According to the recent Kaspersky Incident Response analyst report, long-lasting attacks that persist for more than a month accounted for 35,2% of the total attacks in 2024.
The report indicates that the average duration of long-lasting cyberattacks, measured in median days, is 253 days. In response to these incidents, the median duration of incident response efforts was found to be 50 hours, showcasing the complexity and challenge in mitigating the impact of such attacks.
The primary impacts of long-lasting cyberattacks were identified as data encryption and leakage, posing significant risks to organisations. The initial vectors for these attacks predominantly include exploits targeting public-facing applications, leveraging trusted relationships and utilising valid accounts.
“Understanding the evolving landscape of cyber threats is crucial for any organisation striving to safeguard its assets and processes. Our findings reveal that the resilience of cybercriminals grows as technology advances, pushing organisations to not only respond but also to anticipate and adapt their security measures proactively,” comments Konstantin Sapronov, head of Global Emergency Response Team at Kaspersky.
The Kaspersky Incident Response analyst report offers detailed analysis of cyberattacks that Kaspersky investigated in 2024. It draws upon information from organisations that required assistance during security incidents and identifies emerging trends in threats across different industries and regions. This report serves as a valuable resource for organisations looking to improve their security operations and prepare for future incidents effectively.