According to the latest Kaspersky Managed Detection and Response (MDR) analyst report, advanced persistent threats (APTs) have been detected in 25% of companies, accounting for over 43% of all high-severity incidents. This marks a staggering 74% increase compared to 2023.
The annual Managed Detection and Response (MDR) analyst report provides insights based on the analysis of MDR incidents identified by Kaspersky’s Security Operations Centre team. The report sheds light on the most prevalent attacker tactics, techniques and tools, as well as the characteristics of detected incidents and their distribution across regions and industry sectors among MDR customers.
According to recent findings, Advanced Persistent Threats (APTs), classified as human-driven attacks, significantly affected one in four companies, representing a staggering 43% of all high-severity incidents detected in 2024.
Compared to previous years, this marks a striking 74% increase from 2023 and a 43% rise from 2022. Despite advancements in automated detection technologies, determined attackers continue to exploit vulnerabilities and circumvent these systems.
Notably, APTs were identified across every sector except telecommunications, with the IT and government sectors bearing the brunt.
Moreover, incidents characterised as human-driven attacks confirmed by customers as cyber exercises comprised more than 17% of total incidents. Additionally, severe violations of security policies comprised approximately 12% of high-severity events, with malware-related incidents also accounting for over 12%, predominantly affecting the financial, industrial and IT sectors.
“In 2024, we observed a significant escalation in Advanced Persistent Threats and this alarming trend emphasises that even with advancements in automated detection, determined human-driven attacks continue to exploit vulnerabilities across various sectors. Organisations must enhance their preparedness and invest in comprehensive cybersecurity strategies to counteract these sophisticated threats,” states Sergey Soldatov, head of security operations centre at Kaspersky.