Introduction
Top threats
The following chart illustrates the specific threats Red Canary detected most frequently across our customer environments in 2022. We ranked these threats by the percentage of customer organizations affected to prevent a single, major security event from skewing the metrics. For the first time in the history of this report, we excluded threat detections associated with customer-confirmed testing.
As discussed in our Methodology section, Red Canary defines “threats” broadly as malware, tools, threat groups, or activity clusters—in short, any suspicious or malicious activity that represents a risk to you or your organization.
As discussed in our Methodology section, Red Canary defines “threats” broadly as malware, tools, threat groups, or activity clusters—in short, any suspicious or malicious activity that represents a risk to you or your organization.
In addition to the top 10, read our analysis of these three featured threats:
What’s included in this section?
We’ve written extensive analyses of 13 threats. Each threat-specific section includes:
- analysis of relevant, novel, or changing threat tradecraft
- descriptions of observable threat behaviors
- guidance on how to detect the threat
- information about atomic tests for emulating the threat
- advice for mitigating the effects of the threat
How to use our analysis
These are the most prevalent threats occurring in our customer environments, so we can assume they are prevalent elsewhere. We include advice for responding to each threat and offer detection opportunities so you can better defend your organization. Some defenders may be able to take our detection guidance and apply it directly, while others may not. Regardless, defenders without a detection engineering function can still make use of the actionable analysis of each threat written by our Intelligence team experts.