NCC Group’s 2022 & 2023 Research Report
Over the past two years, our global cybersecurity research has been characterized by unparalleled depth, diversity, and dedication to safeguarding the digital realm. The highlights of our work not only signify our commitment to pushing the boundaries of cybersecurity research but also underscore the tangible impacts and positive change we bring to the technological landscape. This report is a summary of our public-facing security research findings from researchers at NCC Group between January 2022 and December 2023.
With the release of 18 public reports and presenting our work at over 32 international conferences and seminars, encompassing a variety of technology and cryptographic implementations, we have demonstrated our capacity to scrutinize and enhance key security functions. Notably, our collaborations with tech giants such as Google, Amazon Web Services (AWS), and Kubernetes underscore our pivotal role in fortifying the digital ecosystems of industry leaders.
Commercially, 2022 and 2023 saw us deliver over $3million in revenue in collaborative research engagement across various technologies and many sectors, increasingly across Artificial Intelligence (AI) and AI-based systems.
In our bid to democratize cybersecurity knowledge, we have released 21 open-source security tools and repositories. These invaluable tools have catalyzed efficiency gains across multiple domains of cybersecurity.
Our research has positioned us at the forefront of evolving cryptographic paradigms. With significant work in Post- Quantum Cryptography, Elliptic Curve Cryptography, and Blockchain security, we remain key players in shaping the future of digital privacy and security.
The meteoric rise of AI/ML applications has been matched by our intense focus on understanding their security dynamics. Our research in this arena has grown exponentially since 2022, providing critical insights into the strengths and vulnerabilities of these transformative technologies.
Modern cloud environments, coupled with rapid shifts in software development and deployment, have necessitated deep dives into their security mechanisms. Our outputs in this domain have been instrumental in pioneering robust cyber defense tactics for contemporary digital infrastructures. Our exhaustive studies into hardware vulnerabilities and Operating System security have set benchmarks in comprehending and countering potential threats.
The external presentation of our research, particularly by our Exploit Development Group (EDG), has won us accolades, most notably a third-place finish at the 2022 Pwn2Own Toronto competition. EDG’s work on exploiting consumer routers and enterprise printers has been ground-breaking. Ken Gannon and Ilyes Beghdadi successfully exploited the Xiaomi 13 Pro smartphone at the 2023 Pwn2Own Toronto competition, demonstrating our continued excellence in mobile security.
Our research has spanned several other pivotal areas including Vulnerability Detection Management, Reverse Engineering, Modern Networking Security, and Secure Programming Development. Unearthing over 69 security vulnerabilities across third party products, we’ve reinforced our commitment to digital safety through responsible and coordinated vulnerability disclosure. Each discovery, while highlighting potential threats, also underscores our unwavering dedication to proactively fortifying global digital infrastructures.
Our journey through 2022 and 2023 has been marked by rigorous research, collaboration, and an unwavering commitment to excellence. As we continue to gain intelligence, insight and to innovate, our role in shaping a secure digital future remains paramount.
As we look forward to the upcoming year, our excitement is at an all-time high, not just for the innovative projects and growth opportunities on the horizon, but also for the robust safety measures we are putting in place. Making our lives safe, both in our work environments and within our digital realms, remains a top priority. We are actively developing and executing research that leads to enhancing our cybersecurity protocols, introducing tools, and investing in exploring cutting-edge technology to ensure a secure and resilient infrastructure. Our commitment to creating a safer world for everyone is unwavering, and we believe these efforts will significantly contribute to a productive, secure, and successful year ahead for all of us.
The report is available as a downloadable PDF here.