This report shares insights from the XM Cyber Research team’s analysis of the Attack Path Management platform from January 1st, 2021 - December 31st, 2021. The Impact report begins with a close look at the methodology of attack paths and then reveals the impact of attack techniques used to compromise critical assets across organizations, whether hybrid, on-prem or multi-cloud.

First, the bad - adversaries continued to innovate and alter strategies aimed at taking down DDoS protections with direct-path DDoS attacks and high-powered server-class botnets. Meanwhile, a little good news came in the way of a decrease in some reflection/amplification vectors, floating overall DDoS attack number down. Despite this decrease, the bad news tells us we must remain vigilant to combat ever-changing attacker methodologies and tactics.

This report is to share notable trends and investigations to help inform our community’s understanding of the evolving security threats we see. During some quarters, our reporting may focus more on a particular adversarial trend or tactics we see emerge across different threat actors. During other quarters, we may dive into an especially complex investigation or walk through a novel policy application and relate threat disruptions.

Get the latest Cortex Xpanse “Attack Surface Threat Report” to understand the risks, and learn how automation can help security teams stop chasing a moving post and reduce risks. The Cortex Xpanse research team studied the global attack surface by monitoring scans of 50 million IP addresses associated with 100+ global enterprises and discovered that the attack surfaces of all industries continue to grow. As security teams struggle to keep up, the constant stream of new issues becomes an ever-expanding backlog of exposure - misconfigured RDP, exposed admin portals, insecure Apache Web servers or Microsoft Exchange servers, and more.

Based on Arete case data, the commonly observed techniques and vulnerabilities of 2021 will likely not change through most of 2022. In the Arete Annual Crimeware Report, we will discuss: notable tactics and techniques observed in threat actor campaigns, notable negotiation insights gleaned from ransomware cases, how law enforcement has changed its games and how the threat landscape will evolve in 2022.

Between February and March 2022, Prevalent conducted a study on current trends, challenges and initiatives impacting third-party risk management (TPRM) practitioners worldwide.

This 2021 State of Phishing and Online Fraud Report highlights the key trends that drove digital scams using data gathered from analyzing more than one billion sites. A multitude of factors drove record growth in fraud campaign activity in 2020 with an increase of 185% from what was observed in 2019.

Our latest Trellix Threat Lab Research Report includes our findings from Q4 2021, our identification of a multi-stage espionage attack on high-ranking government officials, and our recent analysis of cyberattacks targeting Ukraine and the newly identified HermeticWiper during Q1.

The Secureworks Counter Threat Unit (CTU) research team analyzes security threats and helps organizations protect their systems. During January and February 2021, CTU researchers observed notable developments in threat behaviors, the global threat landscape, and security trends, and identified lessons to consider.

This report is a technical overview of the IsaacWiper malware reported by ESET. The malware was primarily delivered to Ukrainian organizations coincident with the Russian invasion of Ukraine.

A review of the threat landscape (actors, actions, etc._ affecting industrial infrastructure in Europe.

The first update to the Fortinet regular Threat Landscape Report for 2022. Covers major trends in threats as determined by Fortinet’s global sensor network.

This report describes how money laundering is typically performed in the context of large-scale cyber heists. It illustrates key parts of the typical processes used by cyber criminals with examples to help better inform readers on areas they should focus on to better prevent, detect and respond to money laundering. In addition, the report offers perspectives on areas in which controls could be further improved and how money laundering techniques may evolve

This report is based on an annual survey of boards of directors and C-suite executives about risks on the horizon for the upcoming year. It highlights top risks of immediate concern on the minds of executives for this year - 2021 - and for the long-term - 2030.

This is the threat landscape report from Fortinet for the first half of 2021. It covers threat detection changes and attack changes from January to July.

A survey of 500 IT leaders and 2000 remote-working employees within the UK and US on data losses. Focusing on human interaction issues such as email and insider threat events

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely.

A survey-driven report of 1,200 cybersecurity professionals from several countries. This survey focuses on the prevalence and impact of ransomware.

A survey of CISOs across 1,400 organizations supplemented with interviews of 100 individuals.

This report breaks down several of the most common and most prominent types of cyber threats that impact automobile manufacturers and retailers.

This report is a market analysis of companies in Asia-Pacific. It aims to look at new security challenges they face due to remote work.