The 2023 OpenText Cybersecurity Threat Report is based on data continuously and automatically captured by the BrightCloud Platform — the proprietary machine learning based architecture that powers all of our Webroot protection and BrightCloud services. This data comes from over 95 million real-world endpoints and sensors, specialized third party databases, and intelligence from end users protected by our technology partners. In this report, we’ll break down a broad range of threat activity, offer insights into the trends we’ve observed, discuss wide reaching impacts for industries, geographies, companies, and individuals, and reveal what our threat experts expect to see in the coming year.

In 1H 2023, we observed significant activity among advanced persistent threat (APT) groups, a rise in ransomware frequency and complexity, increased botnet activity, a shift in MITRE ATT&CK techniques used by attackers, and more. As we examine activity in the first half of 2023, we see cybercrime organizations and nation-state cyber-offensive groups swiftly adopting new technologies. Notably, some of these actors operate much like traditional enterprises, complete with well-defined responsibilities, deliverables, and objectives.

In the first half of 2023, Forescout Vedere Labs has published numerous blog posts and reports sharing analyses of prominent vulnerabilities, threat actors and malware. In this report, we look back at the research we published in the period of January 1 to July 31, 2023 (2023 H1) as well as other important events and data that we have not covered in the same period to emphasize the evolution of the threat landscape.

This report presents analysis of insights gathered from 130 leading CISOs who participated in the 2023 Team8 CISO Village TLV Summit, an exclusive and intimate gathering of CISOs from global prominent enterprises, many of which are Fortune 500 companies. This report incorporates previously unpublished information gathered from the 2022 CISO Village TLV Summit Survey.

With security threats putting everything from personal information to critical infrastructure at risk, and with the incidence of ransomware attacks and other data breaches increasing, the 2023 RSA ID IQ Report provides cybersecurity professionals with insights into users’ understanding and behavior. By reviewing users’ answers on the identity components needed to develop a zero trust framework, multi-factor authentication, the vulnerability of mobile devices, and other cybersecurity threats, leaders can prioritize actions and implement best practices to keep their organizations secure.

This survey was designed to shed light on current practices, obstacles, and perspectives in vulnerability management. Through understanding how organizations are tackling these challenges, the “2023 State of Vulnerability Management” report offers strategic insights and industry benchmarks.

This 2023 Ransomware Report presents insights gathered from a survey of 435 cybersecurity professionals, shedding light on organizations’ preparedness and approaches to combating ransomware. The report identifies gaps and obstacles that hinder robust security posture, and outlines strategies for prevention and remediation of ransomware attacks.

The survey asked about the impact that ransomware had on their environments, as well as what their IT strategies and data protection initiatives are moving forward. While analysts forecasted growth in overall IT spending for 2023 between 4.5%** by IDC and 5.4%*** by Gartner, respondents in this survey expect their cyber security (preventative) budgets to grow by 5.6% and their data protection (remediation) budgets to grow by 5.5% in 2023.

Axio researchers analyzed updated data from the Axio360 Ransomware Preparedness Assessment tool to prepare the 2022 State of Ransomware Preparedness report (2022 Study). The Ransomware Preparedness Assessment is informed by input from hundreds of ransomware events, guidance from the U.S. Department of Homeland Security, and Axio’s own research. Organizations across multiple critical infrastructure sectors have used the tool to determine the strength of their ransomware practices and controls, to identify gaps, and to prioritize improvements.

Our new report examines how the interplay of all these factors will result in increased attacker opportunity. Indeed, as adversaries embrace artificial intelligence (AI) to enhance and scale their identity based attacks, security teams are being asked to do more with less as budget cuts widen existing skills and resource gaps.

In the first half of 2023, Arete observed several distinct trends and shifts in the cyber threat landscape. Leveraging the data collected during each incident response engagement, we can see the rise and fall of ransomware variants, notable trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next. The threat landscape continues to evolve with the widespread introduction of AI tools, lower barriers of entry into cybercrime, new vulnerabilities, and the socioeconomic effects of the Russia-Ukraine war.

Organizations are facing a growing number of security alerts, a quickly evolving threat landscape, and ongoing staffing shortages. To better understand these challenges and how organizations are prepared to address them, Swimlane recently partnered with Dimensional Research, a leading independent research firm, to survey security professionals and executives from around the world. The survey investigated the perceptions of cybersecurity among front-line professionals, current trends in attracting and retaining top talent, and the effectiveness of tools leveraged to address security challenges.

In this report, Halcyon demonstrates a unique method for identifying C2P entities that can potentially be used to forecast the precursors of ransomware campaigns and other attacks significantly “left of boom.” The ransomware economy is supported by a number of illicit groups that each provide one small piece of the puzzle that is cybercrime. From initial access brokers (IABs) to crypto money launderers, the criminal ecosystem that has sprung up around ransomware is vast.

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

We lay out the ransomware landscape in this State of the Internet (SOTI) report by exploring some of the most effective attack techniques and tools that ransomware groups are utilizing to achieve initial access through exfiltration. We also provide an extensive list of safeguarding techniques and recommendations. It is crucial that both industries and individuals protect themselves from the new wave of ransomware attacks, and this report will help provide insights for better defense and risk management of this growing concern.

For this year’s report, we have incorporated additional data from previous years to provide an enhanced view of the present threat climate. Additionally, given the prevalence of internal compromises over external, we chose to focus the bulk of our analysis on internal attack vectors, and then compared this data to maturity scores.

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

This paper aims to provide a high-level overview of the implications of ChatGPT in the cybersecurity industry, without delving into the granular details of artificial intelligence. We will explore the key concepts and domains that are crucial for understanding ChatGPT’s capabilities, as well as the potential impact on businesses.

This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

In this 2023 Mid-Year Horizon Report, we delve into the significant cybersecurity issues that are affecting the healthcare industry. We cover topics such as emerging data theft tactics, the use of risk-based identity alerting to strengthen security, and the potential impact of using ChatGPT on healthcare data security.