According to the annual Kaspersky Incident Response 2023 report, more than one in every five cyberattacks in 2023 lasted more than a month. Trusted relationships emerged as a major assault vector in these extended situations. The report is based on the findings of Kaspersky’s cyberattack investigations throughout the year, which were gathered while aiding enterprises requesting incident response assistance or conducting expert events for their internal incident response teams.
According to the Kaspersky Incident Response 2023 report, long-lasting assaults that last more than a month accounted for 21.85% of the total, an increase of 5.55% from 2022. One significant theme in these assaults was the use of trusted relationships as the major vector. Compromises based on trusted relationships have occurred before, but their prevalence grew in 2023, accounting for 6.78% of all attacks.
Because this kind of attack allows threat actors to infiltrate several victims via a single compromised organization, investigative teams face new hurdles. First, initially targeted organizations may be unwilling to cooperate because they might not understand the need of thorough investigations.
Second, attacks begun through trusted contacts typically take longer to move from the first intrusion to the final invasion phase. Consequently, 50% of these attacks persisted longer than a month. The insider and phishing vectors had a similar rate of attacks that lasted more than a month.
Here are some Kaspersky recommendations:
- Foster a culture of security awareness among employees.
- Restrict public access to management ports.
- Enforce a zero-tolerance policy for patch management or implement compensatory measures for public-facing applications.
- Back up critical data to minimize damage
- Implement robust password policies and multifactor authentication.
- To enhance your company’s protection against advanced attacks and detect attacks at earlier stages, adopt managed security services.
- In case of suspicious activities that can lead to breaches or incidents that have already occurred, seek the help of cybersecurity experts who provide services.
“Cybersecurity threats are constantly evolving, and our latest findings underscore the critical role of trust in cyberattacks,” said Konstantin Sapronov, head of Global Emergency Response Team at Kaspersky. “In 2023 and for the first time in recent years, attacks through trusted relationships were among the three most used vectors. Half of these incidents were discovered only after a data leak had been found. By exploiting trusted relationships, threat actors can prolong attacks and infiltrate networks for extended periods, posing significant risks to organizations. It’s imperative for businesses to remain vigilant and prioritize security measures to safeguard against such sophisticated tactics.”
To learn more or how Kaspersky can help, please check out the full Incident Response 2023 report.