2023: A Selection of Cybersecurity Threat Reports

Jennifer Wennekers
11 min readFeb 16, 2023

--

https://cdn-images-1.medium.com/max/800/1*BeOkCznhzNnfooQe4K8TBw.jpeg
Photo by Ales Nesetril on Unsplash

💡 DUE TO THE AMOUNT OF THREAT REPORTS COLLECTED IN THE FIRST SIX MONTHS OF 2023 THIS PROJECT HAS BEEN MOVED TO GITHUB FOR A MORE CLEAR AND SEARCHABLE OVERVIEW. THIS ARTICLE WILL NO LONGER BE UPDATED.

Trends: Every year there are shifts in the cyber threat landscape, changes in attack techniques, and the number of breaches. And each year vendors, security organisations, research institutes and government agencies publish relevant reports on the current cybersecurity threat landscape. As the number of various published reports can be daunting, I’ve tried (like in 2022) to create an overview of a selection of what has been published so far in 2023 — and, more importantly, where to get them. The selection is shown in alphabetical order based on the publishing organisation.

💡 This blog will be updated throughout the year with newly released reports and insights. Do you have any additions? Feel free to add them in the comments below!

💡 Also, for tips on how to read the reports more efficiently, click here (or scroll down to the end of the article).

2023 Threat reports

2023 Threat Report Compilation Monthly Status

Contents

Click on the name of the publisher to get immediately to the collected reports on this page, or feel free to scroll down.

Adaptive Shield

To contents

AIVD (Algemene Inlichtingen en Veiligheidsdienst, the Netherlands)

To contents

amatas

To contents

APPROACH

To contents

Arctic Wolf Labs

To contents

AT&T

To contents

AttackIQ

To contents

Bank of England

To contents

Barracuda

To contents

BlackBerry

To contents

CSIT (Centre for Secure Information Technologies)

To contents

Checkmarx

To contents

Check Point

To contents

CTIVD (Commissie van Toezicht op de Inlichtingen- en Veiligheidsdiensten)

To contents

CISA (CyberSecurity & Infrastructure Security Agency)

To contents

Cofense

  • Summer-Time Scams: The Return of Vacation-Request Phishing Emails

To contents

CrowdStrike

To contents

CSW (Cyber Security Works, together with Securin, Ivanti & Cyware)

To contents

Cyber Rescue Alliance

To contents

Datadog

To contents

The DFIR Report

To contents

DirectDefense

To contents

Dragos

To contents

Egress

To contents

Embee Research

To contents

ENISA

To contents

ESET (/WeLiveSecurity)

To contents

Estonian Foreign Intelligence Service

To contents

EU CERT

To contents

FBI (Federal Bureau of Investigation, USA)

To contents

Fortinet

To contents

Google

GCAT (Google Cybersecurity Actions Team)

GTAG (GoogleThreat Analysis Group)

To contents

Group-IB

To contents

The Guardian

To contents

HUMAN Security

To contents

HYAS

To contents

IBM

To contents

Infoblox

To contents

IRONSCALES

To contents

Intel471

To contents

IronNet

To contents

jstnk9 (Jose Luis Sánchez Martínez)

To contents

Kaspersky (SecureList)

To contents

KPMG

To contents

loginsoft

To contents

Malwarebytes

To contents

Mandiant

To contents

Menlo Security

To contents

Meta

To contents

Microsoft

To contents

MITRE Engenuity

To contents

MIVD (Militaire Inlichtingen en Veiligheidsdienst, the Netherlands)

To contents

Momentum

To contents

National Security Archive (United States)

To contents

NCSC (National Cyber Security Centre, United Kingdom)

  • Jaguar Tooth (joint report with the UK National Cyber Security Centre (NCSC), the US National Security Agency (NSA), US Cybersecurity and Infrastructure Security Agency (CISA) and US Federal Bureau of Investigation (FBI))

To contents

NCC Group

To contents

Norma Cyber

To contents

Office of the Director of National Intelligence (USA)

To contents

Orca Security

To contents

Palo Alto Unit 42

To contents

Perception Point

To contents

Picnic

To contents

Picus Security

To contents

Proofpoint

To contents

PWC

To contents

Qualys

To contents

Recorded Future

To contents

Red Alert (part of NSHC group)

To contents

Red Canary

To contents

Rezilion

To contents

RiskLens

To contents

Security Intelligence

To contents

SentinelLabs (SentinelOne)

To contents

SonicWall

To contents

Sophos

To contents

SCPC (The State Cyber Protection Centre State Service of Special Communications and Information Protection of Ukraine)

To contents

SSS-CIP (The State Service of Special Communications and Information Protection of Ukraine)

To contents

Synopsys

To contents

Talos (Cisco)

To contents

Team Cymru

To contents

Technoir — Blog of Satharus (Ahmed Elmayyah)

To contents

Tesseract Intelligence

To contents

Thales

To contents

Trellix

To contents

Trend Micro

To contents

VirusTotal

To contents

VulnCheck

To contents

Women in Cybersecurity (WiCyS)

To contents

Z-CERT

To contents

Tips for reading the reports efficiently

First and foremost, remember that none of the reports should be seen as a single source of truth — as much as some publishers might want you to. In some cases, data might be complementary or contradictory, depending on the scope of the data collected (e.g. due to differences in client base, research participants, or the way technical data is collected). Because of this, always keep a critical mind while reading.

Secondly, be aware of the period over which the publishing organisation is reporting. E.g. a “2022” report could be released in 2023. If you intend to create a personal knowledgebase with reports or whitepapers from multiple years, this is an important distinction to keep in mind.

Thirdly, focus on the parts of the reports that are relevant to your (client) organisation. This could for example be parts that focus on

  • your industry,
  • geographical location, or
  • cloud infrastructure that your (client) organisation leverages

And lastly, keep in mind why you’re reading the report — a SOC Analyst requires different information from a threat report to fulfil their job than their CISO, and will thus always look at the data with a different view.

💡 Opinions expressed in my blogs are solely my own and do not express the views or opinions of my employer or clients

--

--

Jennifer Wennekers

Woman (she/her/hers) in CyberSecurity that believes she contributes with her actions in the cyber security world to the greater good.