Man
Professional
- Messages
- 3,222
- Reaction score
- 810
- Points
- 113
In 39% of cases, experts found traces of activity from 17 known APT groups.
At the SOC forum, specialists from the Information Security Response Department of the Positive Technologies Expert Security Center (PT ESC IR) presented statistics on the results of projects for the investigation of cyber incidents and retrospective analysis at the end of the year.In the last quarter of 2023 and the first three quarters of 2024, specialists were most often contacted by industrial enterprises, government agencies, and IT companies. The main reasons for the successful attacks were outdated software, lack of two-factor authentication, and weak segmentation of the corporate network.
According to the report, 39% of the companies analyzed had traces of activity from 17 known organized crime groups (APTs). These groups are identified by the tools used and the malware, infrastructure, and tactics used. They often use specialized software to remotely access, collect and steal data. . Most of the identified groups are highly qualified and are able to quickly achieve their goals.
Among all the groups discovered during the study period, the PT ESC team singled out three: Hellhounds as one of the most advanced in terms of techniques, ExCobalt as the most active, and XDSpy as the longest-lived group (it has been attacking companies in Russia since 2011).
The frequency of attacks through contractors increased by 15% over the year. Many of these contractors provide services to dozens of clients. "Despite the fact that the share of such attacks is still small, the real and potential damage from hacking trusted but unprotected partners is becoming avalanche-like," Positive Technologies notes. Among the methods of initial penetration, the exploitation of vulnerabilities in web applications still occupies a leading place. Over the past year, the largest number of attacks (33%) fell on websites running on the 1C-Bitrix CMS, which made them the main vector of penetration through vulnerable web applications. At the same time, the share of attacks that began with the exploitation of vulnerabilities in Microsoft Exchange mail servers decreased from 50% to 17%.
In 35% of companies, incidents related to the category of "Cybercrime" were recorded, i.e. attacks focused primarily on destructive actions, such as data encryption and its destruction. In such cases, attackers tend to use ransomware, legitimate software to encrypt information, and wipers to completely delete data. These tools are also used to cover up traces and make the incident investigation process as difficult as possible.
Compared to previous years, the share of cases in which cyber incidents led to failures in business processes increased from 32% to 50%. The reason for this may be the increased activity of hacktivists and financially motivated attackers. In 19% of the projects, traces of intelligence activity and espionage, which are usually associated with the activities of APT groups, were revealed. In 12% of cases, attackers tried to download confidential data, while avoiding a long stay in the company's infrastructure. As before, Windows-based hosts remained the main targets of attacks, but the share of attacks on Linux hosts was also significant (28%).
Experts note a significant increase in the demand for incident investigation by domestic companies. Over the past two years, their number has tripled.
Source
At the SOC forum, specialists from the Information Security Response Department of the Positive Technologies Expert Security Center (PT ESC IR) presented statistics on the results of projects for the investigation of cyber incidents and retrospective analysis at the end of the year.In the last quarter of 2023 and the first three quarters of 2024, specialists were most often contacted by industrial enterprises, government agencies, and IT companies. The main reasons for the successful attacks were outdated software, lack of two-factor authentication, and weak segmentation of the corporate network.
According to the report, 39% of the companies analyzed had traces of activity from 17 known organized crime groups (APTs). These groups are identified by the tools used and the malware, infrastructure, and tactics used. They often use specialized software to remotely access, collect and steal data. . Most of the identified groups are highly qualified and are able to quickly achieve their goals.
Among all the groups discovered during the study period, the PT ESC team singled out three: Hellhounds as one of the most advanced in terms of techniques, ExCobalt as the most active, and XDSpy as the longest-lived group (it has been attacking companies in Russia since 2011).
The frequency of attacks through contractors increased by 15% over the year. Many of these contractors provide services to dozens of clients. "Despite the fact that the share of such attacks is still small, the real and potential damage from hacking trusted but unprotected partners is becoming avalanche-like," Positive Technologies notes. Among the methods of initial penetration, the exploitation of vulnerabilities in web applications still occupies a leading place. Over the past year, the largest number of attacks (33%) fell on websites running on the 1C-Bitrix CMS, which made them the main vector of penetration through vulnerable web applications. At the same time, the share of attacks that began with the exploitation of vulnerabilities in Microsoft Exchange mail servers decreased from 50% to 17%.
In 35% of companies, incidents related to the category of "Cybercrime" were recorded, i.e. attacks focused primarily on destructive actions, such as data encryption and its destruction. In such cases, attackers tend to use ransomware, legitimate software to encrypt information, and wipers to completely delete data. These tools are also used to cover up traces and make the incident investigation process as difficult as possible.
Compared to previous years, the share of cases in which cyber incidents led to failures in business processes increased from 32% to 50%. The reason for this may be the increased activity of hacktivists and financially motivated attackers. In 19% of the projects, traces of intelligence activity and espionage, which are usually associated with the activities of APT groups, were revealed. In 12% of cases, attackers tried to download confidential data, while avoiding a long stay in the company's infrastructure. As before, Windows-based hosts remained the main targets of attacks, but the share of attacks on Linux hosts was also significant (28%).
Experts note a significant increase in the demand for incident investigation by domestic companies. Over the past two years, their number has tripled.
Source
