The cybersecurity threat landscape is constantly evolving as new threat actors, technologies and threats emerge, creating an uncertain world for organisations and the public alike with potential pitfalls in even opening an email. Cybersecurity professionals must stay vigilant and ahead of rapidly evolving schemes, threats and strategies by cybercriminals who are leveraging open source technologies and are becoming increasingly sophisticated.
Based on the findings from the Kaspersky Incident Response Analyst Report 2023, the present scale of cyberthreats saw that 75% of cyberattack attempts exploited Microsoft Office. In terms of infection vectors, 42.3% of successful attempts used publicly available applications with 20.3% using compromised accounts while just 8.5% used brute force credentials.
When it comes to infection vectors, most incursions were on attackers using stolen or purchased credentials before committing a remote desktop protocol (RDP) attack, phishing emails loaded with malicious attachments and links and malicious files on public resources imitating document templates. As a silver lining, attack attempts dropped by 36% in Q1 of 2023 compared to the same period in 2022.
After incurring a cyberattack, the aftermath resulted in 33.3% of organisations getting their data encrypted, 21.1% incurring data theft and 12.2% encountered compromised active directories.
Based on a prior Kaspersky survey conducted in 2022, the biggest looming cyberthreat risk is ransomware (66%) along with data theft (also 66%), followed closely by cybersabotage (62%), supply chain attacks (60%) and DDos attacks (also 60%), cyberespionage (59%), advanced persistent threats [APT] (57%) and cryptomining (56%). For 2024, currently trending cyberthreats are primarily supply chain attacks (6.8%) and targeted phishing attempts (5.1%) which remain a clear and present threat for businesses.
Based on the same 2023 statistics, the most prolific target by threat actors was governments (27.9%), financial institutions (12.2%), manufacturing (17%) and IT companies (8.8%). In terms of targeted regions, Asia and CIS saw the most cybersecurity incidents at 47.3% followed by the Americas (21.8%), the Middle East (10.9%) and Europe (9.1%). “Governments were the most prolific target by threat actors followed distantly by manufacturing and financial institutions with the largest cyberthreat risk being ransomware and cybersabotage,” said Igor Kuznetsov, Director, Global Research & Analysis Team (GReAT) at Kaspersky.
Based on statistics from Kaspersky’s security solutions employed by clients, over 220,000 businesses were protected around the world with 6.1 billion attacks prevented with Kaspersky security solutions along with 437 million internet-borne threats detected and stopped. In addition, over 325,000 users were saved from financial loss after banking trojans were detected and thwarted.
To achieve this, Kaspersky security services detected over 411,000 unique malware samples daily in 2024 which is an increase over 403,000 daily in 2023. In terms of cybersecurity incidents, over 99% were detected by automatic systems. 2023 also saw 106 million unique malicious URLs detected and 200 advanced persistent threat (APTs) groups that are currently active.
The prevailing trend is that cybercrime is often run as a business with the majority of detected cybersecurity incidents (71%) being financially driven. There was a marked rise in ransomware incidents that saw the percentage of users affected by targeted ransomware almost doubling in 2021-2022. This was borne with a survey that saw 68% of business owners surveyed believing that IT security risks keep rising.
“There are three popular myths in regards to ransomware,” said Igor,” the first being that cybercriminals are just criminals with an IT education, that the targets of ransomware are set before an attack and that ransomware gangs are acting along.” Contrary to popular opinion, most cyber incidents are opportunistic attacks while many ransomware gangs actually work with affiliates much like a business, performing ransomware as a service (RaaS).
These various specialised cybercriminals all play their part and once a malware payload has been delivered, specialised threat actors who act as professional negotiators come into play to get the ransom paid and after the ransom is paid, to then get the funds laundered before the cycle repeats itself.
“Ultimately, affected organisations must not pay a ransom which will perpetuate and enable more cybercrime,” said Igor. He warned that even if a ransom is paid, the data may have already been stolen and could be leaked later or used for further extortion attempts.
