Introduction
Trends
Red Canary performed an analysis of emerging and significant trends that we’ve encountered in confirmed threats, intelligence reporting, and elsewhere over the past year. We’ve compiled the most prominent trends of 2023 in this report to show major themes that may continue into 2024.
The Technique and Threat sections of this report are focused on detection data and identifying prevalent ATT&CK techniques and threat associations from the more than 58,000 confirmed threats we detected in 2023. The Trends section takes us one step beyond that data and allows us to narrate events that might not be prevalent in our detection dataset but may be emergent or otherwise deserve your attention.
Introduction
Trends
Red Canary performed an analysis of emerging and significant trends that we’ve encountered in confirmed threats, intelligence reporting, and elsewhere over the past year. We’ve compiled the most prominent trends of 2023 in this report to show major themes that may continue into 2024.
The Technique and Threat sections of this report are focused on detection data and identifying prevalent ATT&CK techniques and threat associations from the more than 58,000 confirmed threats we detected in 2023. The Trends section takes us one step beyond that data and allows us to narrate events that might not be prevalent in our detection dataset but may be emergent or otherwise deserve your attention.
trend
Ransomware
Ransomware
Despite some promising disruptions to the ransomware ecosystem in 2023, defenders should stay vigilant in detecting common precursor behavior.
trend
Initial access tradecraft
Initial access tradecraft
Adversaries employed tried-and-true initial access methods in 2023, with a few new variations on perennial themes.
trend
Identity attacks
Identity attacks
In the era of single-sign-on and cloud-based-everything, there’s no better way for an adversary to sneak into a corporate environment than by compromising identities.
trend
Vulnerabilities
Vulnerabilities
Despite some shiny new vulnerabilities in the headlines, adversaries’ post-exploitation playbooks have largely remained the same.
trend
Stealers
Stealers
If identities are the new perimeter, information-stealing malware helps adversaries cross over.
trend
Remote monitoring and management tools
Remote monitoring and management tools
Adversary abuse of remote monitoring and management (RMM) tools attracted extra attention in 2023, due in part to at least one prolific adversary leveraging these tools extensively.
API abuse in the cloud
API abuse in the cloud
Armed with stolen short-term tokens or credentials, adversaries might be spending more time in cloud services providers’ APIs than some administrators.
Artificial intelligence (AI)
Artificial intelligence (AI)
An important question looms in the infosec conversation about AI: Will generative AI tools better benefit defenders or adversaries?
trend
Adversary emulation and testing
Adversary emulation and testing
More than a quarter of Red Canary’s customers performed some kind of testing in 2023.
Industry and sector analysis
Industry and sector analysis
Our analysis of technique and threat prevalence and detection volume across sectors suggests that an organization’s industry is not a key factor in determining the level or nature of risk they face.
How to use our analysis
The 2023 Trends section provides valuable insights and actionable recommendations for security leaders to make informed decisions. We offer advice to help defenders prepare, prevent, detect, and mitigate activity associated with these trends where relevant. The guidance we provide differs, since each trend requires a different approach. You might also use our analysis to help anticipate and plan for key trends that may continue into 2024, just as we saw with 2022 trends extending into 2023.