Cyber Threat Intelligence Index: May 2023

Flashpoint’s monthly look at the cyber risk ecosystem affecting organizations around the world, including intelligence, news, data, and analysis about ransomware, vulnerabilities, data breaches, and insider threats.

June 13, 2023


Flashpoint’s latest ransomware infographic paints a sobering picture of the evolving threat landscape, with cybercriminals employing increasingly sophisticated tactics. Last month, our analysts observed a total of 344 ransomware attacks:

Key takeaways for the state of ransomware

  • The United States experienced the most ransomware events, accounting for nearly 60 percent of May’s ransomware attacks.
  • The top three industries targeted by ransomware were Professional Services, Internet Software & Services, and Education.


1,983 new vulnerabilities were reported in May, with 323 of them being missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD).

Key takeaways for the state of vulnerability intelligence

  • Approximately 34 percent of May’s disclosed vulnerabilities are rated high-to-critical in severity. If exploited, these issues could pose a significant security risk.
  • Over 56 percent of last month’s vulnerabilities are remotely exploitable. This means that if leveraged, threat actors can execute malicious code no matter where the device is located.
  • Vulnerability Management teams can potentially lessen workloads by nearly 88 percent by focusing on actionable, high severity vulnerabilities. This classification is given to vulnerabilities that are remotely exploitable, that have a public exploit, and a viable solution.

Insider Threat

The tactic of recruiting insiders has become immensely popular amongst threat actors aiming to breach systems and/or commit ransomware attacks.

In May, our analysts collected 8,739 posts advertising insider services—both from threat actors seeking insiders and malicious employees offering their services. Of those, 1,231 were unique posts from individuals in illicit and underground communities.

Key takeaways for the state of insider threat intelligence

  • The Telecom, Retail, and Financial industries were the most targeted sectors for insider threats in May.
  • The majority of insider threat related postings originated from insiders advertising their services to outside threat actors. Most of this activity came from the Telecom sector.

Data Breaches

Studying breach events can help CISOs and security teams better understand the goals and motivations of threat actors. Our new infographic shows the latest developments in the data breach landscape. Last month, Flashpoint recorded 436 data breach events:

Key takeaways for the state of data breach intelligence

  • In May, threat actors stole a total of 39.2 million records.
  • Organizations in the United States accounted for more than 62 percent of May’s recorded data breaches.
  • Ransomware was the leading cause of data breach events in May, being responsible for 46.8 percent.

Get best-in-class intel

The following data is derived from the Flashpoint Ignite Platform and VulnDB. Sign up for a free trial today.

Begin your free trial today.