Leverage unparalleled research to make smarter, faster business decisions
-
ResearchMassive Botnet Targets M365 with Stealthy Password Spraying Attacks
February 24, 2025A Technical Breakdown of Large-Scale Password Spraying Through Non-Interactive Sign-Ins
More DetailsSTRIKE Team -
ResearchLazarus Group is Infecting Open-Source Code. Are You at Risk?
February 13, 2025North Korea’s Lazarus Group is hiding malware inside GitHub repositories and NPM packages, compromising developers and cryptocurrency platforms. Their targets: your code, your wallets, your users.
More DetailsSTRIKE Team -
ResearchInsurance Carriers Face Unprecedented Supply Chain Cyber Threats
February 6, 2025SecurityScorecard's analysis of 150 leading insurance companies exposes a critical weakness: even carriers with robust security are being compromised through their supply chain partners. Our data reveals that threat actors are deliberately exploiting lower-scoring vendors to breach otherwise well-defended insurance organizations.
More Details -
ResearchOperation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign
January 29, 2025During STRIKE’s investigation of Operation 99, our team identified multiple command-and-control (C2) servers active since September 2024.
More DetailsSTRIKE Team -
ResearchSecurity Assessment of the Top 100 U.S. Gov’t Contractors
January 21, 2025Federal contractors are critical to the U.S. Government’s (USG) supply chain, yet their cybersecurity postures reveal significant weaknesses. This report evaluates the SecurityScorecard ratings and publicly available breach histories of the top 100 federal contractors for FY2023, highlighting problems and patterns that pose substantial third-party cyber risks to the USG. A breach at one of these contractors could expose USG data, compromise infrastructure, or disrupt essential products
More Details -
Blog, ResearchOperation 99: North Korea’s Cyber Assault on Software Developers
January 15, 2025On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit.
More DetailsRyan Sherstobitoff, SVP, Threat Research & Intelligence in Threat Intelligence
STRIKE Team -
ResearchEurope’s Top 100 Companies: Cybersecurity Threat Report
December 12, 2024This report analyzes the cybersecurity of the top 100 companies in the Europe by market capitalization. Through comprehensive analysis of their attack surface and reported breaches, SecurityScorecard data scientists uncovered several notable findings concerning third-party risk in Europe.
More Details -
ResearchThe Middle East’s Top 100 Companies: Cybersecurity Threat Report
November 20, 2024The Middle East’s Top 100 Companies: Cybersecurity Threat Report
More Details -
ResearchThe Third-Party Cyber Risk Landscape of Japan
November 20, 2024This paper examines third-party data breaches and third-party cyber risk in Japan.
More Details -
ResearchThird-Party Breaches Are the Top Threat for the U.S. Energy Sector
October 23, 2024This comprehensive report provides a deep dive into the cybersecurity posture of the U.S. energy sector. We've analyzed 250 top energy companies using SecurityScorecard metrics to identify vulnerabilities and potential threats.
More DetailsSupply Chain Cyber Risk, Third-Party Risk Management -
ResearchScandinavia’s Top 100 Companies: Cybersecurity Threat Report
September 24, 2024This report analyzes the cybersecurity of the top 100 companies in Scandinavia by market capitalization.
More Details -
ResearchGlobal 2000: Industry Titans Battle the Beast of Supply Chain Cyber Risk
August 5, 2024A collaborative report between SecurityScorecard and Cyentia Institute on the complex landscape of third-party cyber risk.
More Details