Welcome to the 2023 Threat Detection Report
This in-depth look at the most prevalent trends, threats, and ATT&CK® techniques is designed to help you and your team focus on what matters most.
download abridged reportGetting Started
It is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.
As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:
- Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
- Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
- Mitigation guidance to limit adversaries’ effectiveness.
- Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
- What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.
Use this report to:
- Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
- Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
- Learn how to emulate, mitigate, and detect specific threats and techniques.
- Shape and inform your readiness, detection, and response to critical threats.
Acknowledgments
Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who have worked on past Threat Detection Reports over the last five years. The Threat Detection Report is iterative, and parts of the 2023 report are derived from previous years. This report wouldn’t be possible without all of you!