SOC, TI and IR posts

The nature of cyber incidents

Kaspersky provides incident response services and trainings to organizations around the world. In our annual incident response report, we share our observations and statistics based on investigation of real-life incidents. The report contains anonymized data collected by the Kaspersky Global Emergency Response Team (GERT), which is our main incident response and digital forensics unit. Researchers from Europe, Asia, North and South America, Africa, and Middle East work on Kaspersky GERT.

Since 2020, when the COVID-19 pandemic forced organizations to switch to working from home, our services have adapted to the new normal. In 2021, 98% or our incident response services were provided remotely.

2021 in numbers

  • The majority of requests for incident response services came from our customers in Europe (30.1%), the CIS (24.7%), and the Middle East (23.7%).
  • Industrial (30.1%), governmental (19.4%) and financial (12.9%) organizations remain the most targeted ones.
  • In 53.6% of cases, exploitation of vulnerabilities in public-facing applications was the initial infection vector.
  • 51.9% of incidents were ransomware attacks, and in 62.5% of those cases, cybercriminals had had access to target systems for more than a month before they started file encryption.
  • In 40% of incidents, cybercriminals used legitimate tools.

More details on cyberincidents and response measures can be found in the full version of the report. It includes following information:

  • Review of 2021 trends
  • Reasons for organizations to suspect an incident and request response
  • Initial access vectors
  • Exploits and tools used by cybercriminals
  • Attack durations and response times
  • Recommendations on protection against the threats

To download the full report (in PDF), please fill in the form below. Note that if you have strict security settings enabled in your browser, you will need to add this page to exceptions to see the form.

The nature of cyber incidents

Your email address will not be published. Required fields are marked *

 

  1. Sasa Mrdovic

    Thank you for sharing.

  2. Edward Rohmer

    Interested in how baseline hardening standards.

    1. Securelist

      Hi Edward!

      If you want to get the report, please, fill in the other form in the post. If you don’t see any other forms except the comment form, try to add this page to exceptions in your ad blocker and browser privacy settings.

  3. Alex Koskey

    Report

    1. Securelist

      Hi Alex!

      If you want to get the report, please, fill in the other form in the post. If you don’t see any other forms except the comment form, try to add this page to exceptions in your ad blocker and browser privacy settings.

  4. Allen

    Thanks for sharing.

  5. MOTSCH

    Thanks for sharing this report

Reports

Meet the GoldenJackal APT group. Don’t expect any howls

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. The main feature of this group is a specific toolset of .NET malware, JackalControl, JackalWorm, JackalSteal, JackalPerInfo and JackalScreenWatcher.

APT trends report Q1 2023

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Subscribe to our weekly e-mails

The hottest research right in your inbox