This report uses data from the Synopsys Black Duck Audit Services team’s analysis of anonymized findings from 1,067 commercial codebases across 17 industries during 2023. The Audit Services team has helped security, development, and legal teams around the world strengthen their security and license compliance programs for over 20 years. The team audits thousands of codebases for our customers each year, with the primary aim of identifying software risks during merger and acquisition (M&A) transactions.

In year 2023, FortiGuard Labs blocked 2.4 trillion vulnerability attempts and 3 billion malware deliveries to protect its customers from cyber threats. FortiGuard Labs escalated the significant threats through the Outbreak Alert system to raise awareness. These outbreaks highlighted the various targeted and 0-day attacks, weaponized vulnerabilities, malware/ ransomware campaigns, and OT/IoT threats launched last year.

Cryptocurrency usage is growing faster than ever before. Across all cryptocurrencies tracked by Chainalysis, total transaction volume grew to $15.8 trillion in 2021, up 567% from 2020’s totals. Given that roaring adoption, it’s no surprise that more cybercriminals are using cryptocurrency. But the fact that the increase in illicit transaction volume was just 79% — nearly an order of magnitude lower than overall adoption — might be the biggest surprise of all.

The events of this year have made clear that although blockchains are inherently transparent, the industry has room for improvement in this respect. There are opportunities to connect off-chain data on liabilities with on-chain data to provide better visibility, and transparency of DeFi, where all transactions are on-chain, is a standard that all crypto services should strive to achieve. As more and more value is transferred to the blockchain, all potential risks will become transparent, and we will have more complete visibility.

2023 was a year of recovery for cryptocurrency, as the industry rebounded from the scandals, blowups, and price declines of 2022. With crypto assets rebounding and market activity growing over the course of 2023, many believe that crypto winter is ending, and a new growth phase may soon be upon us. As always, we have to caveat by saying that these figures are lower bound estimates based on inflows to the illicit addresses we’ve identified today.

This report was compiled by analyzing data captured from billions of cloud assets on AWS, Azure, Google Cloud, Oracle Cloud, and Alibaba Cloud scanned by the Orca Cloud Security Platform. Leveraging unique insights into current and emerging cloud risks captured from the Orca Cloud Security Platform, this report reveals the most commonly found, yet dangerous, cloud security risks.

In this report, we explore the big names in ransomware, the most frequently targeted sectors, trends in data exfiltration, and which malware and tools are leveraged by ransomware operators. This data creates insights into how organizations can better protect their environments from cyberattacks. The 2023 threat landscape was characterized by a combination of mainstay threat actors and new or reemerging groups. While top variants continue evolving to maintain dominance, the widespread impact of newer groups demonstrates the constant evolution of today’s threats and the need for adaptable defenses and increased cyber resilience.

Dragos started the Year in Review to highlight significant trends in the OT cybersecurity community. This year’s report aims to go further by offering practitioners and leaders the most up-to-date data, along with perspectives from the field, to help them better defend critical infrastructure around the world. These perspectives are focused on providing actionable insights that have been tried and tested to help organizations effectively defend against and respond to industrial cyber threats.

The biggest shift the IBM X-Force team observed in 2023 was a pronounced surge in cyberthreats targeting identities. Attackers have a historical inclination to choose the path of least resistance in pursuit of their objectives. In this era, the focus has shifted towards logging in rather than hacking in, highlighting the relative ease of acquiring credentials compared to exploiting vulnerabilities or executing phishing campaigns. Lack of identity protections was corroborated by IBM X-Force penetration testing data for 2023, which ranked identification and authentication failures as the second most common finding.

With this report, we want to promote open sharing on cyber threats and incidents and give the industry a public and relevant cyber threat picture anchored on a solid, well-documented basis. The report and knowledge base are the product of a collaborative community effort with our members and the Nordic TIBER Cyber Teams (TCTs) at the centre, with contributions from Nordic government entities.

