In this year’s Annual Cyber Threat Monitor Report, we take a look back at the key events that shaped the cyber threat landscape in 2023, as well as looking ahead at the year to come, sharing insights from our Cyber Threat Intelligence team here at NCC Group. 2023 showed signs that the international community is beginning to take the threats from cyber adversaries more seriously. We saw several examples of coordinated law enforcement action against criminal groups, including key ransomware operators and individuals believed to be acting on behalf of foreign intelligence services.

2022 was another year that kept us on our toes. The threat landscape was heavily influenced by the conflict between Russia and Ukraine, during which we have seen the whole arsenal of offensive cyber capabilities, deployed by criminals, hacktivists, and nation state groups.We saw the overall number of ransomware incidents dip by around 5% compared to the previous year. But, this slight dip does not mean we collectively declare ‘job done’. As a result, we have witnessed several coordinated operations in 2022 that saw arrests of key members of prolific cyber-criminal operations, as well as the disbanding of long-established groups. Least of all Conti, which was 2021’s most active group.”

This report is based on a security audit of the opening ceremony of ZCash.

This paper is intended to give a high-level view on the insider threat for those looking to implement a defensive programme. It considers the types of attack that may take place and some of the common weaknesses that aid insider attacks. It also covers some of the policies and controls that can be implemented to detect, deter or defend against the insider threat. This paper is intended to be a summary, however, the final section details further reading and resources that provide more in-depth information.

This white paper provides an analysis of Risk Management and overcoming uncertainty.

This report provides an analysis of TPM Genie. TPM Genie is a serial bus interposer which has been designed to aid in the security research of Trusted Platform Module hardware. The tool demonstrates that a man-in- the-middle on the TPM serial bus can undermine many of the stated purposes of the TPM such as measured boot, remote attestation, sealed storage, and the hardware random number generator.

This is a useful article that takes a look at the financial numbers of paying for a defensive strategy vs. paying for a breach. Perfect for accountants, and those who need to understand data from a purely financial side.

This report takes a good look at Open Banking, it defines what it is, and considers the security implications for using it.

Network-Attached Storage (NAS) devices are a popular way for people to store and share their photos, videos and documents. Securing these devices is essential as they can contain sensitive information and are often exposed to the Internet. Because Synology is one of the top manufacturers of NAS devices, this paper chose to analyze a Synology DS215j. In doing so it identifies a number of exploitable security flaws. In this paper, they discuss in detail the analysis performed, methodologies used, and vulnerabilities found during the summer of 2015.

This paper discusses the security issues related to biometric facial recognition applications.

During the summer of 2017, a study was done on the security issues related to the TUF framework.

This whitepaper formalizes a class of attacks called Cross-Protocol Request Forgery (CPRF) which enables non-HTTP listeners to be exploited through Cross-Site Request Forgery (CSRF) and Server-Side Request Forgery (SSRF). This paper both references existing research and expands upon it in later sections.

This report is based on a study done in 2017 to analyze security issues in CakePHP.