CP
cyberpings
Threat IntelHIGH

Cyberattack Trends - Insights from Kaspersky's 2026 Report

KAKaspersky Securelist
KasperskyManaged Detection and ResponseIncident ResponsecyberattacksCVE
🎯

Basically, Kaspersky's report shows how cyberattacks changed in 2025 and what organizations can do about it.

Quick Summary

Kaspersky's latest report reveals significant trends in cyberattacks from 2025. Key sectors like government and IT are increasingly targeted. Understanding these trends is crucial for enhancing cybersecurity measures.

What Happened

The Kaspersky Security Services report for 2026 sheds light on the evolving landscape of cyberattacks, drawing from data collected through their Managed Detection and Response (MDR) and Incident Response (IR) services. The report reveals that in 2025, Kaspersky processed an average of 15,000 telemetry events per host daily, resulting in approximately 400,000 alerts. This data highlights the increasing sophistication and volume of cyber threats facing organizations worldwide.

The report not only details the number of incidents but also categorizes them by industry. Government and industrial sectors remain the most targeted, while the IT sector has seen a notable rise in incident response requests, surpassing financial organizations this year. This shift underscores the growing focus on IT security as a critical area of concern.

Who's Being Targeted

In 2025, the distribution of cyberattacks revealed that 18.5% of incidents targeted government entities, with 16.6% aimed at industrial organizations. The IT sector's rise to prominence in the rankings indicates a shift in threat actors' focus. Financial organizations, previously a primary target, have seen a decline in attacks, suggesting that adversaries are adapting their strategies to exploit vulnerabilities in less fortified sectors.

The report also highlights that over 80% of attacks utilized initial vectors such as exploitation of public-facing applications and trusted relationships. This trend indicates that attackers are increasingly leveraging existing trust to infiltrate organizations, making it essential for businesses to reassess their security measures.

Key Trends and Statistics

Kaspersky's report outlines several key trends in cyberattacks for 2025:

  • The number of high-severity incidents has decreased, continuing a downward trend since 2021. This suggests that while adversaries are still active, organizations are improving their defensive measures.
  • A significant number of vulnerabilities exploited were related to Microsoft products, with many leading to remote code execution without authentication.
  • The use of legitimate tools in attacks, such as PowerShell and Mimikatz, indicates that adversaries are increasingly relying on tools that blend in with normal operations to avoid detection.

These findings reveal a landscape where attackers are not only persistent but also evolving their tactics to circumvent traditional defenses.

What You Should Do

Organizations should take proactive steps to bolster their defenses against the trends identified in the Kaspersky report. Here are some recommended actions:

  • Enhance monitoring: Implement advanced monitoring solutions to detect unusual activity, especially regarding trusted relationships and public-facing applications.
  • Regular vulnerability assessments: Conduct frequent assessments to identify and patch vulnerabilities, particularly those associated with widely used software like Microsoft products.
  • Employee training: Ensure that employees are aware of the latest phishing tactics and social engineering techniques that attackers may use to gain access.

By staying informed and adapting to the changing threat landscape, organizations can better protect themselves against the increasing sophistication of cyberattacks.

🔒 Pro insight: The shift in attack focus to IT and government sectors indicates a need for enhanced security protocols in these industries to mitigate evolving threats.

Original article from

Kaspersky Securelist · Kaspersky Security Services

Read Full Article

Share

Related Pings

HIGHThreat Intel

TeamPCP Supply Chain Attack - LiteLLM Packages Compromised

TeamPCP has compromised LiteLLM packages on PyPI, embedding malware that steals sensitive data. Developers and organizations using this library are at risk. Immediate action is needed to secure systems and credentials.

Help Net Security·
HIGHThreat Intel

Phishing Alert - GTFire Exploits Google Services

GTFire is exploiting Google services to enhance phishing schemes. Users worldwide are at risk of falling victim to these sophisticated attacks. Awareness and caution are essential to stay safe.

Group-IB Blog·
HIGHThreat Intel

TeamPCP - Expands Supply Chain Campaign with LiteLLM Compromise

A popular Python package, LiteLLM, was compromised by malware linked to TeamPCP. This breach could lead to significant credential theft across many systems. Organizations are urged to take immediate action to secure their environments.

Infosecurity Magazine·
HIGHThreat Intel

Threat Intel - TeamPCP Expands OSS Compromise Campaign

TeamPCP has launched a wide-ranging attack on open-source platforms like Docker Hub and PyPI. This campaign compromises sensitive data and credentials, affecting thousands of developers. Organizations are urged to enhance their security measures to combat these threats effectively.

SecurityWeek·
HIGHThreat Intel

Threat Intel - Malicious LiteLLM Versions Linked to TeamPCP

Malicious versions of LiteLLM were backdoored by TeamPCP, targeting millions of developers. This supply chain attack steals sensitive credentials and maintains persistent access. Developers should update to safe versions immediately.

Security Affairs·
HIGHThreat Intel

ClickFix Campaigns - Targeting Windows and macOS Users

Insikt Group has identified five ClickFix campaigns targeting Windows and macOS. These attacks exploit social engineering techniques to execute malicious commands. Organizations must enhance their defenses against this evolving threat.

Recorded Future Blog·