According to anonymized metadata voluntarily provided by Kaspersky MDR customers, one-in-10 (9%) prevented cybersecurity incidents could cause major disruption or unauthorized access to the customer’s assets. The vast majority of incidents (72%) were of medium severity. This means that if these threats had not been detected by the service, they would have affected the performance of the assets or could lead to single data misuse cases.
Cyberattacks are growing in complexity and employing evasive techniques to avoid detection by security solutions. Detection and prevention of such threats requires seasoned threat hunters who can spot suspicious actions before they cause damage to a company. Kaspersky analyzed anonymized customers’ cases identified via the Kaspersky MDR service in Q4 2020[1] to see how widespread and severe resolved incidents were.
The research revealed that almost every industry, except mass media and transportation, saw high severity incidents during the analyzed period. Most often critical incidents affected organizations from the public sector (41% of all high severity incidents were detected in this industry), IT (15%) and financial (13%) verticals.
Almost a third (30%) of these critical incidents were human-driven targeted attacks. Almost one quarter (23%) of high severity incidents were classified as high impact malware outbreaks, including ransomware. In 9% of cases, cybercriminals gained access to a company’s IT infrastructure using social engineering techniques.
Kaspersky experts also noted that current APTs were typically detected together with artifacts of previous advanced attacks, suggesting that if an organization responds to a sophisticated threat, it’s often attacked again, likely by the same actor. Also, in organizations experiencing APTs experts often discovered signs of simulation of adversarial behavior, such as red teaming, or an assessment of a company’s operational security capabilities through a sophisticated attack simulation.
“Our study found that targeted attacks are rather common — more than one quarter (27%) of organizations faced them. The good news is that organizations that are likely to experience such incidents know about this risk and are prepared for them. These organizations employ services that help them assess their defensive capabilities, such as red teaming, as well as seek help from experts who can stop criminals, “– comments Gleb Gritsai, Head of Security Services, Kaspersky.