In 2023, more than one in five cyberattacks persisted for over a month – with trusted relationships emerging as one of the main attack vectors in these prolonged cases, according to the annual Kaspersky Incident Response 2023 report.

The report draws on the results of Kaspersky’s cyberattack investigations throughout the year, gathered when supporting organisations sought incident response assistance or when hosting expert events for their internal incident response teams.

Primary reasons for organisations approaching the Kaspersky Incident Response team with service requests were encrypted files (32,8% of requests), suspicious activities (31%), data leakage (20%) and also included non-authorised accesses (3%), service unavailability (3%) and money theft (1,6%).

Among initial attack vectors of the investigated incidents were exploiting public facing application (42,4%), compromised accounts and BruteForce attacks (28,8% in total), trusted relationships (6,78%), phishing (5%), and insider’s activity (3,4%).

The report indicates that long-lasting cyberattacks that persist for more than a month constituted 21,85% of the total, increasing from 2022 by 5,55%. One notable trend observed in these attacks was the exploitation of trusted relationships as a primary vector. Compromises leveraging trusted relationships have occurred previously, but in 2023 their frequency increased.

As this method of attack enables threat actors to infiltrate multiple victims through a single compromised organisation, investigative teams face several additional challenges. Firstly, initially targeted organisations don’t always recognise the importance of thorough investigations and may be reluctant to cooperate.

Secondly, attacks initiated through trusted relationships often require more time to progress from the initial intrusion to the final incursion phase. Therefore 50% of these attacks lasted more than a month. A similar proportion of attacks exceeding one month were exclusively registered within the insider and phishing vectors.

“Our latest findings underscore the critical role of trust in cyberattacks,” says Konstantin Sapronov, head of the Global Emergency Response Team at Kaspersky. “In 2023 and for the first time in recent years, attacks through trusted relationships were among the three most used vectors.

“Half of these incidents were discovered only after a data leak had been found,” Sapronov says. “By exploiting trusted relationships, threat actors can prolong attacks and infiltrate networks for extended periods, posing significant risks to organisations. It’s imperative for businesses to remain vigilant and prioritise security measures to safeguard against such sophisticated tactics.”