Introduction
Trends
Red Canary performed an analysis of emerging and significant trends that we’ve encountered in confirmed threats, intelligence reporting, and elsewhere over the past year. We’ve compiled the most prominent trends of 2022 in this report to show major themes that may continue into 2023.
The Technique and Threat sections of this report are focused on detection data and identifying prevalent ATT&CK techniques and threat associations from the nearly 40,000 confirmed threats we detected in 2022. The Trends section takes us one step beyond that data and allows us to narrate events that might not be prevalent in our detection dataset but may be emergent or otherwise deserve your attention.
trend
Ransomware
Ransomware
2022 brought significant developments to the ransomware ecosystem, but the basic—and detectable—adversary behaviors remain the same.
trend
Initial access tradecraft
Initial access tradecraft
Adversaries reevaluated their initial access methodologies in 2022 and leveraged old tradecraft in new ways at prodigious scale.
trend
Command and control (C2) frameworks
Command and control (C2) frameworks
Move over Cobalt Strike: adversaries and testers have more options for post-exploitation frameworks than ever.
trend
Stealers
Stealers
Stealer malware—such as RedLine, Raccoon, and Vidar—enabled some of the highest-profile breaches in 2022.
trend
Identity attacks
Identity attacks
Adversaries are sparking all sorts of identity crises by intercepting MFA requests and other user authentication mechanisms.
trend
Email threats
Email threats
Organizations are transitioning their most ubiquitous business tool to the cloud, and email account compromise activity continues apace as adversaries are following right along.
trend
Adversary emulation and testing
Adversary emulation and testing
Customers are testing more and emulating the same techniques that adversaries abuse, but differences in tooling and tradecraft can limit effectiveness.
How to use our analysis
The 2022 trends section is intended to provide valuable insight and actionable recommendations for security leaders to make informed decisions. We offer advice to help defenders prepare, prevent, detect, and mitigate activity associated with each trend. The guidance we provide differs, since each trend requires a different approach. You might also use our analysis to help anticipate and plan for key trends that may continue into 2023, just as we saw with 2021 trends extending into 2022.