The Kaspersky Incident Response 2023 report indicates a significant rise in long-lasting cyberattacks, with trusted relationships emerging as a key vector. Organizations are urged to enhance their security measures to combat these sophisticated threats.
17 May 2024 – In its annual Incident Response report for 2023, Kaspersky has revealed that over 21.85% of cyberattacks persisted for more than a month, marking a 5.55% increase from the previous year. The report, based on Kaspersky’s cyberattack investigations and expert events, highlights trusted relationships as a significant attack vector in these prolonged cases, accounting for 6.78% of the total attacks.
Exploitation of trusted relationships, where attackers compromise a single organization to infiltrate multiple associated entities, has become more frequent in 2023. These types of attacks often evade early detection and extend the time from initial intrusion to final incursion. Half of the attacks utilizing trusted relationships, as well as insider and phishing attacks, lasted over a month.
Investigating these attacks poses several challenges. Initially targeted organizations might not recognize the need for comprehensive investigations, hindering response efforts. Furthermore, many of these incidents were only uncovered following a data breach, emphasizing the necessity for vigilant security measures.
Konstantin Sapronov, Head of Kaspersky’s Global Emergency Response Team, stressed the evolving nature of cybersecurity threats and the importance of trust in these attacks. He urged businesses to enhance their security protocols to protect against sophisticated tactics.
To mitigate these risks, Kaspersky recommends fostering a culture of security awareness, restricting public access to management ports, enforcing strict patch management policies, backing up critical data, and implementing robust password policies and multifactor authentication. They also advocate for the adoption of managed security services like Kaspersky Managed Detection and Response (MDR) and seeking expert assistance for suspicious activities or breaches.