In March 2023, Darktrace commissioned a global survey with Censuswide, to 6,711 employees across the UK, US, France, Germany, Australia, and the Netherlands to gather third-party insights into human behavior around email, to better understand how employees globally react to potential security threats, their understanding of email security and the modern technologies that are being used to transform the threats against them.

In this Report, Qualys explores the most common ways adversaries exploit vulnerabilities and render attacks. With analysis performed by TRU throughout 2022, this report provides security teams with data-backed insights that help them gain victory without battle now and into the future.

The reported results are based on the anonymized aggregated data of simulated attack scenarios and campaigns performed with the Cymulate Platform across a global user base. Cymulate uses a proprietary scoring method based on known industry standards including the MITRE ATT&CK Framework, NIST Special Publication 800-50, and other benchmarks. The weighted averages used in this report compensate for the divergence in the relative usage of specific vectors.

This report will focus on dark markets and cross-chain bridges. We continue looking at the trends, current events, hacks, thefts, exploits, and global regulatory developments. Our goal, as always, is to keep you informed and to highlight emerging and ongoing trends to give you the best possible information to keep your business running smoothly.

In the 2023 Unit 42 Ransomware Threat Report explores recent incident response cases, as well as our threat intelligence analysts’ assessment of the larger threat landscape. It also offers predictions for how we believe threat actors will use ransomware and extortion tactics going forward. As of late 2022, threat actors engaged in data theft in about 70% of cases on average, Compare this to mid-2021, and we saw data theft in only about 40$ of cases on average. Threat actors often threaten to leak stolen data on dark web leak sites, which are increasingly a key component of their efforts to extort organizations.

Everstream’s proprietary risk scoring model incorporates historic, present, and future risk across more than 20 major categories. Using human and artificial intelligence, we predict overall risk exposure, probability, severity, and relevance for our individual clients and end users. Every day Everstream identifies relevant events that help our clients avoid disruption, including these from 2022.

This report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provide you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybersecurity operations.

The Evolution of DDoS: Return of the Hacktivists is a joint report by FS-ISAC and Akamai to educate our community on the new and evolving threat of DDoS, the business risks it poses, and best practices on mitigation for the sector to better combat these attacks.

This report will serve as a valuable resource for developers, security professionals, and decisions-makers committed to ensuring the security and integrity of their applications and data. We have never detected as many secrets and secrets sprawl has been accelerating yearly since 2020. Hard-coded secrets increased by 67% compared to 2021, whereas the volume of scanned commits rose by 20% (860M to 1.027B commits between 2021 and 2022).

In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.

In our new State of Cyber Threat Intelligence, we examine the factors that contribute to these two themes: the converging nature of cyber threats as well as the perpetual cycles in which they exist. Plus, we explore the big-picture impact of cyber attacks on organizations across a variety of industries globally and provide guidance on how to fight back.

The focus on resilience is changing the role of security leaders in their organizations. These discussions vary based on many factors, most notably the maturity level of the organization. Long-established legacy orgs have a harder time adopting a new approach, be it A-driven automation, a zero trust framework or DevSecOps practices, while fresh-face startups may have never done it any other way.

This report represents Deep Instinct’s current view of the threat landscape and trends seen between the period January – June 2021 and provides concrete data to verify the credibility of these developments. The information was sourced from our repositories which are routinely analyzed as we continuously protect our customers from unending and varied attacks.

This report represents Deep Instinct’s current view of the threat landscape. The report discusses trends seen during 2020 and provides concrete data to verify the credibility of these developments. The information was sourced from our data repositories which are routinely analyzed as part of protecting our customers from ceaseless attacks.

This report represents Deep Instinct’s current view of the threat landscape, showcasing trends seen throughout the course of the past year and providing concrete, actionable data to verify the credibility of these developments. The information was sourced from our data repositories, which are routinely analysed as part of protecting our customers from ceaseless attacks.

This report represents Deep Instinct’s current view of the threat landscape and trends seen between the period January - September 2022 and where possible provides concrete data to verify the credibility of these developments. The information was sourced from our repositories which are routinely analyzed as we protect our customers from incessant and ever evolving attacks on an ongoing basis.

2022 was another year that kept us on our toes. The threat landscape was heavily influenced by the conflict between Russia and Ukraine, during which we have seen the whole arsenal of offensive cyber capabilities, deployed by criminals, hacktivists, and nation state groups.We saw the overall number of ransomware incidents dip by around 5% compared to the previous year. But, this slight dip does not mean we collectively declare ‘job done’. As a result, we have witnessed several coordinated operations in 2022 that saw arrests of key members of prolific cyber-criminal operations, as well as the disbanding of long-established groups. Least of all Conti, which was 2021’s most active group.”

The mission of this report is to provide actionable intelligence on targeted attacks, cybercrime-motivated threat actors, and campaigns targeting organizations like yours so that you can make well-informed decisions and take prompt effective actions.

In our Underground Threat Activity report, you will find detailed analyses of cyberforum activities that we have observed over the past year, from emerging trends and cybercrime statistics to TTPs employed by TAs across several industries. You can also find our recommendations to mitigate the impact of these attacks, as well as our predictions from the evolution of the threat landscape and emerging threats that we may see in the future.

The cybercrime industry is very dynamic and develops and morphs daily. As a result, new trends keep on emerging that demand us to be on top of things in order to keep our organizations safe and secure. This report will focus on all the major and relevant security trends of 2022 that we can learn from, as well as what can we conclude and predict about how these threats could reveal themselves and change in 2023.

In this report, we have examined the existing gaps in MITRE repositories and how they inhibit security teams from understanding their true threat context. We also introduce Securin’s Vulnerability Risk Score (VRS), an vulnerability ranking system that can help organizations prioritize vulnerabilities based on their risk factors, threat associations, exploitability, and criticality.