Govt sector leads in daily high-severity cyber incidents in 2023

More than two high-severity cybersecurity incidents involving human interaction have been identified each day across various industries, including financial, IT, government, and the industrial sector, in 2023, Kaspersky reported in its annual Managed Detection and Response (MDR) Analyst Report.

The government sector had the highest portion of these threats, with 22.9% of all high-severity incidents reported. This was closely followed by IT companies at 15.4%, and then financial and industrial firms who reported 14.9% and 11.8% respectively. The report also noted that nearly 25% of such incidents were human-driven.

On the brighter side, Kaspersky observed a small reduction in malware attacks leading to significant consequences compared to previous years. They made up just above 12% of total critical incidents reported in 2023. This represents the smallest share of high-severity incidents in recent times and is attributed to the commoditization of attacks. This trend signals the growing adoption of previously developed tools, initially devised for conducting targeted campaigns. Due to either deliberate or unintentional leaks, these tools have become widespread and are now being repurposed for fully automated attack schemes.

The annual MDR Analyst Report provided details about the reported incidents, their nature, and distribution across industries and geographical regions. It also highlighted the most commonly used tactics, techniques, and tools by attackers in the past year. The report's results are grounded on an analysis of MDR incidents detected by the Kaspersky Security Operations Center (SOC).

Notably, the 2023 MDR's report found that the proportion of incidents involving detection of targeted attack artifacts, available critical vulnerabilities, and usage of social engineering techniques was about 4-5%. Kaspersky detected a lesser number of high-severity incidents in 2023 but simultaneously observed an increase in medium and low-severity threats.

Sergey Soldatov, Head of Security Operation Center at Kaspersky, provided insights into this shift, "This redistribution of occurrences is associated with the detection of malware without visible traces of active human participation in attacks, which can be explained by the commoditization of tools. However, it's important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and become more dangerous. Therefore, we recommend the use of effective automated cyber security solutions managed with the help of experienced SOC analysts."

Emphasising the need for robust protection against advanced cyberattacks, the report also recommends companies to implement effective cybersecurity solutions and employ skilled practitioners to oversee them or adopt managed security services such as MDR and Incident Response. These services could help protect against difficult-to-detect cyberattacks, probe incidents, and provide additional expertise even if a company lacks security workers.

The full Kaspersky Managed Detection and Response Analyst Report 2023 provides a comprehensive analysis and insight into the cybersecurity threat landscape, enabling businesses to be better equipped for handling and preventing future incidents.