If in the first half of 2023 the share of highly critical incidents was 2%, then in the first half of 2024 this figure increased to 7%. This follows from the quarterly report of the Solar JSOC Center for Countering Cyberattacks of the Solar Group of Companies. Such dynamics may indicate the constant complication of techniques and tactics of attackers and more targeted cyber attacks that take into account the characteristics of the infrastructure of a particular organization.
The study of computer attacks on Russian companies was prepared based on the analysis of data on monitoring the infrastructures of about 300 organizations from different sectors of the economy. The reporting period includes the first half of the year and separately the second quarter of 2024.
A sharp increase in the share of highly critical incidents (up to 9%) occurred in the first quarter of 2024. The driver was the March presidential elections in the Russian Federation. However, in the second quarter, this figure, although it did not break the record, was 4%, which is still 1–2 percentage points higher than the average indicators of previous periods.
Most often, the cause of such incidents in the first half of the year was unauthorized access (UA) to information systems and services (the share was 46%). A trend emerged in the first quarter — instead of the traditional 5–6%, almost 50% of all incidents recorded by Solar JSOC were associated with non-compliant activities. In the second quarter, the threat remained relevant — NSD accounted for 44% of highly critical incidents.
In second place (with a share of 42% in the first half of the year) is infection with malware. Moreover, attackers use this tool both for mass attacks and for targeted attacks on key Russian infrastructure facilities. And the investigation data conducted by the team of the Solar 4RAYS cyber threat research center indicates that professional cybercriminals over the past two years have significantly complicated the software they use, are more actively using home-written software and are improving their techniques and tactics.
«High-severity incidents could, in the event of a successful attack, lead to significant damage to the business, such as long downtime, interruption of operations, and, as a result, to financial and reputational losses. On the one hand, the growth of such incidents indicates the increasing complexity of cyberattacks (including due to the active use of cyber reconnaissance by hackers). On the other hand, the companies themselves feel the growing threat and are beginning to be more vigilant in monitoring cyber incidents, increasingly requesting SOC to configure high-severity scenarios,» noted Evgeniya Khamrakulova, Head of Business Development at the Solar JSOC Cyberattack Countermeasures Center at Solar Group.
In general, in the first half of 2024, Solar JSOC monitoring recorded 676 thousand incidents of varying degrees of criticality. This is 10% higher than the figures for the same period last year. Most often, incidents were caused by attempts to infect with malware, exploit vulnerabilities, and unauthorized access to systems and services. At the same time, a sufficient number of attacks were detected by triggering SOC sensor signatures (NTA, EDR). The latter once again indicates that cyberattacks are becoming more sophisticated and standard means of protection and monitoring are no longer sufficient to detect malicious actions.
Свежие комментарии