DENVER, March 23, 2023 – Red Canary, a leader in managed detection and response, today unveiled its fifth annual Threat Detection Report. This in-depth report is based on analysis of approximately 40,000 threats identified in 250 petabytes of telemetry collected from the company’s customers’ cloud workloads, identities, SaaS applications, networks, and endpoints over the past year. This research highlights the trends Red Canary’s experts observed as adversaries continue to organize, commoditize, and scale their cybercriminal operations. It also includes an examination of the techniques and tools that adversaries rely on most often when they conduct cyber attacks.
“Our aim with this report is to provide everyone from executives to practitioners with a comprehensive view of the threat landscape, including new twists on existing adversary tradecraft,” said Keith McCammon, co-founder and Chief Security Officer at Red Canary. “The Threat Detection Report offers unique data and insights, accompanied by recommended actions. From taking back control of the attack surface to how to monitor for attacks targeting cloud-based infrastructure and applications, we hope this report provides organizations with what they need to effectively detect and respond to cybersecurity threats.”
Red Canary’s visibility into organizations’ technology environments has continued to expand in breadth and depth. An increase in data sources for the Threat Detection Report over the past year has shed light on new trends, threats, and techniques, including:
- Social engineering, account takeover, and modified email rules are driving a rise in email account compromises.
- Identity attack trends included intercepting multi-factor authentication (MFA) requests and compromising data from Office 365.
- Initial access tradecraft relied heavily on compressed archives and container file types in phishing emails as well as SEO poisoning and malvertising.
- Offensive security tools such as Mimikatz, Cobalt Strike, Impacket, and BloodHound all made the list of top threats.
- Raspberry Robin activity, spread by USB drives, was discovered by Red Canary in May 2022. It is occasionally paired with SocGholish, a ransomware precursor, which also made it into the list of the top 10 threats affecting Red Canary customers in 2022.
- Endpoint-based administration, automation, and management utilities such as the Windows Command Shell, PowerShell, and Windows Management Instrumentation (WMI) continued to be the most common adversary techniques.
- Research showed a noticeable increase in cloud and identity-specific techniques.
The full report is intended as a reference library for security practitioners to improve their ability to prevent, mitigate, detect, and emulate cyber threats. It offers detailed guidance on data sources that log relevant evidence of adversary behaviors, tools that collect from those data sources, how security teams can use this visibility to develop detection coverage, and much more deeply actionable information.
The Threat Detection Report sets itself apart from other annual reports by offering unique data and insights, accompanied by recommended actions derived from a combination of expansive visibility and expert, human-led investigation and confirmation of threats.
Each of the nearly 40,000 threats were not prevented by the customers’ expansive security controls. They are the product of a breadth and depth that Red Canary leverages to detect the threats that would otherwise go undetected.
ABOUT RED CANARY
Red Canary is a leader in managed detection and response (MDR). We serve companies of every size and industry, focusing on finding and stopping threats before they can have a negative impact. As the security ally for 800+ organizations, we provide MDR across our customers’ cloud workloads, identities, SaaS applications, networks, and endpoints. For more information about Red Canary, visit: https://www.redcanary.com.
Product or service names mentioned herein may be the trademarks of their respective owners.