Kaspersky highlights trusted relationships as key vector in long-lasting cyberattacks

Woburn, MA – May 14, 2024 – In 2023, more than one out of five cyberattacks persisted for over a month, the annual Kaspersky Incident Response 2023 report has revealed. Trusted relationships emerged as one of the main attack vectors in these prolonged cases. The report draws on the results of Kaspersky's cyberattack investigations throughout the year, gathered when supporting organizations seeking incident response assistance or when hosting expert events for their internal incident response teams.

The Kaspersky Incident Response 2023 report indicates that long-lasting cyberattacks that persist for more than a month constituted 21.85% of the total, increasing from 2022 by 5.55%. One notable trend observed in these attacks was the exploitation of trusted relationships as a primary vector. Compromises leveraging trusted relationships have occurred previously, but in 2023 their frequency increased, accounting for 6.78% of all attacks. 

As this method of attack enables threat actors to infiltrate multiple victims through a single compromised organization, investigative teams face several additional challenges. First, initially targeted organizations don’t always recognize the importance of thorough investigations and may be reluctant to cooperate. 

Secondly, attacks initiated through trusted relationships often require more time to progress from the initial intrusion to the final incursion phase. Hence, 50% of these attacks lasted more than a month. A similar proportion of attacks exceeding one month were registered within the insider and phishing vectors.

"Cybersecurity threats are constantly evolving, and our latest findings underscore the critical role of trust in cyberattacks,” said Konstantin Sapronov, head of Global Emergency Response Team at Kaspersky. “In 2023 and for the first time in recent years, attacks through trusted relationships were among the three most used vectors. Half of these incidents were discovered only after a data leak had been found. By exploiting trusted relationships, threat actors can prolong attacks and infiltrate networks for extended periods, posing significant risks to organizations. It's imperative for businesses to remain vigilant and prioritize security measures to safeguard against such sophisticated tactics."

To mitigate the risks highlighted in the report, Kaspersky recommends:

• Foster a culture of security awareness among employees.
• Restrict public access to management ports.
• Enforce a zero-tolerance policy for patch management or implement compensatory measures for public-facing applications.
• Back up critical data to minimize damage
• Implement robust password policies and multifactor authentication.
• To enhance your company’s protection against advanced attacks and detect attacks at earlier stages, adopt managed security services such as Kaspersky Managed Detection and Response (MDR).
• In case of suspicious activities that can lead to breaches or incidents that have already occurred, seek the help of cybersecurity experts who provide services, such as Kaspersky Incident Response.

To learn more, please read the full Incident Response 2023 report.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com