Welcome to the 2023 Threat Detection Report

It is our pleasure to provide you with Red Canary’s 2023 Threat Detection Report. Our fifth annual retrospective, this report is based on in-depth analysis of nearly 40,000 threats detected across our 800+ customers’ endpoints, networks, cloud workloads, identities, and SaaS applications over the past year. This report provides you with a comprehensive view of this threat landscape, including new twists on existing adversary techniques, and the trends that our team has observed as adversaries continue to organize, commoditize, and ratchet up their cybercrime operations.

As the technology that we rely on to conduct business continues to evolve, so do the threats that we face. Here’s what’s new in this year’s report:

• Cloud and identity attacks are becoming more prevalent across our customers’ environments and appear for the first time in this report.
• Our unique visibility into email attacks, still the leading initial access vector used by adversaries, has put us in a position to detect even more attacks at earlier stages.
• Mitigation guidance to limit adversaries’ effectiveness.
• Adversary simulation and other authorized testing are excluded from our data set, leading to a more accurate representation of the threat landscape.
• What’s old is new: Raspberry Robin, a USB-based threat first discovered by Red Canary, continues to evolve and we provide updated research.

Use this report to:

• Explore the most prevalent and impactful threats, techniques, and trends that we’ve observed.
• Note how adversaries are evolving their tradecraft as organizations continue their shift to cloud-based identity, infrastructure, and applications.
• Learn how to emulate, mitigate, and detect specific threats and techniques.
• Shape and inform your readiness, detection, and response to critical threats.