Top Detected TTPs (Tactics, Techniques, and Procedures) The top TTPs are associated with activities such as data exfiltration and data encryption, which are known tactics of ransomware groups and cybercrime threat actors. This corresponds with the overall trend emerging from our analysis of cybercrime-related attacks in 2023. Top Detected TTPs of 2023: A comparison between 2022 and 2023 findings reveals that the top 5 targeted industries remained constant. Nation-state threat actors (APT groups) are heavily focused on exfiltrating data from government and technology organizations, while cybercriminals are often targeting the financial industry for profit, and healthcare organizations for their sensitive data. Also, the healthcare industry is known for its poor security and therefore is considered to be an “soft” target with high success rates for attacks. Cybercriminals, primarily motivated by financial gain, remained the leading threat actors in 2023, aligning with the steady increase in financially-motivated ransomware attacks globally. 5 0 . 5 % 3 2 . 8 % 1 2 . 4 5 % 4 . 2 5 % Top Threat Actors of 2023 Cybercriminals (criminal / criminal syndicate) Nation-state (APT) Others Hacktivists Tools/files are transferred from an external system into a compromised environment & copied from an external adversary-controlled system to the victim network via the command & control channel or via alternate protocols (FTP, etc.) ID T1105 Ingress Tool Transfer 22.5 % Data is encrypted on target systems or on large numbers of systems in a network to interrupt availability to system and network resources ID T1486 Data Encrypted for Impact 22.5 % ID T1059 Command & script interpreters are abused to execute commands, scripts, or binaries Command & Scripting Interpreter 19.1 % ID T1071 Adversaries communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic Application Layer Protocol 18.1 % ID T1190 A weakness (software bug, a temporary glitch, or misconfiguration) in an internet-facing host or system is exploited to initially access a network Exploit Public-Facing Application 17.8 % Year of GenAI 2 Threat Snapshot 3 Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1