NCC Group Annual Research Report 2023

Keypoints

• The report is structured into key sections such as Executive Summary, Message from Leadership, and in-depth analyses of AI & ML, cryptography, incident response, cloud security, hardware vulnerabilities, and other research domains.
• Overall, the reports include significant statistics: 18 public reports, 69+ CVEs, over $3 million revenue from collaborative research, and participation in over 32 international conferences, indicating active engagement and influence in cybersecurity research.
• Notable trends include the rise of AI/ML security challenges, a surge in ransomware and nation-state threat activities, and ongoing vulnerabilities in cloud infrastructures, IoT devices, and embedded hardware systems.
• Major threats identified involve sophisticated ransomware families like LockBit 3.0, Everest, and Black Basta, with attackers leveraging legitimate tools for lateral movement and data exfiltration.
• Research highlights include advancements in cryptographic techniques such as Post-Quantum Cryptography, elliptic curve cryptography, and blockchain security, along with persistent exploration of vulnerabilities in hardware components and firmware.
• The reports emphasize the importance of proactive security measures in mitigating risks associated with legacy systems, cloud misconfigurations, and hardware exploits.
• Key recurring themes involve evolving attack techniques like supply chain compromises, malware loaders, and targeted exploits against enterprise and consumer devices, highlighting the need for continuous vigilance.
• The research advocates for integrating security in early product development stages, thorough vulnerability management, and improving incident response and threat intelligence capabilities to adapt to the dynamic threat landscape.