{"id":19746,"date":"2022-06-10T17:40:17","date_gmt":"2022-06-10T13:40:17","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/mdr-report-contribution\/19746\/"},"modified":"2022-06-10T17:40:17","modified_gmt":"2022-06-10T13:40:17","slug":"mdr-report-contribution","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/mdr-report-contribution\/19746\/","title":{"rendered":"Most prevalent adversarial techniques applied in 2021 incidents"},"content":{"rendered":"

The Kaspersky Managed Detection and Response (MDR) service allows companies to strengthen their security teams by externally monitoring corporate infrastructure around the clock. According to a recently published MDR analyst report<\/a>, in 2021 the service processed about 414,000 security alerts, resulting in 8479 incidents reported to customers. While analyzing those incidents, our SOC experts identified the most common attack techniques under the MITRE ATT&CK classification; they calculated the ratio of incidents based on those techniques to the total number of incidents and named the three most popular.<\/p>\n

User Execution<\/h2>\n

This category includes all incidents in which the attacker relies on the actions of a user inside the infrastructure. That is, these are the cases when attackers force an employee to click on a malicious link or open an e-mail attachment. This group also includes incidents in which a deceived user gives an attacker remote access to corporate resources.<\/p>\n

Spearphishing Attachment<\/h2>\n

According to the MITRE ATT&CK classification, the Spearphishing Attachment tactic involves sending e-mails with a malicious file attached. Most commonly, attackers also rely on social engineering and user execution to carry such out an attack. Typical payload includes executable files, MS Office documents, PDFs and archive files.<\/p>\n

Exploitation of Remote Services<\/h2>\n

The Exploitation of Remote Services category includes incidents in which attackers use vulnerable services to access internal systems within a corporate network. Typically, this is used for lateral movement within the infrastructure. Attackers often target servers, but sometimes they also exploit vulnerabilities on other endpoints, including workstations.<\/p>\n

How to protect your infrastructure from the most common techniques of the attackers<\/h2>\n

The MITRE ATT&CK website<\/a> lists the most effective methods that can be used to mitigate each adversarial technique.<\/p>\n