The Picus Red Report 2023 Reveals Most Common MITRE ATT&CK Techniques

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries


Keeping pace with the threat landscape is tough. With so much intelligence to collect and analyze, it can be challenging to know what action to take to best impact your organization’s security posture.

For the past three years, Picus Security has sought to help security professionals better understand and prioritize their defense against cyberattacks by studying the behavior of malware and by publishing our annual ‘The Red Report’ to share the findings.

To compile The Red Report 2023, Picus Labs researchers collected over half a million malware samples - their biggest research project to date. From these samples, over five million malicious actions were extracted and mapped to The MITRE ATT&CK Framework

The Red Report Top Ten is a list of the most prevalent ATT&CK techniques identified.

Read the report 

The rise of ‘Swiss Army knife’ malware

One of the most notable trends highlighted by this year’s Red Report is the extent to which the techniques used by attackers continue to change year-on-year. Three of the techniques in The Red Report Top Ten 2023 are first-time entries. Compared to the 2020 version of the report, the latest list paints a very different picture.

The increasing sophistication of the techniques observed is also a concerning trend, highlighted by the rise of ‘Swiss Army knife’ malware - multi-purpose malware capable of performing actions across the cyber-kill chain and evading security controls. 

More than one-third of malware samples analyzed by Picus Labs can exhibit more than 20 individual Tactics, Techniques and Procedures (TTPs). 10% of malware is capable of more than 30 TTPs.

The ATT&CK techniques listed in this year’s Red Report Top Ten also highlight how the latest malware is equipped to abuse legitimate software, perform lateral movement and encrypt files. A quarter of malware analyzed is capable of performing ransomware attacks.

Download the full report for more insights

With insights for all security professionals, The Report Report is a must-read to help achieve a threat-centric approach and ensure that your organization’s efforts to enhance threat coverage are focused on areas that will significantly reduce cyber risk.

Read the full version of The Red Report 2023 to learn more about its key findings and for recommendations to enhance your defense against The Top ATT&CK Techniques.

Modern malware takes many forms 
Dr. Suleyman Ozarslan, Picus Security Co-founder and VP of Picus Labs -

“Some rudimentary types of malware are designed to perform basic functions. Others, like a surgeon’s scalpel, are engineered to conduct single tasks with great precision. 

“Now we are seeing more malware that can do anything and everything. This ‘Swiss Army knife’ malware can enable attackers to move through networks undetected at great speed, obtain credentials to access critical systems, and encrypt data.”

Read The Red Report 2023