According to the Kaspersky Incident Response 2023 report, over 1/5 of cyberattacks in 2023 lasted more than a month. Trusted relationships were identified as a key attack vector in these prolonged cases.
The Kaspersky Incident Response 2023 report shows that cyberattacks lasting over a month increased by 5.55% from 2022, accounting for 21.85%. There’s a notable trend of exploiting trusted relationships, making up 6.78% of the attacks.
This attack method allows threat actors to access multiple victims by compromising a single organization, posing several extra challenges for investigative teams. Initially, organizations that are targeted may not fully understand the significance of thorough investigations and may be hesitant to collaborate.
Secondly, attacks from trusted relationships often take longer to progress, with 50% lasting over a month. A similar proportion of attacks exceeding one month were only seen in insider and phishing vectors.
“In 2023 and for the first time in recent years, attacks through trusted relationships were among the three most used vectors. Half of these incidents were discovered only after a data leak had been found. By exploiting trusted relationships, threat actors can prolong attacks and infiltrate networks for extended periods, posing significant risks to organizations. It’s imperative for businesses to remain vigilant and prioritize security measures to safeguard against such sophisticated tactics,” commented Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky.
To mitigate the risks highlighted in the report, Kaspersky recommends:
- Foster a culture of security awareness among employees.
- Restrict public access to management ports.
- Enforce a zero-tolerance policy for patch management or implement compensatory measures for public-facing applications.
- Back up critical data to minimize damage.
- Implement robust password policies and multifactor authentication.
- To enhance your company’s protection against advanced attacks and detect attacks at earlier stages, adopt managed security services such as Kaspersky Managed Detection and Response (MDR).
- In case of suspicious activities that can lead to breaches or incidents that have already occurred, seek the help of cybersecurity experts who provide services such as Kaspersky Incident Response.
To learn more, read the Incident Response 2023 report in this link.
Leave a comment