30 August 19, 07:47
Quote:Continue Reading
Introduction
This report covers our team’s incident response practices for the year 2018. We have thoroughly analyzed all the service requests, customer conversations and incident response deliverables to provide you an overview in numbers. The report includes statistics on how companies reveal data breaches and compromises, the attack vectors most commonly used by adversaries, how long they remain inside a company’s infrastructure and much more. We also provide some high-level recommendations to improve resilience against such attacks.
The data used in this report comes from the wide range of incident investigation services provided by Kaspersky teams. The main digital forensic and incident response operations unit is called the Global Emergency Response Team (GERT) and includes experts in Europe, Latin America, North America, Russia and the Middle East. However, our operational coverage is much greater and that’s why our company focused many more resources on incident response and malware analysis activities. An example of this is the advanced targeted attack investigations by the Global Research and Analysis Team (GReAT).
Reasons for requesting incident response
More than half of the requests for investigation were initiated by customers after detecting an attack that had visible consequences, such as unauthorized money transfers, workstations encrypted by ransomware, service unavailability, etc. This indicates the need to improve attack detection methods and incident response procedures within a company to avoid financial losses and to minimize the impact of attacks on the company’s infrastructure.
It should be noted that in two out of three cases, investigation of incidents related to the detection of suspicious files or network activity revealed an actual attack on the customer’s infrastructure. In the other cases, suspicious activity was caused by unusual user actions or software behavior related to security misconfigurations.
The most common reason for customer requests was a ransomware attack. This category of attack is characterized by rapid development, difficulty of early detection, and contrastingly obvious consequences.
Experts from Kaspersky Anti-Malware Research Department ranked the most common types of ransomware which targeted organizations in 2018.
Full PDF Report