This annual report is the result of the CRU’s research and analysis of nearly half a million alerts reviewed by the ConnectWise team, which is filtered into key takeaways and action items that affect MSPs the most. The information in this report is built to help MSPs protect their SMB customers. Our goal is to help you understand and prepare for the threats you and your customers are likely to face so you can focus your time, energy, and money on defenses that will impact your customers.

In this report, cybercriminal landscape remained diverse, comprising both lone actors and criminal networks offering a wide range of expertise and capabilities. Some cybercriminals targeting the EU were based within the EU, while others preferred to operate from abroad, concealing their illicit operations and funds in third countries. The use of deepfakes is another area of concern as this is a powerful addition to the cybercriminal toolbox.

This report provides insights into the current state of enterprise cyber risk and the role of AI in it. AI is revolutionizing business and has the potential to significantly improve cybersecurity outcomes. Many already have plans to use integrated AI in cyber tools, especially for inferencing, data analysis, and GenAI conversational systems.

This report nearly coincided with one of the most disruptive cyber attacks in the history of healthcare. The massive payment disruptions for U.S. healthcare providers resulting from the February 2024 BlackCat ransomware attack on Change Healthcare was an extreme yet highly illustrative example of the third-party risks stemming from high interdependence among healthcare organizations. This paper aims to help healthcare organizations and their partners reduce such risks.

This report comes at a time when top organizational risks, such as supply chain, cybersecurity, and third-party risks cut across large parts of all organizations. Stopping supply chain attacks requires understanding their causes and the variables that contribute to them. SecurityScorecard threat researchers assist in that effort by helping organizations gauge their overall risk levels and set priorities for vendor vetting.

In this report, he have to caveat by saying that these figures are lower bound estimates based on inflows to the illicit addresses we’ve identified today. One year from now, these totals will almost certainly be higher, as we identify more illicit addresses and incorporate their historic activity into our estimates. 2023 was a year of recovery for cryptocurrency, as the industry rebounded from the scandals, blowups, and price declines of 2022.

The Google Cloud Cybersecurity Forecast 2024 report predicted that cyber criminals and nation-state cyber operators will more heavily leverage server-less technologies within the cloud because it offers greater scalability, flexibility, and can be deployed using automated tools. The report focuses on recommendations for mitigating risks and improving cloud security for cloud security leaders and practitioners.

Unit 42 analyzed several petabytes of public internet data collected by Cortex Xpanse — the Palo Alto Networks attack surface management solution — in 2022 and 2023. This report outlines aggregate statistics about how attack surfaces worldwide are changing and drills down into particular risks that are most relevant to the market. Today’s attackers have the ability to scan the entire IPv4 address space for vulnerable targets in minutes.

The primary goal of OT Security Leaders it to ensure that the risk of a cyber incident impacting the Reliability, Availability and Safety of operations is minimised. This requires identification and management of vulnerabilities, and a layer of controls to prevent threat actors from accessing networks. The logical starting point is to identify and classify all assets though this is rarely a simple task.

Howden’s fourth annual report on the cyber insurance market. The themes for this year’s edition are risk, resilience and relevance.This report reveals that more than half of premium growth is likely to emanate from non-U.S. territories. In the major European economies of Germany, France, Italy and Spain alone, the premium uplift potential in just replicating penetration levels recorded in more mature markets can be measured in the (high) hundreds of millions of euros.

SecurityScorecard researchers identified not only a pool of 150 top vendors – based on their detectable market share of products and customers – but also a subset of 15 “heavy hitters” with an even higher market share concentration. In today’s interconnected world, concentrated cyber risk threatens national security and global economies. Much like a precarious house perched on a cliff’s edge, the reliance on a handful of vendors shapes the foundation of our global economy.

This report offers insights onto the threats and suspicious activity across those flows. It also provides strategic, tactical, and operational information on all traffic in all directions utilizing the MITRE ATT&CK framework. In additional, the report highlights the applications, protocols, and tools running on these networks.

The fifth Sophos annual study of the real-world ransomware experiences of manufacturing and production organizations around the globe explores the full victim journey, from root cause to severity of attack, financial impact, and recovery time. Fresh new insights combined with learnings from our previous studies reveal the realities facing businesses today and how the impact of ransomware has evolved over the last five years.

Based on that data and Sophos threat research, we see that ransomware continues to have the greatest impact on smaller organizations. But other threats also pose an existential threat to small businesses. Data theft is the focus of most malware targeting small and medium businesses—password stealers, keyboard loggers, and other spyware made up nearly half of malware detections. Email attacks have begun to move away from simple social engineering toward more active engagement with targets over email, using a thread of emails and responses to make their lures more convincing.

We chose to analyze four recent ransomware attacks. These ransomware attacks resulted in significant business disruption and financial impact, and in some cases, continue to result in collateral damage. While details are often sparse on how the attacks happened, the nature of the attack can be examined to determine the degree to which basic ransomware controls impact organizational outcomes. Many ransomware attacks are not technically sophisticated, but instead take advantage of controllable gaps and lapses that organizations do not actively seek to identify and remediate.

That is the purpose of this report is to show you the hours saved, the data aggregated, and the research methodologies laid bare. you’ll find several sections covering some of the bigger mass exploitations of 2022, also known as celebrity vulnerabilities.

This report presents multiple segments detailing various key aspects of major mass exploitations of 2023. We encourage you to view the year through the perspective of a defender, say on a security operations (SOC) team, with limitless access to GreyNoise data. From this vantage point, see how 2023 might have appeared if you had utilized our datasets* to remain at the forefront of thwarting widespread internet exploits.

In the second quarter of 2023 GreyNoise researchers observed a substantial change in the behavior of some regular internet scanning idioms. Inventory scans—where both benign and malicious actors perform regular checks for a given technology or specific vulnerability being present—significantly reduced in frequency and scale. These targeted attacks threaten to circumvent existing defense capabilities and expose organizations to a new wave of disruptive breaches. Defenders must evolve in response.

Several trends in the way we work and consume technology have resulted in an ever-expanding cyberattack surface for organizations of all sizes. Comprehensive digital transformation across enterprises, the rise in cloud adoption, the normalization of working from anywhere, and Internet of Things (IoT) initiatives have resulted in an explosion of new applications, along with an increased rate of iterations and updates.

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

This report delves into the depths of cyber risk management, unearthing the critical coverage gaps that threaten organizational stability in the wake of cyberattacks. In an era where digital threats loom larger than ever, businesses are increasingly turning to cyber insurance as a safeguard against the financial ravages of data breaches. Yet CYE’s study leveraging external and internal datasets reveals a stark reality: the protection afforded by such insurance may fall significantly short of the actual costs incurred during cyber incidents.