Major industries, including the financial, IT, industrial and government sectors, report more than two critical security incidents with direct human involvement every day, according to new research from Kaspersky.
The Managed detection and response analyst report for 2023, it appears that more than one in five (22.9%) of the very serious incidents in 2023 were reported by the public sector, closely followed by the IT sector (15.4%).
The financial sector is only 14.9% less affected, while industrial companies suffer only 11.8% of incidents.
Human-coordinated attacks are the most effective
Nearly a quarter of critical security incidents in 2023 were committed with direct human involvement, with the most popular attacks on living beings using powershell.exe, rendll32.exe and msiexec.exe.
In terms of MITER ATT&CK techniques, phishing, account manipulation, and remote service exploitation were the most popular techniques used by attackers. The average time to report for high severity incidents was 36.37 minutes, while medium and low severity incidents took 32.55 and 48.01 minutes, respectively.
Speaking about the results of the report, Sergey Soldatov, head of the Security Operations Center at Kaspersky, said: “In 2023, Kaspersky detected a smaller number of high-severity incidents, but noted a simultaneous increase in the number of medium- and low-severity incidents. This redistribution of occurrences is related to the detection of malware without visible traces of active human participation in attacks, which can be explained by the ‘commoditization of tools’.
“However, it is important to understand that the low number of very serious incidents does not necessarily indicate low damage. Targeted attacks are now more carefully planned and become more dangerous. Therefore, we recommend the use of effective automated cybersecurity solutions managed with the help of experienced SOC analysts,” said Soldatov.