Researchers at Kaspersky Lab have released their annual analytical report, Kaspersky Managed Detection and Response (MDR) 2024. The report provides an in-depth examination of the tactics, techniques, and tools employed by cyber adversaries, along with key trends in cybersecurity incidents identified by the Security Operations Center (SOC) team.
Data analysis revealed that the primary targets of cyberattacks were industrial enterprises (25.7%), financial institutions (14.1%), and government entities (11.7%). However, among incidents classified as highly critical, the most affected sectors were IT companies (22.8%), government agencies (18.3%), and the industrial sector (17.8%). On average, more than two high-severity incidents were recorded daily.
Over the past year, the number of high-criticality incidents decreased by 34%, yet the average time required for investigation surged by 48%, indicating a growing complexity of attacks. In most cases, detection relied on advanced XDR (Extended Detection and Response) tools, whereas in previous years, standard operating system logs played a more significant role.
The prevalence of human-operated attacks continues to rise, with their share among high-criticality incidents increasing by 74% compared to 2023. While automated security solutions are advancing, adversaries are constantly discovering new methods to bypass detection mechanisms. Countering such sophisticated threats requires enhanced detection techniques and the expertise of seasoned SOC analysts.
One of the most persistent threats remains adversary persistence—the ability of attackers to re-establish access after an initial breach. In the government sector, threat actors often seek to maintain long-term access for continuous surveillance and intelligence gathering.
The use of Living off the Land (LotL) techniques remains prevalent, with attackers frequently leveraging built-in operating system tools to move stealthily within compromised networks. A significant number of incidents involved unauthorized configuration changes, such as adding users to privileged groups. Change monitoring and access management play a crucial role in mitigating these risks.
Phishing and user-execution-based attacks continue to be among the most prominent threats. In 2024, approximately 5% of high-criticality incidents stemmed from successful social engineering tactics. The human factor remains a critical vulnerability in cybersecurity, underscoring the importance of employee awareness programs to strengthen organizational defenses.
