Today we’re excited to launch our fifth annual Threat Detection Report, based on in-depth analysis of threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This time around, we’ve included even more actionable insights to help security teams navigate the ever-widening threat landscape.
A few of the report’s authors sat down to chat about why we publish the report, how practitioners can use it, and what they’re most excited to share with the public:
Video produced by Laura Brosnan and Dalton Vanhooser
Once again, we present you with the top 10 threats, the top 10 MITRE ATT&CK techniques, and the key trends we observed over the past year. As the technology that we rely on to conduct business continues to evolve, so do the threats that we face.
Here’s what’s new in this year’s report:
Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report
Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages
Mitigation guidance to limit adversaries’ effectiveness
Adversary simulation and other authorized testing are excluded from our dataset, leading to a more accurate representation of the threat landscape
Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve, and we provide updated research
Drawing from several narratives throughout 2022, we provide insight into key trends and developing tradecraft.
Though they switched places in rank, Windows Command Shell and PowerShell once again topped our list of the most prevalent MITRE ATT&CK techniques, as they have for the past three years. We also observed a noticeable increase in cloud and identity-specific techniques.
The following additional techniques may not be as prevalent as the top 10, but still warrant your attention:
As our Director of Intelligence Katie Nickels says in the video above, “the first thing that readers should do after reading the report is take action.” On each trend, threat, and technique page you’ll find mitigation advice, detection opportunities, and Atomic Red Team tests that you can run to validate your coverage. Share the report with your colleagues and start a conversation about which threats and techniques you should prioritize as you refine your threat model. We’re here for you if you need help.
Meet the Threat Detection Report authors in person!
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.