler tracked 19 ransomware groups using double-extortion tactics. This year, that number more than doubled. And extortion-based intrusions accounted for 30 percent of the incidents that Cisco’s security experts responded to in the second quarter of 2023, topping that list. “Financially motivated threat actors are increasingly seeing this as a viable means of receiving a final payout,” Cisco researchers wrote in a blog post.

In the coming years, extortion attacks could permanently supplant traditional ransomware as the top threat, given how much easier they are to conduct. Extortion “results in faster and larger profits for ransomware gangs,” Zscaler said, by eliminating the need for them to spend time developing malware and helping victims decrypt their files after they pay up. The company said these attacks are also “harder to detect and receive less attention from the authorities” because they don’t cause headline-grabbing damage like the Colonial pipeline or MGM casino outages.

3. The AI gold rush

When OpenAI’s ChatGPT service burst onto the scene at the end of 2022, it inaugurated an artificial intelligence craze, and hackers have quickly seized on the boom in artificial intelligence — especially its almost magical text-generating abilities — to improve cyberattacks.

With AI, hackers can write flawless English-language emails that may be more likely to successfully trick targets into clicking links, typing in their passwords and downloading malware. They can quickly generate images and websites to bolster the credibility of fake personas. And they can analyze massive troves of data to impersonate authority figures or generate messages customized to fool specific people. Cybersecurity experts predict that these capabilities will power a tidal wave of less obvious — and therefore more dangerous — phishing attacks in the years to come.

Already, cyber criminals are offering AI-powered hacking services with names like WormGPT and FraudGPT, designed to speed up and improve the quality of attacks that have crippled businesses, governments and nonprofit organizations for years.

It could take years for hackers’ embrace of AI to fully bear fruit. In the meantime, scattered instances of AI-enhanced phishing emails could already be slipping by unnoticed — especially if the technology made the messages more convincing and, thus, harder to spot.

4. Bigger, badder website takedowns

Breaking into computer systems isn’t the only way for hackers to sow chaos. They can also direct a barrage of gibberish internet traffic to a targeted website and temporarily take it offline. And this year saw the discovery of a new way to turbocharge these kinds of overload strikes, which are known as distributed denial-of-service, or DDoS, attacks.

In September, security professionals noticed cyber criminals and hacktivists using a flaw in one of the internet’s most important protocols to pack more gibberish traffic into a single connection than was possible before. The result: faster, more severe website takedowns.

Cloudflare, which sells software to protect websites from DDoS attacks, said the newly discovered vulnerability allowed hackers to “attack their victims at a magnitude that has never been seen before.” Even its formidable defensive infrastructure buckled in some places under the ferocity of the traffic avalanche.

The new technique could make DDoS attacks even more of a nightmare in the years to come.

Security experts sometimes dismiss DDoS attacks as trivial — especially compared to ransomware and other attacks that actually compromise data inside computer systems — because they are temporary. But even temporary website outages can have serious consequences depending on the website: DDoS attacks on election websites could undermine public confidence in the accuracy of vote results, for instance, while attacks on health-care websites could sow chaos during public health emergencies.

The past year saw several notable DDoS incidents. In June, a major DDoS attack disrupted access to Microsoft’s widely used Outlook email platform. In September, the internet infrastructure firm Akamai, which also sells an anti-DDoS service, said it blocked a massive attack on “one of the biggest and most influential U.S. financial institutions.” And in November, OpenAI blamed a DDoS attack for issues plaguing its popular ChatGPT service.