Cobalt’s 5th edition of The State of Pentesting explores this question, tapping into data from 3,100 pentests and over 1,000 responses from security practitioners in the United States, the United Kingdom, and Germany. Disruption, transformation, volatility — Top 5 most prevalent security issues whichever keyword fits your style, it all points to one fact: change is the constant security teams have had to live by for years.

The Google Cloud Threat Horizons Report brings decision-makers strategic intelligence on threats to cloud enterprise users and the best original cloud-relevant research and security recommendations from throughout Google’s intelligence and security teams.

For the report, Marsh McLennan paired its extensive proprietary dataset of cyber claims with the results from Marsh Cybersecurity Self-Assessment (CSA) questionnaires, which are composed of hundreds of questions and responses from individual organizations. When combined, the two datasets allow for deep insights into which cybersecurity controls have the greatest effect on the likelihood of an organization experiencing a cyber event. Such innovative use of data and analytics can help companies identify which controls to prioritize. In turn, this can help position an insured favorably during cyber insurance underwriting.

Our second annual report presents key insights drawn from tens of thousands of attack path assessments conducted through XM Cyber’s exposure management platform during 2022. These assessments uncovered over 60 million exposures affecting 10 million entitles deemed critical to business operations. Anonymized datasets were exported from the XM Cyber platform and provided to Cyentia Institute for analysis.

The analysis in this report was conducted by the PwC Threat Intelligence practice, which is distributed across Australia, Italy, Germany, Netherlands, Sweden, United Kingdom, and the United States. It is based on our in-house intelligence datasets on cyberattacks and targeting from a wide variety of threat actors, intelligence gleaned from PwC’s incident response engagements around the world, and our managed threat hunting services, as well as publicly available information.

Throughout 2022, the cyber threat landscape reflected real world events and geopolitical tensions, with much of the year impacted by the Russian invasion of Ukraine. Log4Shell ushered in a chaotic start to 2022 and highlighted the positive impact of industry collaboration, as well as the criticality of patching and understanding the footprint of widely used software in environments.

MSPs have unique cybersecurity challenges to secure their businesses and customers. The “2023 MSP Threat Report” addresses these challenges specifically, using threat intelligence, insights, and predictions from the ConnectWise Cyber Research Unit (CRU). The report covers the following: Major MSP-focus hacks in 2022, emerging and continuing cyberattack trends, top ransomware methods of threat actors, and action items for MSPs in 2023.

This white paper breaks down existing methods of preventative cyber security and deep dives into Darktrace PREVENT: a product family that combines many of the best aspects of existing methods in an end-to-end, AI-powered solution.

In March 2023, Darktrace commissioned a global survey with Censuswide, to 6,711 employees across the UK, US, France, Germany, Australia, and the Netherlands to gather third-party insights into human behavior around email, to better understand how employees globally react to potential security threats, their understanding of email security and the modern technologies that are being used to transform the threats against them.

In this Report, Qualys explores the most common ways adversaries exploit vulnerabilities and render attacks. With analysis performed by TRU throughout 2022, this report provides security teams with data-backed insights that help them gain victory without battle now and into the future.

The reported results are based on the anonymized aggregated data of simulated attack scenarios and campaigns performed with the Cymulate Platform across a global user base. Cymulate uses a proprietary scoring method based on known industry standards including the MITRE ATT&CK Framework, NIST Special Publication 800-50, and other benchmarks. The weighted averages used in this report compensate for the divergence in the relative usage of specific vectors.

This report will focus on dark markets and cross-chain bridges. We continue looking at the trends, current events, hacks, thefts, exploits, and global regulatory developments. Our goal, as always, is to keep you informed and to highlight emerging and ongoing trends to give you the best possible information to keep your business running smoothly.

This report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provide you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybersecurity operations.

This report will serve as a valuable resource for developers, security professionals, and decisions-makers committed to ensuring the security and integrity of their applications and data. We have never detected as many secrets and secrets sprawl has been accelerating yearly since 2020. Hard-coded secrets increased by 67% compared to 2021, whereas the volume of scanned commits rose by 20% (860M to 1.027B commits between 2021 and 2022).

In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.

In our new State of Cyber Threat Intelligence, we examine the factors that contribute to these two themes: the converging nature of cyber threats as well as the perpetual cycles in which they exist. Plus, we explore the big-picture impact of cyber attacks on organizations across a variety of industries globally and provide guidance on how to fight back.

Unit 221B assessed Deep Instinct’s claims that their Endpoint Protection Platform (EPP) product can automatically prevent unknown threats by using deep learning to identify patterns indicative of malicious behavior prior to execution on the endpoint.

This report represents Deep Instinct’s current view of the threat landscape. The report discusses trends seen during 2020 and provides concrete data to verify the credibility of these developments. The information was sourced from our data repositories which are routinely analyzed as part of protecting our customers from ceaseless attacks.

2022 was another year that kept us on our toes. The threat landscape was heavily influenced by the conflict between Russia and Ukraine, during which we have seen the whole arsenal of offensive cyber capabilities, deployed by criminals, hacktivists, and nation state groups.We saw the overall number of ransomware incidents dip by around 5% compared to the previous year. But, this slight dip does not mean we collectively declare ‘job done’. As a result, we have witnessed several coordinated operations in 2022 that saw arrests of key members of prolific cyber-criminal operations, as well as the disbanding of long-established groups. Least of all Conti, which was 2021’s most active group.”

The mission of this report is to provide actionable intelligence on targeted attacks, cybercrime-motivated threat actors, and campaigns targeting organizations like yours so that you can make well-informed decisions and take prompt effective actions.

The annual report surveys the threat landscape of 2022, summarizing a year of intelligence produced by Recorded Future’s threat research team, Insikt Group. We analyze global trends and evaluate significant cybersecurity events, geopolitical developments, vulnerability disclosure, and more, providing a broad, holistic view of cyber landscape in 2022.