Kaspersky warns from cyberthreats targeting governments, media in 2023

Kaspersky Security Network’s (KSN) has released on Sunday a new report that Security Operations Centers (SOCs) in the government and mass media sectors are likely to face more reoccurring targeted attacks by state-sponsored threat actors in 2023.

Kaspersky research experts’ predictions showed that the number of incidents in government and mass media segments grew,and the trend will continue this year, while SOC face personnel shortages and increasing demand for efficiencies.

In 2022, Kaspersky’s experts saw the average number of incidents in the mass media sector double, growing from 263 in 2021, to 561 in 2022.

During the last year, Iranian state TV broadcasting was interrupted by hackers during protests in the country, as well as media outlets were also subject to DDoS attacks, such as those in the Czech Republic.

While, the average number of incidents in government sector increased by 36 percent in 2022, as mass media became the prime target for cybercriminals among the 13 other analysed segments including industrial, food, development, financial.

In 2023, the growth will continue with reoccurring targeted attacks by state-sponsored actors likely to be often observed.

“To effectively protect a company, it’s necessary to implement a comprehensive threat detection and remediation provided through Managed Detection and Response services,” said Sergey Soldatov, head of SOC at Kaspersky.

In 2021, the telecom industry saw a prevalence of high severity incidents for the first time throughout the year, the report added.

Although in 2022, the average share of high severity incidents was lower – 79 in 2021 per 10k systems monitored, versus roughly 12 in 2022 – these companies remain attractive targets for cybercriminals.

Kaspersky observed a new ransomware trend last year that will continue in 2023 – ransomware actors will not only encrypt companies’ data but also destroy it.

Another threat awaiting SOCs is more initial compromises through public-facing applications. Penetration from the perimeter requires less preparation than phishing and old vulnerabilities are still exposed.

Kaspersky researchers have recommend implementing the following measures to protect from the relevant threats:

• Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities. Install patches for new vulnerabilities as soon as possible. Once it is downloaded, threat actors can no longer abuse the vulnerability.
• Dedicated services can help combat high-profile attacks. The Kaspersky Managed Detection and Response service can help identify and stop intrusions in their early stages, before the perpetrators achieve their goals. If you encounter an incident, Kaspersky Incident Response service will help you respond and minimize the consequences, in particular – identify compromised nodes and protect the infrastructure from similar attacks in the future.
• Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
• Choose a reliable endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats.

Noteworthy, that Kaspersky is a global cybersecurity and digital privacy company founded in 1997, protecting over 400 million and helping 240,000 corporate clients protect what matters most to them.