There are a number of vendors who put out good reports. Mandiant and Verizon come to mind, but I’m sure there are others.
What I like to do is skim them and capture my favorite bullets, and that’s what I’ve done below for the Mandiant M-Trends 2016 Summary.
- More breaches became public in 2015 than ever before
- The location and motives of attackers was more diverse
- There was a drop of 50 days in the average time it took to notice a breach
- There were far more disruptive attacks, i.e. where ransomware was used, or data was deleted or damaged, or production systems were modified in subtle ways
- There were a lot more bulk exports of PII from Chinese threat actors (dun dun DUN!)
- Another trend is to exploit networking gear during targeted and persistent campaigns. They often modify ACLs to give themselves long-term access
- They continue to see the use of third parties to gain access to targets
Overall a great report; I recommend you read the whole thing. They go into significant depth on each topic.