Weak passwords abound, and ATO is interrupting services critical to every aspect of online life: working, streaming, ordering, paying, and just plain connecting. Raising security awareness of this topic can certainly help; but the ATO threat will remain endemic until the problems inherent to password use are resolved.

The CDR is the most geographically comprehensive, vendor-agnostic study of IT security decision makers and practitioners. Rather than compiling cyberthreat statistics and assessing the damage caused by data breaches, the CDR surveys the perceptions of IT security professionals, gaining insights into how they see the world.

Amid our worldwide bedlam, this report is aimed at informing for the purposes of preparation. Whether you find yourself in the midst of government affairs, technology management, or business operations, the state of rising factors impacts nearly every country, either directly or indirectly, and provides a ripe setting for cyberattacks to thrive. Based upon research conducted and shared amongst our various practices in DevSecOps, Offensive Security, Governance-Risk-Compliance, Threat Intelligence, and Research, we have completed our overall analysis to focus on the following evolving threats as we navigate through 2022.

This report investigates the trends, pioneered by the Maze ransomware group, of double extortion. In particular, we examine the contents of initial data disclosures intended to coerce victims to pay ransoms. Rapid7 analysts investigated 161 separate data disclosures between April 2020 and February 2022 and identified a number of trends in the data.

As these ransomware gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022. As a result, ransomware has become one of the top threats in cybersecurity and a focus area for Palo Alto Networks. This report provides the latest insights on established and emerging ransomware groups, payment trends, and security best practice.

The Blackberry 2022 Threat Report is not a simple retrospective of the cyberattacks of 2021. It is a high-level look at issues affecting cybersecurity across the globe, both directly and indirectly. It covers elements of critical infrastructure exploitation, adversarial artificial intelligence (Al), initial access brokers (IABs), critical event management (CEM), extended detection and response (XDR), and other issues shaping our current security environment.

Arctic Wolf’s 2022 Security Trends Report provides insight into the current and future state of these cybersecurity teams as they attempt to move their security programs forward while dealing with an ever-evolving threat environment. Our research findings show that ransomware, phishing and vulnerabilities don’t just monopolize headlines, they’re taking up security professionals’ headspace, too. Defending an increasing number of threats from attackers with far more resources feels like a lost cause too many businesses.

This report was created by the ConnectWise Cyber Research Unit (CRU) - a dedicated team of ConnectWise threat hunters that identifies new vulnerabilities, researches them, and shares what they find for all to see in the community. The CRU monitors ransom leak sites and malicious botnets for new threats, uses OSINT resources, and utilizes data from the ConnectWise SIEM powered by Perch to help create content and complete research.

In 2021, the industry saw a transition into threat actor separation of duties, with an increase in groups focused on obtaining and selling access to victims (Initial Access Brokers). In observing this trend, Deepwatch has taken note of the proliferation of Initial Access Brokers and how it correlates with a shift in focus, away from specific industries and towards attacks of opportunity. As this trend continues, more emphasis must be placed on risk management of organizations’ internet exposure.

Today, data is a company’s most valuable asset, leading many to invest in Insider Risk Management programs. Recent trends around employee turnover and remote work have created unprecedented challenges for security teams to protect valuable data from leaving the company. There needs to be most investments around educating the Broad, training employees, and increasing visibility to data movement.

At Nuspire, we’re still witnessing threat actors using malicious files and cashing in on newly announced vulnerabilities. Threat actors are opportunistic for the most part and seek the easiest access for the least amount of effort. We explore these ideas and cover some of the most prevalent ways we’ve see threat actors attempt to breach the gates. After we dig into the data, we’ll provide you with actionable takeaways you can apply to your network to harden your defenses.

This study offers the kind of insights CISOs have long been asking for - to benchmark their situation and experience against others; to learn from what their peers are doing and planning to do ; and to validate ideas and obtain solid data to justify investments in these areas.

The intent of the exercise was to assess public and private sector-wide communications and information-sharing mechanisms, crisis management protocols, and decision-making, as well as legal and regulatory considerations as exercise participants responded to and recovered from significant ransomeware attacks targeting the financial sector. The scenario emphasized global cross-jurisdiction information sharing among financial firms, central banks, regulatory authorities, trade associations and information-sharing organizations.

A recent Authentication Security Strategy survey by Enzoic and Redmond magazine revealed insights into the way that passwords are currently being used in various organizations, and what the future looks like regarding this ubiquitous authentication method.

For this, our 15th anniversary installment, we continue in that same tradition by providing insight into what threats your organization is likely to face today, along with the occasional look back at previous reports and how the threat landscape has changed over the intervening years.

Now in its seventh year, Sonatype’s 2021 State of the Software Supply Chain Report blends a broad set of public and proprietary data to reveal important findings about open source and its increasingly important role in digital innovation.

For the State of Cloud Security 2021, we surveyed 300 cloud professionals, including cloud engineers, cloud security engineers, DevOps, and cloud architects, to better understand the risks, costs, and challenges they are experiencing managing cloud security at scale.

The goal of this survey was to understand the current state of SaaS security and misconfigurations. The survey was conducted online by CSA from January to February 2022 and received 340 responses from IT and security professionals from various organization sizes and locations. CSA’s research team performed the data analysis and interpretation for this report.

This report explores how CISOs are adjusting in the wake of pandemic disruption, adapting strategies to support long-term hybrid work and battling an increasingly sophisticated threat landscape. We also examine how people put organizations at risk and how CISOc change priorities in response.

Based on Arete case data, the commonly observed techniques and vulnerabilities of 2021 will likely not change through most of 2022. In the Arete Annual Crimeware Report, we will discuss: notable tactics and techniques observed in threat actor campaigns, notable negotiation insights gleaned from ransomware cases, how law enforcement has changed its games and how the threat landscape will evolve in 2022.

For many cybersecurity community, the past several months have been a dumpster fire. We’ve analyzed and tracked definitive data from more than 1,500 incident response and forensic cases over 12 months to provide unique visibility into the state of ransomware.