25% companies come under human-driven cyberattacks
Listen to article
Advanced persistent threats (APTs), classified as human-driven cyberattacks, have been detected in 25% of companies, accounting for over 43% of all high-severity incidents, which marks a staggering 74% increase compared to 2023 and a 43% rise from 2022, according to the latest Kaspersky Managed Detection and Response (MDR) analyst report.
The annual MDR analyst report provides insights based on the analysis of MDR incidents identified by a team of Kaspersky's security operations centre. The report sheds light on the most prevalent attacker tactics, techniques and tools as well as the characteristics of detected incidents and their distribution across regions and industry sectors.
Despite advancements in automated detection technologies, determined attackers continue to exploit vulnerabilities and circumvent these systems. Notably, APTs were identified across every sector except telecommunications, with the IT and government sectors bearing the brunt.
Moreover, incidents characterised as human-driven attacks confirmed by customers as cyber exercises comprised more than 17% of total incidents. Additionally, severe violations of security policies comprised approximately 12% of high-severity events, with malware-related incidents accounting for over 12%, predominantly affecting the financial, industrial and IT sectors.
"In 2024, we observed a significant escalation in advanced persistent threats and this alarming trend emphasises that even with advancements in automated detection, determined human-driven attacks continue to exploit vulnerabilities across various sectors. Organisations must enhance their preparedness and invest in comprehensive cybersecurity strategies to counteract these sophisticated threats," stated Sergey Soldatov, Head of Security Operations Centre at Kaspersky.
If companies lack cybersecurity personnel or expertise, they can apply for Managed Detection and Response and Incident Response to investigate incidents and receive expert support. These services encompass the entire incident management cycle, from threat identification to continuous protection and remediation.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Recorder
30-05-2025
- Business Recorder
Highly sophisticated malware used in campaigns discovered
ISLAMABAD: A global cybersecurity company has discovered a new and highly sophisticated malware used in campaigns targeting fintech companies, online trading platforms and firms worldwide. According to the report released by Kaspersky on Thursday, distributed via Skype and Telegram channels, GriffithRAT is typically disguised as files containing financial trend analysis or investment advice. These deceptive tactics target both organizations and individual traders who unknowingly download the malware. Once downloaded, it enables attackers to steal login credentials, capture screenshots/webcam stream, log keystrokes, and monitor user activity. The stolen data can be exploited in a variety of ways, ranging from gathering competitive business intelligence to tracking individuals or valuable assets – highlighting the broad potential for misuse. Kaspersky researchers have been monitoring GriffithRAT for over a year and link it to cyber mercenary operations, where threat actors are contracted by third parties to conduct targeted attacks - often driven by motives such as corporate espionage. This connection is reinforced by technical analysis, which shows strong similarities between GriffithRAT and DarkMe intrusions, a known Remote Access Trojan (RAT) commonly used in mercenary-led cyber campaigns. 'This discovery highlights the growing sophistication and commercialization of cyberthreats,' said Maher Yamout, Lead Security Researcher at Kaspersky. 'GriffithRAT is not the work of random hackers, it is a maintained piece of malware and part of a broader trend where cyber mercenaries are hired to collect sensitive information, often for financial or strategic advantage. The data harvested could offer visibility into the inner workings of major organizations, provide unethical competitive advantage, and may also be sold on the dark web. It is a reminder that in today's threat landscape, cybercrime is increasingly professional, targeted, and persistent.' To stay protected, Kaspersky advises individuals to be attentive to the files you download, check them with reputable cybersecurity software, such as Kaspersky Premium for individual users and Kaspersky Next for businesses, that helps detect complex threats, respond automatically, and manage security across all devices, networks, and cloud systems from one place. Be extra cautious when dealing with social media and instant messaging apps; hackers use such mediums to deliver malware in addition to the common phishing emails. Copyright Business Recorder, 2025
Express Tribune
24-05-2025
- Express Tribune
Pakistan among least affected by web threats
Listen to article At its annual Cyber Security Weekend for the Middle East, Turkiye and Africa (META) region, the Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, artificial intelligence and IoT developments. The first quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats). They were followed by Qatar, Nigeria and South Africa. Saudi Arabia had the lowest while Pakistan had the second lowest share of users attacked by web-born threats in the META region. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including well-known ones such as SideWinder, Origami Elephant and MuddyWater. The rise of creative exploits for mobile and the further development of techniques aimed at evading detection are among the trends Kaspersky is seeing in these targeted attacks. Ramsomware remains one of the most destructive cyberthreats. According to Kaspersky data, the share of users affected by ransomware attacks increased 0.02 percentage point to 0.44% from 2023 to 2024 globally. In the Middle East, the growth is 0.07 percentage point to 0.72%, in Africa, there was a 0.01-percentage-point growth to 0.41% while Turkiye has a zero-percentage-point growth to 0.46%. Attackers often don't distribute this type of malware on a mass scale, but prioritise high-value targets. In 2025, ransomware is expected to evolve by exploiting unconventional vulnerabilities. The proliferation of large language models (LLMs) tailored for cybercrime will further amplify the ransomware's reach and impact. "Ransomware is one of the most pressing cybersecurity threats facing organisations today, with attackers targeting businesses of all sizes and across every region, including META. Ransomware groups continue to evolve by adopting techniques, such as developing cross-platform ransomware, embedding self-propagation capabilities and even using zero-day vulnerabilities that were previously affordable only for APT actors," said Sergey Lozhkin, Head of META and APAC regions in the Global Research and Analysis Team at Kaspersky.
Business Recorder
24-05-2025
- Business Recorder
Pakistan has second lowest share of users attacked by web-borne threats
ISLAMABAD: A global cybersecurity firm disclosed Saturday that Pakistan has the second lowest share of users attacked by web-borne threats during first quarter of 2025. In a new report-2025, Kaspersky Global Research and Analysis Team presented cybersecurity trends, including ransomware, advanced persistent threats (APTs), supply chain attacks, mobile threats, AI and IoT developments. First quarter of 2025 showed that Turkiye and Kenya had the highest number of users affected by web incidents (online threats). They were followed by Qatar, Nigeria and South Africa. Saudi Arabia had the lowest while Pakistan had the second lowest share of users attacked by web born threats in the META region during first quarter of 2025. Kaspersky experts constantly track highly sophisticated attacks. Specifically, they are monitoring 25 APT groups currently active in the META region, including such well-known ones as SideWinder, Origami Elephant, MuddyWater. The rise of creative exploits for mobile and further development of techniques aimed at evading detection among the trends Kaspersky is seeing in these targeted attacks. Ramsomware remains one of the most destructive cyberthreats. According to Kaspersky data, the share of users affected by ransomware attacks increased by 0.02 p.p to 0.44% from 2023 to 2024 globally. In the Middle East the growth is 0.07 p.p. to 0.72%, in Africa: 0.01 p.p. growth to 0.41%, in Turkiye 0.06 p.p. growth to 0.46%. Attackers often don't distribute this type of malware on a mass scale, but prioritize high-value targets. 'Ransomware is one of the most pressing cybersecurity threats facing organizations today, with attackers targeting businesses of all sizes and across every region, including META, said Sergey Lozhkin, Head of META and APAC regions in Global Research and Analysis Team at Kaspersky. 'To stay secure, organizations need a layered defense: up-to-date systems, network segmentation, real-time monitoring, robust backups, and continuous user education.' Copyright Business Recorder, 2025
