2023: A Selection of Cybersecurity Threat Reports

Photo by Ales Nesetril on Unsplash

Trends: Every year there are shifts in the cyber threat landscape, changes in attack techniques, and the number of breaches. And each year vendors, security organisations, research institutes and government agencies publish relevant reports on the current cybersecurity threat landscape. As the number of various published reports can be daunting, I’ve tried (like in 2022) to create an overview of a selection of what has been published so far in 2023 — and, more importantly, where to get them. The selection is shown in alphabetical order based on the publishing organisation.

💡 This blog will be updated throughout the year with newly released reports and insights. Do you have any additions? Feel free to add them in the comments below!

💡 Also, for tips on how to read the reports more efficiently, click here (or scroll down to the end of the article).

2023 Threat reports

💡 Current number of threat reports: 71

Arctic Wolf Labs

• Threat Report 2023

Adaptive Shield

• 2023 SaaS-to-SaaS Access Report

AIVD (Algemene Inlichtingen en Veiligheidsdienst, the Netherlands)

• De Russische aanval op Oekraïne: een keerpunt in de geschiedenis (Dutch only, jointly published with the MIVD)

BlackBerry

• Global Threat Intelligence Report
• Blind Eagle Deploys Fake UUE Files and Fsociety to Target Colombia’s Judiciary, Financial, Public, and Law Enforcement Entities

Check Point

• Check Point Software’s 2023 Cyber Security Report

CyberSecurity & Infrastructure Security Agency (CISA)

• #StopRansomware: Royal Ransomware

CrowdStrike

• 2023 Global Threat Report

CSW (Cyber Security Works, together with Securin, Ivanti & Cyware)

• Ransomware Report 2023

DirectDefense

• Security Operations Threat Report

Dragos

• 2022 ICS/OT Cybersecurity Year in Review

Egress

• Email Security Risk Report 2023

ENISA

• ENISA Threat Landscape: Transport Sector
• ENISA Foresight Cybersecurity Threats for 2030

ESET (/WeLiveSecurity)

• A year of wiper attacks in Ukraine
• ESET APT Activity Report T3 2022
• ESET Threat Report T3 2022

Estonian Foreign Intelligence Service

• International Security and Estonia 2023

Federal Bureau of Investigation (FBI, USA)

• Internet Crime Report 2022

Fortinet

• Global Threat Landscape Report — A Semiannual Report by FortiGuard Labs (February Edition)

HYAS

• Black Mamba: AI-Synthesized, Polymorphic Keylogger with On-The-Fly Program Modification

IBM

• X-Force Threat Intelligence Index 2023

IRONSCALES

• Defending the Enterprise: The Latest Trends and Tactics in BEC Attacks

Intel471

• Malvertising Surges to Distribute Malware
• A Ransomware Forecast for 2023
• Weekly Periscope Report

IronNet

• 2022 Annual Threat Report

KPMG

• Cybersecurity considerations 2023

Mandiant

• Global Perspectives on Threat Intelligence Report
• Suspected Chinese Campaign to Persist on SonicWall Devices, Highlights Importance of Monitoring Edge Devices
• Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
• APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations

MITRE Engenuity

• 2022 Impact Report

MIVD (Militaire Inlichtingen en Veiligheidsdienst, the Netherlands)

• De Russische aanval op Oekraïne: een keerpunt in de geschiedenis (Dutch only, jointly published with the AIVD)

Momentum

• Cybersecurity Almanac 2023
• Cybersecurity Snapshot | January 2023
• Cybersecurity Snapshot | February 2023

National Security Archive (United States)

• APT Index

NCC Group

• Annual Threat Monitor Report 2022

Office of the Director of National Intelligence (USA)

• 2023 Annual Threat Assessment of the US Intelligence Community

Orca Security

• Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023–23383)

Palo Alto Unit 42

• 2023 Unit 42 Ransomware and Extortion Report
• Threat Brief: 3CXDesktopApp Supply Chain Attack

Picus

• The Red Report 2023

Proofpoint

• TA444: The APT Startup Aimed at Acquisition (of Your Funds)
• OneNote Documents Increasingly Used to Deliver Malware
• TA569: SocGholish and Beyond
• ET SocGholish Rules Response Guidance
• Don’t Answer That! Russia-Aligned TA499 Beleaguers Targets with Video Call Requests
• Fork in the Ice: The New Era of IcedID

Recorded Future

• Russia’s War Against Ukraine Disrupts the Cybercriminal Ecosystem
• 2022 Annual Report

Red Alert (part of NSHC group)

• Monthly Threat Actor Group Intelligence Report, November 2022
• Monthly Threat Actor Group Intelligence Report, December 2022
• Threat Actor Targeting Vulnerable Links In Cyber Security
• Monthly Threat Actor Group Intelligence Report, January 2023 (ENG)

Red Canary

• January’s digest: credential access, Google workspace, Microsoft Sentinel & more
• Intelligence Insight: Tax-themed phishing emails delivering GuLoader
• Intelligence Insights: February 2023
• 2023 Red Canary Threat Detection Report

RiskLens

• 2023 Cybersecurity Risk Report

Security Intelligence

• X-Force Prevents Zero Day from Going Anywhere

SonicWall

• 2023 SonicWall Cyber Threat Report

The State Cyber Protection Centre State Service of Special Communications and Information Protection of Ukraine (SCPC)

• UAC-0114: Campaign, Targeting Ukranian and Polish Gov Entities

The State Service of Special Communications and Information Protection of Ukraine (CIP)

• Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of russia’s full-scale cyberwar against Ukraine

Team Cymru

• Desde Chile con Malware (From Chile with Malware)

Tesseract Intelligence

• Interesting findings: 13–30 January 2023
• Interesting findings: 1–15 February 2023
• Interesting findings: 15–28 February 2023
• Interesting findings: 1–17 March 2023

The DFIR Report

• 2022 Year in Review

Trellix

• Q4 2022 Threat Overview
• Qakbot Evolves to OneNote Malware Distribution

VirusTotal

• Lessons learned from 2022

VulnCheck

• The VulnCheck 2022 Exploited Vulnerability Report — A Year Long Review of the CISA KEV Catalog

Z-CERT

• Cybersecurity Dreigingsbeeld Zorg 2022 (Dutch only)

Tips for reading the reports efficiently

First and foremost, remember that none of the reports should be seen as a single source of truth — as much as some publishers might want you to. In some cases, data might be complementary or contradictory, depending on the scope of the data collected (e.g. due to differences in client base, research participants, or the way technical data is collected). Because of this, always keep a critical mind while reading.

Secondly, be aware of the period over which the publishing organisation is reporting. E.g. a “2022” report could be released in 2023. If you intend to create a personal knowledgebase with reports or whitepapers from multiple years, this is an important distinction to keep in mind.

Thirdly, focus on the parts of the reports that are relevant to your (client) organisation. This could for example be parts that focus on

• your industry,
• geographical location, or
• cloud infrastructure that your (client) organisation leverages

And lastly, keep in mind why you’re reading the report — a SOC Analyst requires different information from a threat report to fulfil their job than their CISO, and will thus always look at the data with a different view.

💡 Opinions expressed in my blogs are solely my own and do not express the views or opinions of my employer or clients