This analyst report contains information about cyberattacks investigated by Kaspersky in 2023. Kaspersky provides a wide range of services — incident response, digital forensics, malware analysis, etc. — to help organizations affected by information security incidents. The data used in this report is derived from working with organizations that have sought assistance with responding to incidents or conducted professional events for their internal incident response teams.

In the second half of 2023, the percentage of ICS computers on which malicious objects were blocked decreased from the first half of the year. Most of the statistical indicators dropped accordingly. Yet, there are subtleties we would like to draw attention to, as they highlight dangerous spots on the cyberthreat landscape.

The report presents the findings of the analysis of statistical data obtained using the Kaspersky Security Network (KSN) distributed antivirus network. The data was received from those KSN users who gave their voluntary consent to have data anonymously transferred from their computers and processed for the purpose described in the KSN Agreement for the Kaspersky product installed on their computer.

In H2 2022, the most significant change among all countries in the percentage of ICS computers on which malicious objects were blocked was observed in Russia, where that percentage increased by 9 p.p.

In January 2022, Kaspersky ICS CERT experts detected a wave of targeted attacks on military industrial complex enterprises and public institutions in several Eastern European countries and Afghanistan. In the course of our research, we were able to identify over a dozen of attacked organizations. An analysis of information obtained during our investigation indicates that cyberespionage was the goal of this series of attacks.

This report shows data from 2021 that was affected by stalkerware globally.

This report looks at IT security teams. They highlight changes in the teams and the ways that they work.

This report aims to examine the issue of stalkerware. They present data to understand the changes and scale of the problem in 2020.

This report looks at the malware used by a group called Sunburst. It gives a detailed timeline of attacks, and the code used in them. It also compares the code to popular malware like Kazuar, suggesting it is being used by the same groups.

An annual survey on the challenges and response to those challenges of cybersecurity in the Industrial Control Systems (ICS) space.

This report from Kaspersky explains changes in the threat landscape for industrial automation systems for the first half of 2020. It goes in detail on the variety of malware, the main threat sources, regional differences, and more.

A review of cases handled by Kaspersky’s incident response retainer and on-demand services. Concentrated in the EU, Middle East, and Eurasian countries and in the industrial, financial, and government sectors.

To have a better understanding of where the healthcare industry stands in their knowledge of cybersecurity, Kaspersky commissioned a survey to gauge the perceptions of healthcare employees in North America with regard to cybersecurity in the workplace. The survey offered several valuable insights, so many in fact that the findings were too vast to fit in one report. This is a follow up report to the first State of Cybersecurity in Healthcare report.

To protect the data we store on our devices and upload online, we first need to understand where the key risks may lie. This report reviews some of the main stories and tactics we have seen affecting data privacy over the past 12 months and provides advice on how individuals can keep control over their personal data at every turn.

The Kaspersky Global Corporate IT Security Risks Survey (ITSRS) is a global survey of IT business decision makers, which is now in its ninth year. A total of 4,958 interviews were conducted across 23 countries. Respondents were asked about the state of IT security within their organizations, the types of threats they face and the costs they have to deal with when recovering from attacks. The regions covered consist of LATAM (Latin America), Europe, North America, APAC (Asia-Pacific with China), Japan, Russia and META (Middle East, Turkey and Africa).

A study on the causes and evolution of Americans’ and Canadians’ stressors relating to cybersecurity and personal data protection

To gain insight into what’s happening in the healthcare industry when it comes to cybersecurity, Kaspersky Lab issued a survey. The research provides insight into the perceptions of healthcare employees in North America regarding cybersecurity in their workplace, including awareness of cybersecurity breaches, protection of sensitive information, cybersecurity awareness and training, and more. Kaspersky Lab commissioned the research firm Opinion Matters to conduct a survey of 1,758 employees based in healthcare organizations in the United States and Canada. Through this research, the company aims to create a dialogue among businesses and IT staff in healthcare about the current state of awareness of cybersecurity among their employees, along with providing suggested proactive steps that can be taken to prioritize cybersecurity awareness through trainings and consistent education, aiming to prevent or minimize the next cybersecurity issue.

This report provides new insights into the Shamoon 2.0 and StoneDrill attacks, including: 1. The discovery techniques and strategies we used for Shamoon and StoneDrill. 2. Details on the ransomware functionality found in Shamoon 2.0. This functionality is currently inactive but could be used in future attacks. 3. Details on the newly found StoneDrill functions, including its destructive capabilities (even with limited user privileges). 4. Details on the similarities between malware styles and malware components’ source code found in Shamoon, StoneDrill and NewsBeef.

This paper is the result of forensic investigations by Kaspersky Lab at banks in two countries far apart. It reveals new modules used by Lazarus group and strongly links the tools used to attack systems supporting SWIFT to the Lazarus Group’s arsenal of lateral movement tools.

This post discusses the following event - “On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. "

The present trend study “The State of Industrial Cybersecurity 2018” seeks to answer the questions, what do use companies really want? What Are their priorities, and what concerns and challenges do they face? What external and internal factors are impacting industrial cybersecurity? What strategies and measures are being employed, now and in the future?