There are a number of vendors who put out good reports. Mandiant and Verizon come to mind, but I’m sure there are others.

Anyway.

What I like to do is skim them and capture my favorite bullets, and that’s what I’ve done below for the Mandiant M-Trends 2016 Summary.

Summary

• More breaches became public in 2015 than ever before
• The location and motives of attackers was more diverse
• There was a drop of 50 days in the average time it took to notice a breach
• There were far more disruptive attacks, i.e. where ransomware was used, or data was deleted or damaged, or production systems were modified in subtle ways
• There were a lot more bulk exports of PII from Chinese threat actors (dun dun DUN!)
• Another trend is to exploit networking gear during targeted and persistent campaigns. They often modify ACLs to give themselves long-term access
• They continue to see the use of third parties to gain access to targets

Overall a great report; I recommend you read the whole thing. They go into significant depth on each topic.