Trends

Despite some promising disruptions to the ransomware ecosystem in 2023, defenders should stay vigilant in detecting common precursor behavior.

Adversaries employed tried-and-true initial access methods in 2023, with a few new variations on perennial themes.

In the era of single-sign-on and cloud-based-everything, there’s no better way for an adversary to sneak into a corporate environment than by compromising identities.

Despite some shiny new vulnerabilities in the headlines, adversaries’ post-exploitation playbooks have largely remained the same.

If identities are the new perimeter, information-stealing malware helps adversaries cross over.

Adversary abuse of remote monitoring and management (RMM) tools attracted extra attention in 2023, due in part to at least one prolific adversary leveraging these tools extensively.

Armed with stolen short-term tokens or credentials, adversaries might be spending more time in cloud services providers’ APIs than some administrators.

An important question looms in the infosec conversation about AI: Will generative AI tools better benefit defenders or adversaries?

More than a quarter of Red Canary’s customers performed some kind of testing in 2023.

Our analysis of technique and threat prevalence and detection volume across sectors suggests that an organization’s industry is not a key factor in determining the level or nature of risk they face.