Skip to Main ContentSkip to Footer

2023 State of the Threat: A Year in Review

Discover the Essentials About How the Threat Landscape Changed in the Past Year

2023 State of the Threat

Get the Report

All fields are required.
Access Now
 

Learn what lies behind the most important cyberthreats we are facing in 2023.

During 2023, the threat to Secureworks® customers posed by ransomware has grown even greater. Download the 2023 State of the Threat report now to discover why ransomware attack numbers rose to new highs this past year. Learn what roles the flourishing market for infostealers and logs play in this increase and find out how median dwell times have dropped to less than one day, from 4.5 days in 2022, and what that means for network defenders.

State-Sponsored Threats

State-sponsored threat levels remain high, too — whether in the form of retaliatory action from Russian threat groups for support for Ukraine, cyberespionage from China, financial theft from North Korea, or suppression of dissent or criticism from Iran. These well-resourced threat groups grow ever more capable. Read about new tactics and techniques and discover whether you might be at risk.

Discover New Tactics

The report also reveals how threat actors of all types adapt regularly and with agility to changes in their ecosystem. Even with disruptions from war, industry initiatives like Microsoft’s disabling of macros, or law enforcement action, threat actors do all they can to respond and profit. Understanding how they do this is the only way to beat them.

Unmatched Expertise and Research

Secureworks Counter Threat Unit™ (CTU™) researchers work throughout the year to analyze and report on these changes to help Secureworks customers stay one or even several steps ahead of adversaries. Throughout the year, this research contributes to the creation of Secureworks Taegis™ XDR countermeasures to alert customers about early signs of threat actor presence on their networks. It also informs the production of incisive threat intelligence, including this report. Read it now to stay informed and ahead of the adversary, and to protect your organization.

< 1 Day

Median ransomware detection window between initial access and deployment

< 7 Million

Number of infostealer-sourced credentials for sale on one day in one underground marketplace

64%

The percentage of initial access vectors jointly accounted for by scan-and-exploit and stolen credentials

 

Want to hear more from Secureworks’ expert contributors? Watch on-demand recordings of the 2023 Global Threat Intelligence Summit for detailed insight on today’s most critical threats.

Start watching now

Key Findings from the State of the Threat Report

  • This 70+ page report comprehensively considers cybersecurity events from the end of June 2022 through June 2023. These events have been heavily influenced by geopolitical tensions across the globe, a continuing stream of critical vulnerabilities, and upheavals in the shape of the cybercriminal ecosystem, with some players maintaining their leading position and others coming and going.
  • Based on insights from customer telemetry, incident response, underground monitoring, threat emulation, proactive threat research and intelligence relationships, CTU researchers observed the following high-level trends across the threat landscape:
01

Ransomware remains the primary threat facing organizations, with attack numbers returning to and then exceeding historical norms. Average dwell times have dropped significantly. 2023 may prove the most prolific year for ransomware attacks to date.

03

Infostealer activity has also increased, meaning that stolen credentials now vie with scan-and-exploit as some of the most significant precursors of ransomware attacks.

05

Microsoft’s disabling-by-default of macros in documents from the internet has forced threat actors to innovate in how they deliver malware.

07

Hostile state-sponsored threat activity remains driven by the political imperatives of each sponsoring nation.

02

Supply chain attacks on and through suppliers provide both state-sponsored and cybercriminal threat actors with maximum impact for effort expended.

04

Drive-by downloads are becoming increasingly popular as a malware delivery method. Over the past year, they have surged in use as an initial access vector for ransomware.

06

Regular and timely patching remains as essential as ever in preventing threat actors from compromising networks.

08

Artificial intelligence is a supporting tool to existing threat actors, rather than a new class of threatfor the time being.

How Secureworks Created State of the Threat

CTU researchers analyze trillions of security events every week, gathered from the Taegis XDR platform. Combined with data obtained through botnet and threat actor emulation, proactive research, and insights gathered through Secureworks Incident Response engagements, this report represents one of the most comprehensive views of the threat landscape.

Download the report now for a detailed visualization of the threats the CTU team has discovered, the intelligence gathered from incident response engagements, and advice on securing your most valuable business assets.

1,300+

proactive and reactive incident response engagements each year

1.8 Trillion+

event logs processed by Taegis every week of the year

Unique

botnet emulation capabilities, giving us a threat actor’s eye view of the threat landscape