not during the day
Kaspersky Lab has reported to socialbites.ca that Russia has seen a sharp rise in cyber incidents targeting its businesses in recent months. In the first quarter of 2022, reported complex attacks on Russian firms more than quadrupled from the same period in 2021. These complex intrusions involve seasoned criminals who go beyond simply spreading malware; they orchestrate multi-faceted campaigns that probe a company’s defenses and move through its networks with stealth.
Cyber intruders aim to establish a foothold in corporate environments and stay hidden for extended periods, gradually gaining full control over critical infrastructure. They tailor each stage of the attack to slip past traditional defenses, exploit exposed vulnerabilities, and seize any entry points into the enterprise. When such incidents occur, essential workflows can be disrupted and sensitive data or financial resources may be stolen, according to Alexander Gostev, the chief technology officer at Kaspersky Lab.
Oleg Skulkin, who leads the Group-IB digital forensics laboratory, confirmed a notable uptick in incidents observed by his team, noting at least a threefold year-over-year rise. Positive Technologies likewise reported that the surge in hacker activity in Russia peaked at the end of the first quarter, during the last few weeks of March.
Ekaterina Kilyusheva, head of the information security analytics group at Positive Technologies, described a growing trend of more effective targeted attacks conducted by sophisticated groups. Vladimir Ulyanov, head of Zecurion’s analytical center, pointed out that the threat landscape has expanded to include not only external attackers but also insiders who may collaborate with outsiders.
“External aggressors frequently collaborate with internal actors or rely on the negligence of staff to carry out their incursions,” he observed.
random links
The chief reason given by Kaspersky Lab for the rising incident count is the expanding attack surface created by new components in enterprise IT environments. As infrastructure grows, so do the number of potential access points for intruders, who exploit this trend. At the same time, cybercriminals continuously adapt, complicating the threat landscape overall.
The company also noted that the suspension of operations by several foreign suppliers of corporate information security tools contributed to the problem. In March, brands like Acronis, ESET, Avast, Symantec, Palo Alto and others announced changes or pauses in their services. Dozens more followed.
“Some foreign providers have halted their product operations entirely. Many have unsanctioned or unsubscribed their solutions. When detection updates for threat databases stop working, the quality of threat detection declines quickly,” Gostev explained.
Ekaterina Kilyusheva of Positive Technologies added that the pause in service from some vendors has deprived Russian customers of timely technical support, a situation that can endanger data, finances, and reputation. Detecting and preventing minor attacks requires tight oversight of infrastructure activity, and the current gaps hinder that effort.
“For enterprise solutions, not only the product itself but also the accompanying services matter. Support, assistance with installation and day-to-day use, plus ongoing updates. Without developer support, a complex product loses effectiveness, and without updates it can become useless or even harmful, giving a false sense of security,” said Vladimir Ulyanov of Zecurion, supporting his colleagues.
there is a solution
To protect business continuity amid rising cyber risks, experts advise companies to pivot toward local alternatives to Western tools. Kaspersky Lab suggests adopting an Extended Detection and Response (XDR) class solution as a practical approach. Positive Technologies and Group-IB express similar viewpoints, offering comparable XDR capabilities in their security portfolios.
XDR systems provide broad detection and rapid response to advanced cyber threats by monitoring every potential entry point across the enterprise—workstations, servers, networks, email, and the internet—while also guarding against social engineering techniques.
Vladimir Ulyanov added that XDR is only one option; Russian firms should also consider other protective measures. He noted that incorporating Data Leakage Prevention (DLP) solutions can help reduce insider risks and protect sensitive information from leakage and tampering.