Researchers from the Kaspersky Lab presented the annual analytical report Kaspersky Managed Detection and Response (MDR) for 2024. The tactics, techniques, and instruments of attacking, as well as the main trends of cyber incidents identified by the SOC command.
Data analysis showed that the main goals of attacks are industrial enterprises (25.7%), financial organizations (14.1%), and state structures (11.7%). However, in the category incidents of high criticality lead IT companies (22.8%), state institutions (18.3%), and industry (17.8%). More than two high critical incidents were recorded every day.
Over the past year, the number of high critical incidents decreased by 34%, but the average time of their investigation increased by 48%. This indicates an increase in the complexity of attacks. In most cases, detection took place using specialized XDR tools, while earlier the standard magazines of the OS played an important role.
The number of targeted attacks conducted by humans continues to grow. In 2024, their share among high critical incidents increased by 74% compared to 2023. Although automated protection tools are being improved, attackers find ways to bypass detection mechanisms. To combat such threats extended detection methods and experienced analysts in SOC.
One of the key threats is the repeated penetration of attackers after successful hacking. In the government sector, attackers seek to gain a foothold in the system for long-term observation and collection of information.
Living off the Land (Lotl) continued to be actively used. Often attackers use standard tools of operating systems for secretive network promotion. A significant number of incidents are associated with unauthorized changes in the configuration, for example, the addition of users to privileged groups. Control and access play an important role in reducing the risk of such attacks.