Cyberattacks exploiting trusted ties spanned over a month in 2023
More than 20% of cyberattacks in 2023 persisted for over a month, with the exploitation of trusted relationships being a key method of attack, according to the Kaspersky Incident Response 2023 report. A 5.55% increase in this type of attack was observed, making up 21.85% of the total cyberattacks from the previous year. Ultimately, the employment of this attacking method posed a significant challenge to investigative teams, as it enabled cybercriminals to infiltrate multiple victims via a single compromised organisation.
As noted, this method often makes the investigation process more complex as the original targeted organisations may fail to recognise the severity of the threat, showing reluctance to cooperate sufficiently. This, in turn, stretches the time needed to defuse from the initial cyber intrusion to the final incursion phase.
Notably, this increasing trend in cyberattacks exploited trusted relationships, which marked 6.78% of the total number of attacks in 2023. As cyber threats continue to evolve, the vital role of trust reciprocity in the realm of cybersecurity comes into focus. In the year under review, this kind of attack found its place among the three most employed vectors for the first time in recent years. Half of these incidents were only discovered subsequent to a data breach been identified.
Further findings from the report suggest these attacks, which infiltrate systems via trusted relationships, necessitate 50% more time to fully progress, often lasting over a month. A similar trend was noted in cases of insider and phishing cyberattacks last year.
Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky, stresses the implications of these insights, stating: "By exploiting trusted relationships, threat actors can prolong attacks and infiltrate networks for extended periods, posing significant risks to organisations. It's imperative for businesses to remain vigilant and prioritise security measures to safeguard against such sophisticated tactics."
To combat these risks, Kaspersky enforces key recommendations, which primarily include fostering a culture of security awareness among staff, limiting public access to management ports, and advocating a zero-tolerance policy for patch management or complementary measures for public-facing applications. Furthermore, they advise ensuring data backup to minimise damage, the consolidation of robust password policies and multifactor authentication, and to adopt managed security services such as Kaspersky Managed Detection and Response (MDR) as an additional protective layer against advanced attacks.
In case of suspicious activities leading to potential breaches, Kaspersky further underscores the importance of seeking the assistance of cybersecurity experts for incident response.