Skip Navigation
Get a Demo
 
Threat Detection Report
Top threats

The following chart illustrates the specific threats Red Canary detected most frequently across our customer environments in 2024.

In addition to the top 10, read our Field Guide to the other threat clusters that our Intelligence team is tracking.

  .
SocGholish
 
4.9% of customers affected
  .
Impacket
 
4.4%
  .
Scarlet Goldfinch
 
3.4%
  .
Mimikatz
 
3.2%
  .
Amber Albatross
 
2.9%
  .
LummaC2
 
2.8%
  .
NetSupport Manager
 
2.7%
  .
Gootloader
 
2.4%
  .
Gamarue
 
2.4%
  .
HijackLoader
 
1.8%

What’s included in this section?

We’ve written extensive analyses of 10 threats. Each threat-specific section includes:

  • analysis of relevant, novel, or changing threat tradecraft
  • descriptions of observable threat behaviors
  • guidance on how to detect the threat
  • information about atomic tests for emulating the threat
  • advice for mitigating the effects of the threat

 

How to use our analysis

These are the most prevalent threats occurring in our customer environments, so we can assume they are prevalent elsewhere. We include advice for responding to each threat and offer detection opportunities so you can better defend your organization. Some defenders may be able to take our detection guidance and apply it directly, while others may not. Regardless, defenders without a detection engineering function can still make use of the actionable analysis of each threat written by our intelligence experts.

 

 

What’s included in this section?

We ranked these threats by the percentage of customer organizations affected to prevent a single, major security event from skewing the metrics. We excluded threat detections associated with customer confirmed testing.

As discussed in our Methodology section, we choose to define “threats” broadly as malware, tools, threat groups, or activity clusters – in short, any suspicious or malicious activity that represents a risk to you or your organization

How to use our analysis

These are the most prevalent threats occurring in our customer environments, so we can assume they are prevalent elsewhere. We include advice for responding to each threat and offer detection opportunities so you can better defend your organization. Some defenders may be able to take our detection guidance and apply it directly, while others may not. Regardless, defenders without a detection engineering function can still make use of the actionable analysis of each threat written by our Intelligence experts.

Where Next

Explore
Trends

Red Canary performed an analysis of emerging and significant trends that we’ve encountered in confirmed threats, intelligence reporting, and elsewhere over the past year.

TOP 10
Techniques

We’ve analyzed the most prevalent techniques occurring in our customer environments.

Security gaps? We got you.

Get curated insights on managed detection and response (MDR) services, threat intelligence, and security operations—delivered straight to your inbox every month.

 
 
 
 
Back to Top