Skip Navigation
Get a Demo
 
 
 
 
 
 
 
 

Welcome to the 2023 Threat Detection Report

This in-depth look at the most prevalent trends, threats, and ATT&CK® techniques is designed to help you and your team focus on what matters most.

download abridged report

It is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.

 

 

As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:

  • Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
  • Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
  • Mitigation guidance to limit adversaries’ effectiveness.
  • Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
  • What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.

 

Use this report to:

  • Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
  • Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
  • Learn how to emulate, mitigate, and detect specific threats and techniques.
  • Shape and inform your readiness, detection, and response to critical threats.

 

 
 
 

Methodology

As Red Canary eclipses a decade providing world-class security operations to organizations around the world, we continue to analyze, learn, and evolve based on the petabytes of raw data and trillions of signals that our XDR platform consumes daily. Every byte of this data is interrogated 24×7 by roughly 3,500 analytics, and adversaries are relentlessly pursued by our expert team of intelligence, research, detection, and threat hunting professionals. In 2022, Red Canary detected and responded to nearly 40,000 threats that our customers’ preventative controls missed.

Read more about how we count
 
 
 

Methodology

As Red Canary eclipses a decade providing world-class security operations to organizations around the world, we continue to analyze, learn, and evolve based on the petabytes of raw data and trillions of signals that our XDR platform consumes daily. Every byte of this data is interrogated 24×7 by roughly 3,500 analytics, and adversaries are relentlessly pursued by our expert team of intelligence, research, detection, and threat hunting professionals. In 2022, Red Canary detected and responded to nearly 40,000 threats that our customers’ preventative controls missed.

Read more about how we count

Thanks to the 100+ security experts, writers, editors, designers, developers, and project managers who invested countless hours to produce this report. And a huge thanks to the MITRE ATT&CK® team, whose framework has helped the community take a giant leap forward in understanding and tracking adversary behaviors. Also a huge thanks to all the Canaries—past and present—who have worked on past Threat Detection Reports over the last five years. The Threat Detection Report is iterative, and parts of the 2023 report are derived from previous years. This report wouldn’t be possible without all of you!

 
 
Back to Top
 

Check out an on-demand webinar about PowerShell, one of the most prevalent adversary techniques in the 2023 Threat Detection Report.

The Detection Series: PowerShell

Watch