Half of last year's cyberattacks were carried out through applications exposed to the outside. More than half of all attacks ended within a day as rapid strikes, and the pace of intrusions is accelerating.
Global cyber security Kaspersky stated accordingly in its report Anatomy of a Cyber World, published on the 1st. The report is an in-depth analysis of data on global cyber security incidents that occurred last year.
According to the report, 43.7% of last year's cyberattacks were carried out through applications exposed to the outside. Intrusions abusing valid normal accounts accounted for 25.4%, followed by trust-relationship attacks through contractors or partners at 15.5%.
The report analyzed that these attack methods often did not follow a single path but were interconnected within a chain of sequential attacks. For example, in many confirmed cases, organizations compromised through trust relationships were first penetrated via attacks on vulnerabilities in externally exposed applications. The report said, "In recent attack cases, attackers increasingly first target service providers or IT integrators and then use them to access client companies," adding, "In particular, many small and midsize service providers lack dedicated cyber security capabilities and resources, which is exacerbating this problem."
As for attack duration, a majority (50.9%) were rapid attacks that ended within a day, and most led to file encryption. Next, 33% were long-term attacks averaging 108 hours, which went beyond simple encryption to include data exfiltration. The remaining 16.1% were hybrid, initially appearing to be short-term attacks but later exhibiting significant delays before malicious activity, extending the overall attack period to about 19 days.
Konstantin Sapronov, head of Kaspersky's global incident response team, said, "As attackers carry out increasingly sophisticated multistage attacks, simple post-incident responses make effective defense difficult," adding, "To respond to both rapid intrusions and long-term compromises, the most important steps are timely patching, applying multifactor authentication, and strengthening controls on third-party access."
Lee Hyo-eun, head of Kaspersky's Korea office, said, "The domestic cyber threat environment is becoming increasingly complex, and risks arising from partner vulnerabilities and external interconnection structures are growing," emphasizing, "Domestic corporations must shift from passive responses to a security framework that proactively responds across the full cycle, and counter advanced targeted attacks by strengthening external access management, upgrading internal threat detection systems, and expanding security cooperation across the industry."