Cybersecurity threats are rapidly evolving as new threats and sophisticated cybercriminal strategies emerge, creating significant challenges for organizations and the public.
According to the Kaspersky Incident Response Analyst Report 2023, 75% of cyberattack attempts exploited Microsoft Office, with the most common infection vectors being publicly available applications and compromised accounts. Attackers frequently use stolen credentials to conduct remote desktop protocol (RDP) attacks, phishing emails, and malicious files mimicking document templates. Although attack attempts dropped by 36% in Q1 of 2023 compared to 2022, ransomware and cyber-sabotage remain the most significant threats.
“Governments were the most prolific target by threat actors followed distantly by manufacturing and financial institutions with the largest cyberthreat risk being ransomware and cyber-sabotage,” said Igor Kuznetsov, Director, Global Research & Analysis Team (GReAT) at Kaspersky.
Ransomware-as-a-Service (RaaS) has become a prominent trend, with cybercriminals operating like businesses, using affiliates to carry out attacks. Igor dispels three myths: cybercriminals aren’t just IT-educated criminals, ransomware targets aren’t pre-selected, and gangs don’t act alone. RaaS involves collaboration among various specialized actors, from access resellers to negotiators, making ransomware attacks increasingly sophisticated.
“Ultimately, affected organizations must not pay a ransom which will perpetuate and enable more cybercrime,” said Igor. “Victims can often recover their data without paying. Kaspersky maintains a vault of keys and tools to decrypt data locked by various ransomware families. Since 2018, over 1.5 million users worldwide have successfully recovered their data using these resources.”
Supply chain attacks, particularly those involving containerized systems running on open-source software, present another major threat. “Containerized systems often rely on numerous third-party dependencies, introducing significant supply chain risks from both malicious intent and unintentional flaws,” explains Igor. He cites two examples: “The Crowdstrike event caused an outage on millions of devices, demonstrating how a faulty update can have widespread impact. Additionally, a less publicized attack on XZ Linux utilities could have compromised millions of SSH-enabled devices.”
