In this edition, we again focus on concentration of malicious activity by the same six categories we studied in the last edition in the Fall of 2021. We expect that some criteria will remain relevant over the foreseeable future; that is, as datapoints related to domain names, there are unlikely to become less forensically-valuable unless that internets fundamental structure changes. Other datapoints may wax and wane in relevance.

This report aims to take a look at the times when things did not work as intended—not to point fingers but to help us all learn and improve. In a time where almost everyone, corporations and individuals alike, is looking at ways to do more with less, we believe a close analysis of when our defenses failed can be very beneficial. While times of great change are always challenging, they often also prompt us to take stock of our situation and, if necessary, refocus both our viewpoint and our energies. Such is the case with the DBIR this year. As a team, we decided to take a step back toward the fundamental things that got us where we are, an intense focus on actual data breaches analyzed using our own VERIS Framework. And speaking of VERIS, one of the new goodies this refocusing brings is an even better mapping between VERIS and MITRE ATT&CK through a collaboration with MITRE Ingenuity and the Center for Threat Informed Defense (CTID).

In this report, Perception Point analyzes the most pervasive attacks its advanced threat detection platform detected in 2022, noting a particular increase in account takeover attacks in the latter half of the year as well as an ongoing growth in phishing attacks. This report examines cyber threats through distinct lenses based on the intelligence gathered by Perception Point’s proprietary detection engines and its managed incident response service.

Our annual State of the Phish report explores end-user security awareness, resilience and risk across 15 countries (eight more than in previous years). The report benchmarks understanding of common cyber threats and defensive tactics and reveals how potential gaps in knowledge and cyber hygiene enable the real-world attack landscape. Most attacks target people before they target systems. That’s why helping users build sustainable security habits is crucial.

This report will help you recognize the social engineering tactics and sophisticated coding used in phishing attacks, so you can prevent costly data breaches. Read on for an in-depth look at the latest phishing trends and observations the ThreatLabz team collected throughout the past year, and get best practices for safeguarding your organization against ever-evolving phishing techniques.

The report is based on threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams. It provides actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever evolving threats. In this and future threat intelligence reports, Google will provide threat horizon scanning, trend tracking, and Early Warning announcements about emerging threats requiring immediate action.

The report outlines the most significant identity attacks of 2022, the weaknesses of MFA, and the IAM hygiene issues that are increasing identity attack surfaces. This report analyzed user data, login information, and information from identity providers including Okta, Azure Active Directory, Duo, and Auth0. In total, the analysis covers more than 500,000 identities from organizations with 1,000+ employees.

It’s a horror story that many organizations are familiar with - an employee clicks a link or visits a website, and chaos ensues. At best, it’s just a minor disruption. At worst, business continuity is broken, and an organization’s critical infrastructure is at risk. Regardless of the outcome, managing human risk is a major part of business today. In this report, we dive into what makes workers high risk, where those high risk users spend their time, what are their riskiest behaviors, and what that might mean for your organization’s security.

For the report, Marsh McLennan paired its extensive proprietary dataset of cyber claims with the results from Marsh Cybersecurity Self-Assessment (CSA) questionnaires, which are composed of hundreds of questions and responses from individual organizations. When combined, the two datasets allow for deep insights into which cybersecurity controls have the greatest effect on the likelihood of an organization experiencing a cyber event. Such innovative use of data and analytics can help companies identify which controls to prioritize. In turn, this can help position an insured favorably during cyber insurance underwriting.

In March 2023, Darktrace commissioned a global survey with Censuswide, to 6,711 employees across the UK, US, France, Germany, Australia, and the Netherlands to gather third-party insights into human behavior around email, to better understand how employees globally react to potential security threats, their understanding of email security and the modern technologies that are being used to transform the threats against them.

In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.

The IBM Security X-Force Threat Intelligence Index 2023 tracks new and existing trends and attack patterns and includes billions of datapoints ranging from network and endpoint devices, incident response (IR) engagements, vulnerability and exploit databases and more. This report is a comprehensive collection of our research data from January to December 2022.

Our findings should serve as a wake-up call to both the mid-market segment and the cyber security industry that is currently underserving it. In just the past two years, attacks against mid-sized companies overall have increased by 150%, with attacks against specific sectors ranging from just about doubling to nearly tripling over that two-year period. At the same-time, mid-market companies’ defenses against these growing attacks have not kept pace.

This report, co-authored by our security operations center (SOC) leadership team, aggregates data from the incidents we investigated in 2022. It covers our full customer base, from small and midsize companies to enterprise organizations at every phase of the security journey across every industry we serve.

2023 will most likely be just challenging as the previous few years, but I’m confident that the cybersecurity market has the right tools to deal with the constantly shifting cybercrime landscape and new/consolidated threats, whether we’re talking about supply chain attacks, ransomware, deepfakes or cyber espionage.

This study documents and quantifies how Mimecast protects organizations against threats. Cybercrime affects every organization no matter the size or type, and it’s a threat that is growing and changing constantly.

RiskRecon studied 1,000 publicly reported destructive ransomware events that occurred between January 2016 and November 2022. These publicly reported events were identifies through internet keyword searches, monitoring of event disclosure sites, dark web sites, and 8K SEC filings. Events in which the impact was limited to data theft were excluded.

Ivanti surveyed over 6,500 executives leaders, cybersecurity professionals and office workers in October 2022. Our goal: to understand today’s threats - from the perspective of security professionals, as well as executive leaders and all other office workers - plus find out how companies are preparing for yet - unknown future threats.

To understand the challenges facing U.S. government agencies, Lookout analyzed data specific to our federal, state and local customers from the Lookout Security Graph. The graph, which includes telemetry and more than 175 million apps, enabled us to identify and break down the most prominent mobile threats agencies face. For this report we specifically reviewed data from 2021 and the first half of 2022.

The study revealed that every fourth organization believes they are at greater cybersecurity risk now than before the pandemic. The most common incidents reported since transition to remote work were dependent on the human factor and included phishing, admin mistakes and improper data sharing by employees.

The 2021 Remote Workforce Security Report reveals the current state of protecting the new workforce of widely distributed organizations. The report explores their key challenges, along with the new security threats they face, technology gaps and preferences, investment priorities, and more.