In 2023, over one-fifth of cyberattacks persisted for more than a month, according to the annual Kaspersky Incident Response 2023 report. This year’s report highlights a troubling increase in prolonged cyber incidents, with trusted relationships emerging as a significant attack vector in these extended cases.
Drawing from Kaspersky’s comprehensive cyberattack investigations throughout the year, the report reveals that 21.85% of all cyberattacks lasted more than a month, marking a 5.55% increase from 2022. A notable trend within these prolonged attacks was the exploitation of trusted relationships, which accounted for 6.78% of the total number of attacks.
Trusted relationships as an attack vector have been exploited in the past, but their frequency saw a marked rise in 2023. This method allows threat actors to infiltrate multiple victims through a single compromised organization, presenting substantial challenges for investigative teams.
One primary challenge is the initial response from targeted organizations. Often, these organizations fail to recognize the significance of thorough investigations and may show reluctance to cooperate. This hampers the ability of incident response teams to fully understand and mitigate the extent of the compromise.
Additionally, attacks leveraging trusted relationships generally require more time to progress from the initial intrusion to the final incursion phase. As a result, half of these attacks extended beyond a month. Similarly, a comparable proportion of prolonged attacks were linked to insider threats and phishing vectors.
To mitigate the risks highlighted in the report, Kaspersky recommends:
- Foster a culture of security awareness among employees.
- Restrict public access to management ports.
- Enforce a zero-tolerance policy for patch management or implement compensatory measures for public-facing applications.
- Back up critical data to minimize damage
- Implement robust password policies and multifactor authentication.
- To enhance your company’s protection against advanced attacks and detect attacks at earlier stages, adopt managed security services such as Kaspersky Managed Detection and Response (MDR).
- In case of suspicious activities that can lead to breaches or incidents that have already occurred, seek the help of cybersecurity experts who provide services, such as Kaspersky Incident Response.