There used to only be dozens of threat actors, but the Kaspersky Lab Global Research and Analysis team now tracks the activity of more than a hundred threat actors and sophisticated malicious operations targeting commercial and government organizations in 85 countries.
The growing numbers show that sophisticated threat actors are actively improving and extending their arsenal, and a lot of new actors are coming to the stage, significantly raising the overall levels of danger.
Targeted attacks are not an elite activity anymore. While in previous years this kind of operation would require a lot of specialists with specific skills and a lot of funding, nowadays Kaspersky Lab researchers are observing the emergence of smaller – and not necessarily sophisticated – yet efficient cyberespionage campaigns.
These groups are hunting for sensitive information, which can be used to gain geopolitical advantages or even sold to anyone willing to pay.
Based on the analysis of the intelligence gathered on these campaigns, Kaspersky Lab researchers have been able to create a top list of organizations, which are more at risk than others of becoming a target of cyber espionage, or a sophisticated cybercriminal operation.
● Government and diplomatic organizations
● Financial institutions
● Energy companies
● Telecommunications companies
● Aerospace organizations
● Military contractors
● Educational organizations
● Healthcare organizations
● IT companies
● Diplomatic organizations
Targeted attacks are a major problem because the tactics of almost any of the existing groups involve utilizing tools that overcome traditional endpoint and network protection solutions.
Even if solutions are effective in regards to usual, and some sophisticated, malware, they cannot provide a 100% detection guarantee when it comes to targeted attacks. This is because actors behind sophisticated campaigns are professionals in social engineering, they may use zero-day vulnerabilities, and they’re increasingly using legitimate tools for remote access instead of actual malware.
That is why reliable security software in a corporate IT infrastructure must be accompanied by intelligence nowadays – security teams need to be backed up with expertise, so that they know when to be alarmed, and what clues to look for if their organization becomes a threat actor target.