According to anonymised data voluntarily provided by Kaspersky MDR customers, every tenth blocked cyber security incident (9%) can cause a serious disruption in the operation of the customer’s systems or provide unauthorized access to them. The vast majority of incidents (72%) were moderate in severity. This means that if the service had not detected these threats, they would have affected the performance of the devices or led to data misuse.
Cyber-attacks are becoming more complex and employ techniques that circumvent protection so that security solutions do not notice them. Detecting and preventing such threats requires experienced threat hunters who discover suspicious operations before they cause harm to the company. Kaspersky disclosed through its MDR service, Q4 2020 -> [1] anonymized clients
The research revealed that there were very serious incidents in almost all industries during the period analyzed, with the exception of the mass media and the transport sector. Critical incidents mostly concerned organizations in the public sector (41% of all serious incidents were detected here), the IT sector (15%) and the financial sector (13%).
Almost a third (30%) of these critical incidents were man-directed, targeted attacks. Nearly a quarter (23%) of very serious incidents have been classified as high-impact malware epidemics, including extortion viruses. In 9% of cases, cybercriminals gained access to companies’ IT infrastructure using psychological manipulation techniques.
Kaspersky’s experts also observed that the current APT they have typically been detected along with artifacts from previous advanced attacks, suggesting that if an organization responds to a sophisticated threat, it is often the subject of another attack, most likely by the same attacker. In addition, professionals who have experienced APTs have often discovered offensive behavior – e.g. red teaming – or that the company’s level of operational security has been measured by simulating a sophisticated attack.
“ Our study found that targeted attacks are quite common: more than a quarter (27%) of organizations have encountered them. These organizations use services that help assess their defenses (eg red teaming) and seek help from professionals who can stop criminals “- explained Gleb Gricsaj, Head of Security Services at Kaspersky.
Kaspersky recommends that organizations: For protection against APTs and other advanced threats:
· Dedicated services can help prevent high-profile threats. Kaspersky’s Managed Detection and Response service detects and stops attacks at an early stage before attackers can reach their targets.
· Use dedicated endpoint protection, threat detection, and response products to detect and respond to new and evasive threats in a timely manner. System of Kaspersky Optimum Framework with EDR and MDR in combination with basic endpoint protection solutions.
· Provide Security Operations Center (SOC) teams with access to the latest threat analysis data and regular professional training.
· Provide employees with basic training in cyber security, as many targeted attacks are triggered by phishing or other psychological manipulation techniques.
The full report is available at the following link.
About Kaspersky
Kaspersky is a global cyber security company founded in 1997. . Kaspersky uses its knowledge and security expertise in Internet threats to continuously develop innovative security solutions and services to provide protection for businesses, critical infrastructure, governments and consumers worldwide. The company’s extensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to combat complex and evolving digital threats. Kaspersky technologies protect more than 400 million users and help 270,000 enterprise customers protect what is most important to them. More information: www.kaspersky.com
-> [1] 2020. since the fourth quarter, when the service became available in certain markets. Global implementation took place in the first quarter of 2021.
