Our sixth annual State of the Phish report again brings you critical, actionable insights into the current state of the phishing threat. You’ll learn about: • The end-user awareness and knowledge gaps that could be hurting your cybersecurity defenses The impacts information security professionals are experiencing because of phishing attacks and the ways they’re trying to combat these threats • How Proofpoint customers are approaching phishing awareness training, and the ways we’re helping them measure program success

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy.

If there’s one thing this year’s Global Threat Report really brings home, it’s that there’s never been a better time to get involved in cybersecurity. The stakes are high, and rising every day. Those that read and share this report are helping to educate themselves and others to better protect themselves and their communities, both at work and at home.

This is the threat landscape report from Fortinet for the 4th quarter of 2019. It goes into changes in this quarter, including threat detection changes and attack changes.

FireEye has been detecting and responding to cyber attacks every day for over 15 years. The release of M-Trends® 2020 marks 11 years of providing the cyber security community with insights gained from the frontlines of those attacks.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This report - compiled from the engagements performed throughout 2019 in customer environments by our threat hunting, penetration testing, incident response, tabletop exercise, and assessments teams

This report anticipates activity targeting and affecting ICS to increase into 2020 and further. It expects to see more adversaries expand their focus to additional criticalinfrastructure and industrial environments, which willlikely align with activity associated with military orgeopolitical conflict. Although defenders continue to gaininsight through OT-specific detection and monitoringplatforms, it is imperative people continue to improvevisibility into activities and threats impacting criticalinfrastructure.

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. Dragos identifies errors in the vulnerability scores associated with public reports, a critical part of our vulnerability assessments. By identifying and updating errors in vulnerability scores, Dragos vulnerability assessments help asset owners and operators better prioritize and manage patching and update procedures.

The survey results and relevant observations are as follows: The inner workings of this underground economy havecome to play an influential role in many of the cyberand physical risks facing organizations today. Toenhance the context within which these illicit goodsand services are obtained, abused, and ultimatelycontribute to such risks, Flashpoint analysts conducteda survey of the prices for various offerings listed forsale across the Deep & Dark Web. While analysts’findings should be interpreted as case studies andgeneral observations rather than precise statistics, thisreport can and should serve to inform the security andrisk strategies of organizations across all sectors.

This guide was constructed with insight from a global panel of Malwarebytes experts and external experts from a variety of disciplines. It also features a brief review of cybercrime history, the emergence of new participants and the impact on businesses and individuals.

Accenture details trends in cyber threats in 2019. It narrows it down to five key features of the 2019 Trendscape: 1. New threats are occuring from technology evolution and disinformation. 2:Cybercriminals adapt, hustle, diversify, and are looking more like states. 3: hybrid motives pose new dangers of ransomware defense and response 4:Improved ecosystem hygiene is pushing threats to the supply chain

Imperva outlines trends in the DDoS threat landscape in 2017, including that the number of attacks has doubled, that crypto-currency continues to be targeted, and that persistent attacks are growing more common.

Ponemon Institute is pleased to present the findings of the second study on vulnerabilityand patch management. As shown inthis research, the severity and volume ofcyberattacks is increasing. However, mostorganizations are not comparably enhancingtheir abilities to prevent hackers fromexploiting attack vectors. In fact, it’s takinglonger to detect and longer to patch criticalvulnerabilities than last year. The cost andconsequences of this failure are myriad.

This year’s Internet Crime Report highlights the IC3’s efforts to monitor trending scams such as Business Email Compromise (BEC), Ransomware, Elder Fraud, and Tech Support Fraud. As the report indicates, in 2019, IC3 received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported losses were BEC, Confidence/Romance Fraud, and Spoofing. More details on each of these scams can be found in this report.

A focused subset of Cisco’s 2018 full Cyber Security Report, focusing on cloud security practices.

X-Force Incident Response and Intelligence Services (IRIS) compiled IBM Security software and security services analyses from the past year, which show that 2019 was a year of reemerging old threats being used in new ways.

A long form narrative on several threat trends seen in recent months.

2020 edition of the Unit 42 Cloud Threat Report, ourteam of elite cloud threat researchers focused theirattention on the practices of DevOps. The research aimedto uncover where cloud vulnerabilities are surfacing.DevOps teams are shortening the time to productionusing infrastructure as code (IaC) templates. But the IaCtemplates themselves are not the issue. It’s the flawedprocess by which they are being created.

In this special CTNT report on healthcare, wefocus on the top threat categories and familiesthat plagued the medical industry over the lastyear, as well as the most common attack methodsused by cybercriminals to penetrate healthcaredefenses. In addition, we highlight the securitychallenges inherent to organizations, from smallprivate practices to enterprise health maintenanceorganizations (HMOs), as well as the reasons whyhackers look to infiltrate their defenses. Finally,we look ahead to future biotech innovations andthe need to consider security in their design andimplementation.

This report covers penetration prevention in the last year. It covers changes in penetration prevention such as the levels of risk incurred by applications, the way the shift to the cloud affects risk, and how the size of the business affects risk.