Major industries, including finance, IT, industrial and government sectors, report over two critical security incidents with direct human involvement per day, new research from Kaspersky shows.
The Managed Detection and Response Analyst Report for 2023 details that more than one in five (22.9%) of high-severity incidents in 2023 were reported by the government sector, closely followed by the IT sector (15.4%).
The financial industry is less hard hit at just 14.9%, with industrial companies suffering just 11.8% of incidents.
Human coordinated attacks most effective
Almost one quarter of critical security incidents during 2023 were perpetrated with direct human involvement, with the most popular living-off-the-land attacks utilising powershell.exe, rendll32.exe and msiexec.exe.
In terms of MITRE ATT&CK techniques, phishing, account manipulation and exploitation of remote services were the most popular techniques used by attackers. The mean time to report for high severity incidents ranked at 36.37 minutes, with medium and low severity incidents taking 32.55 and 48.01 minutes respectively.
Speaking on the results of the report, Sergey Soldatov, Head of Security Operations Center at Kaspersky said, “In 2023, Kaspersky detected a smaller number of high-severity incidents, but observed a simultaneous increase in the number of medium and low severity ones. This redistribution of occurrences is associated with the detection of malware without visible traces of active human participation in attacks, which can be explained by the “commoditization of tools”.”
“However, it’s important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and become more dangerous. Therefore, we recommend the use of effective automated cybersecurity solutions managed with the help of experienced SOC analysts,” Soldatov said.