Skip Navigation
Get a Demo


Top threats

The following chart illustrates the specific threats Red Canary detected most frequently across our customer environments in 2023. We ranked these threats by the percentage of customer organizations affected to prevent a single, major security event from skewing the metrics. We excluded threat detections associated with customer-confirmed testing.

As discussed in our Methodology section, Red Canary defines “threats” broadly as malware, tools, threat groups, or activity clusters—in short, any suspicious or malicious activity that represents a risk to you or your organization.

What’s included in this section?

We’ve written extensive analyses of 10 threats. Each threat-specific section includes:

  • analysis of relevant, novel, or changing threat tradecraft
  • descriptions of observable threat behaviors
  • guidance on how to detect the threat
  • information about atomic tests for emulating the threat
  • advice for mitigating the effects of the threat


How to use our analysis

These are the most prevalent threats occurring in our customer environments, so we can assume they are prevalent elsewhere. We include advice for responding to each threat and offer detection opportunities so you can better defend your organization. Some defenders may be able to take our detection guidance and apply it directly, while others may not. Regardless, defenders without a detection engineering function can still make use of the actionable analysis of each threat written by our intelligence experts.



Back to Top