In the first half of 2023, Arete observed several distinct trends and shifts in the cyber threat landscape. Leveraging the data collected during each incident response engagement, we can see the rise and fall of ransomware variants, notable trends in ransom demands and payments, industries targeted by ransomware attacks, and what may be coming next. The threat landscape continues to evolve with the widespread introduction of AI tools, lower barriers of entry into cybercrime, new vulnerabilities, and the socioeconomic effects of the Russia-Ukraine war.

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.

In this latest State of the Internet/Security (SOTI) report, we examine various attack types that commerce organizations and their customers face. We explore our multitude of datasets in areas such as web applications, bots, phishing, and usage of third-party scripts, to get a “pulse” of what’s happening in this sector and help cybersecurity leaders and practitioners understand some of the threat trends impacting the commerce industry. Akamai sees an enormous number of attacks across all our security tools, so we can share the shifts we see in malware attacks, customer impacts, regulatory requirements, and emerging threats.

We lay out the ransomware landscape in this State of the Internet (SOTI) report by exploring some of the most effective attack techniques and tools that ransomware groups are utilizing to achieve initial access through exfiltration. We also provide an extensive list of safeguarding techniques and recommendations. It is crucial that both industries and individuals protect themselves from the new wave of ransomware attacks, and this report will help provide insights for better defense and risk management of this growing concern.

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

Adaptive Shield commissioned CSA to develop a survey and report to better understand the industry’s knowledge, attitudes, and opinions regarding SaaS application use, SaaS security policies and processes, SaaS threats, and SaaS security strategy/solutions. Adaptive Shield financed the project and co-developed the questionnaire with CSA research analysts. The survey was conducted online by CSA in March of 2023 and received 1130 responses from IT and security professionals from organizations of various sizes and locations. CSA’s research analysts performed the data analysis and interpretation for this report.

The Financial Services Industry (FSI) adoption of cloud services has grown extensively in recent years and is expected to increase with further adoption and integration of cloud service provider (CSP) functions replacing traditional technology of banking, commerce, and other methods of performing financial transactions and exchanging financial data. The intention of this report was to evaluate the current state of adoption, compared to the industry’s readiness just three years ago when CSA conducted a similar survey and identify the current issues and opportunities that FSI leaders are addressing in their progression to further utilizing cloud services.

This paper aims to provide a high-level overview of the implications of ChatGPT in the cybersecurity industry, without delving into the granular details of artificial intelligence. We will explore the key concepts and domains that are crucial for understanding ChatGPT’s capabilities, as well as the potential impact on businesses.

This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

In our Security Report, we discuss a few more trends observed by cp throughout the year. The Russia-Ukraine war demonstrated how the traditional, kinetic, war can be augmented by a cybernetic war. It has also influenced the broader threat landscape in the rapid changes of hacktivism and how independent threat actors choose to work for state-affiliated missions.

This AT&T Cybersecurity Insights report focuses on connecting and securing the entire edge computing ecosystem. This report presents a perspective that recognizes the essential characteristics of and key differences among edge architectures and provides a realistic picture of the state of edge.

The FutureSec State of Security Report 2023 is a comprehensive analysis of the current state of cybersecurity, highlighting the challenges and trends in the industry. The report reveals the increasing sophistication of cybercriminals and the emerging threat of cyber-warfare and cyberterrorism. With a significant shortage of skilled cybersecurity professionals, organizations are struggling to keep up with the rising threats and costs of data breaches. The report further discusses the concept of zero trust and how Softchoice can work with organizations from consultation to implementation to optimization. Download the report now to learn about the latest developments in cybersecurity and how to protect your organization.

The Zimperium 2023 Global Mobile Threat Report examines the trends that shaped the mobile security landscape over the last year and analyzes research from Zimperium’s zLabs team, as well as third-party industry data, partner insights, and observations from leading industry experts. The findings in this report will help security teams evaluate their mobile security environment and improve defenses to ensure a mobile-first security strategy.

The 2023 Cloud Security Report is a comprehensive study based on an extensive survey conducted among 351 cybersecurity professionals in the European Union (EU). By analyzing the latest trends in cloud adoption, identifying prevalent security challenges, and highlighting best practices, this report provides insights for organizations seeking to fortify their cloud environments.

As health care delivery organizations have increased their reliance on health information technology, they have also increased their exposure to new cybersecurity risks, such as ransomware attacks.

This is the tenth edition of the ENISA Threat Landscape (ETL) report, an annual report on the status of the cybersecurity threat landscape. It identifies the top threats, major trends observed with respect to threats, threat actors and attack techniques, as well as impact and motivation analysis. It also describes relevant mitigation measures.

The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organizations in the EU. The report also gathers good practices on supply chain cybersecurity derived from European and international standards. It focuses primarily on the supply chains of ICT or OT.

In our annual Threat Report, the Deepwatch Adversary Tactics and Intelligence (ATI) team provides data on the leading cybersecurity threats that SOC security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. With analysis from ATI research and Deepwatch customer engagements, we review the types of volumes of threats, look at the challenges in visualization and identification, and consider what lingering or growing threats SOC teams should prioritize.

Our latest cybersecurity research reveals some organizations are using cybersecurity as a differentiator to deliver better business outcomes. Those organizations that closely align their cybersecurity programs to business objectives are 18% more likely to increase their ability to drive revenue growth, increase market share and improve customer satisfaction, trust and employee productivity.

In this eBook, we will discuss the challenges of securing today’s rail networks in the face of increasingly frequent and severe cyber threats, the impact of intensifying regulatory requirements and the potential damage that malicious actors could leave behind. Finally, we will explore the most critical things to look for in a security solution for rail transportation networks.

In this data-driven report, based on our scanning of over 200,000 cloud accounts, including more than 30% of the Fortune 100 environments, we analyze the latest industry trends and developments, presenting a factual and data-based assessment of the current state and progression of cloud technology. We examine how the cloud has evolved over the past year and attempt to shed light on some of the complexity of cloud environments, including aspects such as organizational usage of multi-cloud and both managed and non-managed services.