Skip Navigation
Get a Demo
Resources Blog Threat detection

Inside The 2024 Threat Detection Report

Our sixth annual retrospective showcases a stark increase in cloud-based attacks, alongside some novel threats and usual-suspect techniques.

Susannah Clark Matt
Originally published . Last modified .

The 2024 Threat Detection Report is here, bringing you and your team actionable insights into the year’s most prevalent security trends, threats, and MITRE ATT&CK® techniques. Our sixth annual retrospective presents an in-depth analysis of nearly 60,000 threats detected across our more than 1,000 customers’ endpoints, networks, cloud infrastructure, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, along with practical guidance on detection, testing, prevention, and mitigation.


How Red Canary turns hundreds of petabytes of data into one report


Key findings

As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here are some of our key findings:



We also check back on the timeless threats and techniques that are prevalent year-after-year, explore emerging ones that are worth keeping an eye on, and introduce two new free tools that security teams can start using immediately.



Get a Demo


Since its inception six years ago, The Threat Detection Report has been anchored by data-driven insights into the most prevalent adversary behaviors we witness on a daily basis. The Trends section allows us to zoom out from our top 10 lists to highlight developments in adversary tradecraft and other patterns that we anticipate making waves in the coming year.


Often dismissed, malvertising threats can deliver payloads far more serious than adware, as exemplified by the Red Canary-named Charcoal Stork, our most prevalent threat of the year, and related malware ChromeLoader and SmashJacker.

Top 10 threats detected in 2023

Notably absent from this year’s top 10 is the command and control  (C2) framework Cobalt Strike, a mainstay that was disrupted by a coalition of vendors and law enforcement in a effort to take down certain ransomware operations.


Forecasted for years, cloud-based attacks are no longer outliers in our data. Cloud Accounts and Email Forwarding Rule make their top 10 debuts alongside the usual suspects like PowerShell and Windows Command Shell.


Top 10 techniques detected in 2023

We’ve also featured five additional ATT&CK techniques to give you insight into emerging tradecraft and our research on macOS, Linux, containers, Windows installer packages, and more.

Get started

The Threat Detection Report is both a timely read and an evergreen resource that you can refer to throughout the year. The web version of the report includes even more technical details into visibility, collection, detection and testing.

If you’re intimidated by the page count, don’t fret–the Executive Summary provides high-level takeaways for security leaders and any one else who’s short on time. To kick things off, we encourage you to flip through the report, share it with your team, and start a discussion about which threats and techniques should be prioritized in your organization’s threat model.



How adversaries use Entra ID service principals in business email compromise schemes


MSIX and other tricks: How to detect malicious installer packages


The detection engineer’s guide to Linux


The Trainman’s Guide to overlooked entry points in Microsoft Azure

Subscribe to our blog

Back to Top