Built on passion and expertise, Altitude Cyber delivers strategic advisory services specifically tailored for founders, investors, startups, and their boards. Our unique approach fuses strategic insight with financial acumen to help your company soar to new heights.

In this report, we explore the big names in ransomware, the most frequently targeted sectors, trends in data exfiltration, and which malware and tools are leveraged by ransomware operators. This data creates insights into how organizations can better protect their environments from cyberattacks. The 2023 threat landscape was characterized by a combination of mainstay threat actors and new or reemerging groups. While top variants continue evolving to maintain dominance, the widespread impact of newer groups demonstrates the constant evolution of today’s threats and the need for adaptable defenses and increased cyber resilience.

Dragos started the Year in Review to highlight significant trends in the OT cybersecurity community. This year’s report aims to go further by offering practitioners and leaders the most up-to-date data, along with perspectives from the field, to help them better defend critical infrastructure around the world. These perspectives are focused on providing actionable insights that have been tried and tested to help organizations effectively defend against and respond to industrial cyber threats.

The biggest shift the IBM X-Force team observed in 2023 was a pronounced surge in cyberthreats targeting identities. Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives. In this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns. Lack of identity protections was corroborated by IBM X-Force penetration testing data for 2023, which ranked identification and authentication failures as the second most common finding.

With this report, we want to promote open sharing on cyber threats and incidents and give the industry a public and relevant cyber threat picture anchored on a solid, well-documented basis. The report and knowledge base are the product of a collaborative community effort with our members and the Nordic TIBER Cyber Teams (TCTs) at the centre, with contributions from Nordic government entities.

This report focuses primarily on hundreds of digital forensics and incident response (DFIR) engagements conducted by the Arctic Wolf Incident Response team. The vast majority of these engagements were initiated as part of cyber insurance policies, through our partnerships with insurance providers and privacy law practitioners.

This iteration of the Google Cloud Threat Horizons Report provides a forward-thinking view of cloud security with intelligence on emerging threats and actionable recommendations from Google’s security experts. This report explores top cloud threats and security concerns for 2024, including credential abuse, crypto-mining, ransomware, and data theft.

Ransomware groups exploit vulnerabilities in two distinct categories: those targeted by only a few groups and those widely exploited by several. Each category necessitates different defense strategies. Groups targeting specific vulnerabilities tend to follow particular patterns, enabling companies to prioritize defenses and audits. To defend against unique exploitation, understanding the likely targets and vulnerability types is crucial. Looking ahead to 2024, advancements in generative AI may lower the technical barrier for cybercriminals, facilitating the exploitation of more zero-day vulnerabilities.

The 2024 edition of the CrowdStrike Global Threat Report arrives at a pivotal moment for our global community of protectors. The speed and ferocity of cyberattacks continue to accelerate as adversaries compress the time between initial entry, lateral movement and breach. At the same time, the rise of generative AI has the potential to lower the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more sophisticated and state of the art. These trends are driving a tectonic shift in the security landscape and the world.

Cyberattacks increased two or threefold across nearly every tracked metric in 2023, as cybercriminals continued to ramp up and diversify their attacks. To give the world’s defenders the actionable threat intelligence needed to safeguard against this relentless surge in cybercrime, we’ve compiled our research into the 2024 SonicWall Cyber Threat Report.

In this report, we bring you the insights from that data. It’s part of how we empower organizations to proactively navigate cyber risks, strengthen security approaches, and respond to incidents with unmatched efficiency. This report helps because it gathers real-world information from organizations like yours, so you can learn which threats really a#ect your peers–and how you can face them.

Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries’ most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.

Our respondents were asked to open up about the challenges they’ve faced while securing their digital enterprises over the past year. We are at a critical juncture in digital transformation. The distributed workforce is now the norm, and companies must support remote productivity of which cloud will play a key role. This requires leaders to plan security for hybrid infrastructure – a distinct departure from the inherited on-premises strategies of most organizations. That’s why there is a lot to learn from this year’s temperature check on the industry.

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

2024 is poised to be a hotbed for new challenges in cybersecurity. As both economic and political terrains continue to undergo digitization, enterprises will increasingly leverage artificial intelligence and machine learning (AI/ML), the cloud, and Web3 technologies. While these innovations are expected to lend a hand to organizations, they also provide opportunities for cybercriminals by promising big returns, more streamlined operations on wider impact zones, and more targeted victims. In this report, we detail the focal points of next year’s threat landscape, along with insights and recommended mitigation measures from our team of cybersecurity experts that are designed to guide decision-makers toward well-informed choices.

In our 11th annual Data Breach Industry Forecast, we looked more broadly than ever before at trends and data on a global scale as data breaches have no borders. This, along with the fact that nationstate-sponsored gangs and attacks are becoming increasingly more strategic and purposeful due to political conflicts or interests, made it fitting to expand our lens. Our predictions come from Experian’s long history of helping companies navigate breaches over the past 21 years. Here’s where we expect to see some hard to believe, but possible developments in the world of data security incidents in 2024.

This report is broken into four different threat types: identity, cloud, computer-based, and phishing. Keep in mind, though, that these threats are tightly related. Compromise of user identities can occur through phishing and can impact an organization’s cloud assets and endpoints, or malicious activity on an endpoint may be indicative of an exploited vulnerability. We’ll highlight that interconnectivity throughout.

The world of cybercrime never stands still. In the new Cyber Threat Report – Edition 2021/22 – the IT experts from Hornet security once again take a close look at the gateway of email communication and analyze the latest cybercriminal scams. In doing so, they examine what threats have emerged in 2021, what has become of Emotet, and what companies need to be prepared for when opening their inboxes in the future.

By leveraging its huge user dataset, Hornet security is uniquely positioned to conduct a detailed examination of email-based threats and distill this into important insights for IT security professionals. Email continues to be an essential communication channel. However, in our analysis of more than 45 billion emails, 36.4% are categorized as “unwanted.” 96.4% of unwanted emails are spam or rejected outright due to external indicators, and just over 3.6% were flagged as malicious.

The Cyber Security Report (formerly Cyber Threat Report) is an annual analysis of the current cyber threat landscape based on real-world data collected and studied by Hornet security’s dedicated Security Lab team. Hornet security processes more than two billion emails every month. By analyzing the threats identified in these communications, combined with a detailed knowledge of the wider threat landscape, the Security Lab reveals major trends and can make informed projections for the future of Microsoft 365 security threats, enabling businesses to act accordingly. Those findings and data are contained within this report.

The Hiscox Cyber Readiness Report 2021 reveals that US firms are a global leader in cyber readiness, with more classified as ’cyber experts,’ (25%) compared to other countries. But there is still work to be done when it when it comes to dealing with ransomware and phishing emails, as US businesses are the most likely to pay a ransom. In this year’s report, we saw a disparity when it came to the level of cyber expertise US businesses have versus the actions they take when an attack actually occurs.