This report focuses primarily on hundreds of digital forensics and incident response (DFIR) engagements conducted by the Arctic Wolf Incident Response team. The vast majority of these engagements were initiated as part of cyber insurance policies, through our partnerships with insurance providers and privacy law practitioners.

This iteration of the Google Cloud Threat Horizons Report provides a forward-thinking view of cloud security with intelligence on emerging threats and actionable recommendations from Google’s security experts. This report explores top cloud threats and security concerns for 2024, including credential abuse, crypto-mining, ransomware, and data theft.

Ransomware groups exploit vulnerabilities in two distinct categories: those targeted by only a few groups and those widely exploited by several. Each category necessitates different defense strategies. Groups targeting specific vulnerabilities tend to follow particular patterns, enabling companies to prioritize defenses and audits. To defend against unique exploitation, understanding the likely targets and vulnerability types is crucial. Looking ahead to 2024, advancements in generative AI may lower the technical barrier for cybercriminals, facilitating the exploitation of more zero-day vulnerabilities.

The 2024 edition of the CrowdStrike Global Threat Report arrives at a pivotal moment for our global community of protectors. The speed and ferocity of cyberattacks continue to accelerate as adversaries compress the time between initial entry, lateral movement and breach. At the same time, the rise of generative AI has the potential to lower the barrier of entry for low-skilled adversaries, making it easier to launch attacks that are more sophisticated and state of the art. These trends are driving a tectonic shift in the security landscape and the world.

This annual report features the work of 37 sophisticated cybersecurity teams working in partnership to advance 29 open-source projects that improve cyber defense for the whole community. This report captures the energy and passion that Center Participants bring to advancing threat- informed defense for all. Use it as a reference and share it with your teams and colleagues to further change the game on the adversary.

Cyberattacks increased two or threefold across nearly every tracked metric in 2023, as cybercriminals continued to ramp up and diversify their attacks. To give the world’s defenders the actionable threat intelligence needed to safeguard against this relentless surge in cybercrime, we’ve compiled our research into the 2024 SonicWall Cyber Threat Report.

The Workplace Identity Security Trends and Challenges report investigates the identity security landscape and challenges facing organizations today. The research finds that many struggle to build an integrated and comprehensive identity security strategy, relying on disconnected tools and practices that create inefficiencies and leave organizations seriously vulnerable to attacks and breaches.

In this report, we bring you the insights from that data. It’s part of how we empower organizations to proactively navigate cyber risks, strengthen security approaches, and respond to incidents with unmatched efficiency. This report helps because it gathers real-world information from organizations like yours, so you can learn which threats really a#ect your peers–and how you can face them.

In this report, Coalition Security Labs’ dedicated security research team dives into data derived from Coalition’s extensive threat collection technologies and provides critical information to help security professionals, brokers, and businesses navigate the current cyber risk landscape. Readers will gain insights into how to prioritize vulnerabilities, understand which technologies threat actors are targeting, and compare cyber hygiene across industries.

Marking its fourth year of publication, the Red Report 2024 provides a critical dive into the evolving threat landscape, presenting a detailed analysis of adversaries’ most prevalent tactics, techniques, and procedures (TTPs) used throughout the past year. Conducted by Picus Labs, this annual study examines over 600,000 malware samples and assesses more than 7 million instances of MITRE ATT&CK techniques. It gives security teams invaluable insights into the techniques that pose the most critical cyber risk to organizations.

Connectivity is continuing to transform the Automotive and Smart Mobility ecosystem, increasing cybersecurity risks as more functionality is exposed. 2023 marked the beginning of a new era in automotive cybersecurity. Each attack carries greater significance today, and may have global financial and operational repercussions for various stakeholders. Upstream’s 2024 Global Annual Cybersecurity Report examines how cybersecurity risks have evolved from experimental hacks into large-scale risks, focusing on safety and trust, operational availability, data privacy, and financial implications.