Major industries reported two critical security incidents every day in 2023

flubot
(Image credit: flubot)

Major industries, including finance, IT, industrial and government sectors, report over two critical security incidents with direct human involvement per day, new research from Kaspersky shows.

The Managed Detection and Response Analyst Report for 2023 details that more than one in five (22.9%) of high-severity incidents in 2023 were reported by the government sector, closely followed by the IT sector (15.4%).

The financial industry is less hard hit at just 14.9%, with industrial companies suffering just 11.8% of incidents.

 Human coordinated attacks most effective

Almost one quarter of critical security incidents during 2023 were perpetrated with direct human involvement, with the most popular living-off-the-land attacks utilising powershell.exe, rendll32.exe and msiexec.exe.

In terms of MITRE ATT&CK techniques, phishing, account manipulation and exploitation of remote services were the most popular techniques used by attackers. The mean time to report for high severity incidents ranked at 36.37 minutes, with medium and low severity incidents taking 32.55 and 48.01 minutes respectively.

Speaking on the results of the report, Sergey Soldatov, Head of Security Operations Center at Kaspersky said, “In 2023, Kaspersky detected a smaller number of high-severity incidents, but observed a simultaneous increase in the number of medium and low severity ones. This redistribution of occurrences is associated with the detection of malware without visible traces of active human participation in attacks, which can be explained by the “commoditization of tools”.”

“However, it’s important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and become more dangerous. Therefore, we recommend the use of effective automated cybersecurity solutions managed with the help of experienced SOC analysts,” Soldatov said.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.