2023 State of the Threat: A Year in Review

Discover the Essentials About How the Threat Landscape Changed in the Past Year

2023 State of the Threat

Get the Report

All fields are required.

Want to hear more from Secureworks’ expert contributors? Watch on-demand recordings of the 2023 Global Threat Intelligence Summit for detailed insight on today’s most critical threats.

Start watching now

Key Findings from the State of the Threat Report

  • This 70+ page report comprehensively considers cybersecurity events from the end of June 2022 through June 2023. These events have been heavily influenced by geopolitical tensions across the globe, a continuing stream of critical vulnerabilities, and upheavals in the shape of the cybercriminal ecosystem, with some players maintaining their leading position and others coming and going.
  • Based on insights from customer telemetry, incident response, underground monitoring, threat emulation, proactive threat research and intelligence relationships, CTU researchers observed the following high-level trends across the threat landscape:

Ransomware remains the primary threat facing organizations, with attack numbers returning to and then exceeding historical norms. Average dwell times have dropped significantly. 2023 may prove the most prolific year for ransomware attacks to date.


Infostealer activity has also increased, meaning that stolen credentials now vie with scan-and-exploit as some of the most significant precursors of ransomware attacks.


Microsoft’s disabling-by-default of macros in documents from the internet has forced threat actors to innovate in how they deliver malware.


Hostile state-sponsored threat activity remains driven by the political imperatives of each sponsoring nation.


Supply chain attacks on and through suppliers provide both state-sponsored and cybercriminal threat actors with maximum impact for effort expended.


Drive-by downloads are becoming increasingly popular as a malware delivery method. Over the past year, they have surged in use as an initial access vector for ransomware.


Regular and timely patching remains as essential as ever in preventing threat actors from compromising networks.


Artificial intelligence is a supporting tool to existing threat actors, rather than a new class of threatfor the time being.

How Secureworks Created State of the Threat

CTU researchers analyze trillions of security events every week, gathered from the Taegis XDR platform. Combined with data obtained through botnet and threat actor emulation, proactive research, and insights gathered through Secureworks Incident Response engagements, this report represents one of the most comprehensive views of the threat landscape.

Download the report now for a detailed visualization of the threats the CTU team has discovered, the intelligence gathered from incident response engagements, and advice on securing your most valuable business assets.


proactive and reactive incident response engagements each year

1.8 Trillion+

event logs processed by Taegis every week of the year


botnet emulation capabilities, giving us a threat actor’s eye view of the threat landscape