Welcome to our latest Quarterly Threat Landscape Report, and one that, based on the amount of activity, reveals an environment that is particularly challenging for security practitioners to navigate. In this edition, we have witnessed significant geo-political changes with continued conflict across multiple geographies. Combined with the exploitation of critical vulnerabilities only increasing, it is fair to say that the need to gather actionable intelligence is more important than ever.
This is the objective of this report: to provide a summary of the key insights necessary to prioritize resources and ensure security controls remain up to date with the emerging capabilities of well-funded threat actors. As ever, our focus remains across the breadth of three key intelligence vectors: the emerging vulnerability intelligence findings, traditional threat intelligence (tracking both criminal and APT activity), and digital risk intelligence, which tracks dark web and underground forums.
As we consider this quarter, the current escalation of military activity in the Middle East has consumed the majority of headlines. Whilst this is understandable, it is important to note that there remains a very persistent criminal ecosystem that continues to exploit critical vulnerabilities, buoyed by earnings from illicit activities. What this means is that we are now seeing over 50% (20 out of 39) of the vulnerabilities actively exploited in the wild during Q1 fitting the zero-click/networkfacing profile whereby these are network exploitable, no authentication, and no user interaction required.
