Serious security incidents have increased by half in the past year - from 9 percent in 2020 to 14 percent in 2021. This is shown by recent research based on the analysis of incidents reported by customers to Kaspersky Managed Detection and Response (MDR). based.
Increasingly complex infrastructures, skill shortages, and increasing sophistication of attacks can impact the efficiency of cybersecurity teams and their ability to detect hostile activity before incidents occur. To gain insight into the current threat landscape, Kaspersky analyzed anonymized customer incidents identified through its MDR service in 2021.
Accordingly, companies in all sectors had to contend with serious incidents during this period. The most common causes of critical incidents are the same as last year: targeted attacks (40,7 percent), malware with critical impact (14 percent), exploitation of publicly available critical vulnerabilities (13 percent), and social engineering (5,5 percent).
More targeted attacks
Targeted attacks in 2021 hit all of the vertical sectors evaluated in the research except education and mass media, although incidents related to targeted attacks were reported within media organizations. Most human-powered attacks have been identified in government, industrial, IT and financial sectors.
Major incidents are characterized by widespread use of non-malicious Living-off-the-Land (LotL) binaries that are already available on a target system. These tools allow cybercriminals to hide their activities and minimize the chances of being detected in the early stages of an attack. In addition to the widespread tools rundll32.exe, powershell.exe and cmd.exe, digital tools such as reg.exe, te.exe and certutil.exe are also often used in critical incidents.
carry out attack scenarios
In order to better protect themselves against targeted attacks, companies can use services that carry out the appropriate attack scenarios according to ethical and technologically comprehensible scenarios. Here, complex opposing cyber attacks are simulated in order to examine the digital resilience of a company. According to Kaspersky's MDR analysts, this was only used in 16 percent of companies.
"Our current MDR report shows that complex attacks are on the rise and more and more companies are confronted with critical incidents," explains Christian Milde, Managing Director Central Europe at Kaspersky. “One of the biggest challenges is that serious attacks require more time to investigate and provide recommendations and countermeasures. Last year, Kaspersky analysts managed to significantly shorten this indicator from just under 53 minutes in 2020 to 41 minutes. This was accomplished by adding more incident templates and introducing new telemetry enrichments that speed up triage.”
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/