This year the report highlighted the increasingly complex threat landscape and the corresponding escalating pressure on defenders to enhance visibility into and resilience of OT/ICS networks Organizations with strong incident response capabilities, defensible architectures, secure remote access protocols, and robust network monitoring are far better positioned to reduce the risk of a successful attack on the enterprise OT even in this increasingly complex environment.

The Nozomi Networks Labs team delivers this semi-annual report to provide insights into how the world’s largest industrial organizations and critical infrastructure operators can protect themselves from these advanced threats. Our threat intelligence, enriched by indicators of compromise, threat actor profiles and vulnerability data from Mandiant, empowers customers to proactively defend their systems.

This year highlighted the increasingly complex threat landscape and the corresponding escalating pressure on defenders to enhance visibility into and resilience of OT/ICS networks. This focus on simplicity highlights a critical point for defenders: effective implementation of the SANS ICS 5 Critical Controls remains the best defense against OT targeting adversaries.

In this report, we look back at the 900 million attacks we analyzed in the threat landscape of 2024. Additionally, we offer organizations tactical insights and strategic recommendations for improving defenses this year. From the financial impact of attacks to geopolitical tensions that lead to cyber warfare, cybersecurity is top of mind for enterprise and government organizations in 2025.

This year, we also delve deeper into the threats facing critical infrastructure, particularly within Operational Technology and mobile networks. With increased connectivity and the adoption of IoT and 5G, these systems offer an expanded attack surface that calls for comprehensive, cross-functional defenses. Our goal is not only to adopt the latest technologies but to do so thoughtfully, balancing progress with caution to secure a safer digital world.

In this report, the security domain of the CISO continues to expand. This area is one of the most challenging to protect as the threats that attack these devices, like mobile malware and botnets, are becoming more sophisticated. ThreatLabz found that mobile threats are becoming more targeted and sophisticated—with 29% and 111% growth in mobile banking malware and mobile spyware attacks, respectively—even as the overall volume of mobile attacks has declined.

The 2024 Data Threat Report (DTR) analyzes how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organizations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. It analyzes global trends in threats to data and the underlying controls, regulations, risks and emerging technologies that need to be addressed.

1Password Business is an encrypted password solution that provides users with secure access via autofill logins, autogenerated strong passwords, and vault features. For the purposes of this study, Forrester aggregated the interviewees’ experiences and combined the results into a single composite organization. Forrester took a multistep approach to evaluate the impact that 1Password can have on an organization.

The report has delivered a holistic annual view of the vulnerabilities within Microsoft’s platforms and products, and has established an undeniable business case for the importance of removing admin rights to reduce risk. In this report, we will examine how these vulnerability trends, along with cloud security adoption, collectively influence how we should think about cybersecurity and risk management in 2022 and beyond.

The primary goal of OT Security Leaders it to ensure that the risk of a cyber incident impacting the Reliability, Availability and Safety of operations is minimised. This requires identification and management of vulnerabilities, and a layer of controls to prevent threat actors from accessing networks. The logical starting point is to identify and classify all assets though this is rarely a simple task.

In this report we share runZero’s observations from our unique perspective as an applied security research team. Our goal is to provide insight into how the security landscape is changing, and recommendations on what you can do to get ahead of these changes.

The 2024 Data Threat Report (DTR) analyzes how core security practices have changed in response to or in anticipation of changing threats. This report also offers perspectives on what organizations can do to leverage data assets to expand opportunities to make their businesses more agile and build trust with their customers. This report also considers both securing the use of GenAI and using GenAI to better secure the enterprise. Differing priorities from different functional leaders and external stakeholders will require security and risk management leaders to build stronger relationships.

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from the first half of the year. Most of the statistical indicators dropped accordingly. Yet, there are subtleties we would like to draw attention to, as they highlight dangerous spots on the cyberthreat landscape.

In year 2023, FortiGuard Labs blocked 2.4 trillion vulnerability attempts and 3 billion malware deliveries to protect its customers from cyber threats. FortiGuard Labs escalated the significant threats through the Outbreak Alert system to raise awareness. These outbreaks highlighted the various targeted and 0-day attacks, weaponized vulnerabilities, malware/ ransomware campaigns, and OT/IoT threats launched last year.

Dragos started the Year in Review to highlight significant trends in the OT cybersecurity community. This year’s report aims to go further by offering practitioners and leaders the most up-to-date data, along with perspectives from the field, to help them better defend critical infrastructure around the world. These perspectives are focused on providing actionable insights that have been tried and tested to help organizations effectively defend against and respond to industrial cyber threats.

The Security Navigator reflects first and foremost the reality of the conflictual nature of cyber warfare. It mirrors the disinhibition of threat actors motivated by state strategies or hacktivism as well as criminal opportunities. In this environment, espionage, sabotage, disinformation and extortion are becoming increasingly intertwined. This document is also intended to become the cornerstone of the partnership of trust that we wish to build with you. It must enrich our debates within a community that is still too isolated.

The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network (KSN) distributed antivirus network. The data was received from those KSN users who gave their voluntary consent to have data anonymously transferred from their computers and processed for the purpose described in the KSN Agreement for the Kaspersky product installed on their computer.

Our findings in this year’s Skybox Vulnerability and Threat Trends Report, detailed below, make the urgency of the situation abundantly clear. Vulnerabilities have skyrocketed, eclipsing all previous records. Attacks are increasing in velocity and impact. Threat actors are targeting more sensitive assets and inflicting more damage. They are better organized—backed increasingly by large crime rings and nation-states—and are employing more sophisticated tools and tactics, such as a growing assortment of backdoor malware and advanced persistent threat (APT) attacks.

This year’s research explored three key outcomes and the capabilities that contribute to achieving those outcomes: Organizational performance, team performance and employee well-being. The research also explored means or performance measures that we often talk about like ends-in-themselves: software delivery performance and operational performance.

In this fourth annual edition of the Microsoft Digital Defense Report, we draw on our unique vantage point to share insights on how the threat landscape has evolved and discuss the shared opportunities and challenges we all face in securing a resilient online ecosystem which the world can depend on.

In the first half of 2023, Forescout Vedere Labs has published numerous blog posts and reports sharing analyses of prominent vulnerabilities, threat actors and malware. In this report, we look back at the research we published in the period of January 1 to July 31, 2023 (2023 H1) as well as other important events and data that we have not covered in the same period to emphasize the evolution of the threat landscape.