The cybersecurity threat landscape is continuously evolving, with new actors, technologies, and threats emerging, making it increasingly difficult for organizations and individuals to navigate potential pitfalls, even from seemingly benign activities like opening an email.
According to the Kaspersky Incident Response Analyst Report 2023, the current scale of cyber threats reveals that 75 percent of cyberattack attempts exploited Microsoft Office applications. Infection vectors showed that 42.3 percent of successful attacks utilized publicly available applications, 20.3 percent involved compromised accounts, and 8.5 percent used brute force credentials.
The most common attack methods included stolen or purchased credentials leading to Remote Desktop Protocol (RDP) attacks, phishing emails with malicious attachments, and malware imitating document templates on public resources. Despite these challenges, attack attempts decreased by 36 percent in the first quarter of 2023 compared to the same period in 2022.
Following a cyberattack, 33.3 percent of organizations experienced data encryption, 21.1 percent faced data theft, and 12.2 percent encountered compromised active directories. A prior Kaspersky survey from 2022 identified ransomware and data theft as the top cyber threats (66 percent each), followed by cyber sabotage (62 percent), supply chain attacks (60 percent), DDoS attacks (60 percent), cyber espionage (59 percent), advanced persistent threats (57 percent), and cryptomining (56 percent). For 2024, emerging threats include supply chain attacks (6.8 percent) and targeted phishing attempts (5.1 percent).
Governments were the most targeted sector by threat actors (27.9 percent), followed by manufacturing (17 percent), financial institutions (12.2 percent), and IT companies (8.8 percent). Regionally, Asia and CIS experienced the highest number of cybersecurity incidents (47.3 percent), with the Americas at 21.8 percent, the Middle East at 10.9 percent, and Europe at 9.1 percent.
Igor Kuznetsov, Director of Kaspersky’s Global Research and Analysis Team, emphasized that “Governments were the most prolific target by threat actors, followed distantly by manufacturing and financial institutions, with ransomware and cyber sabotage posing the largest cyber threat risks.”