Kaspersky Report Shows Main Cyber Attack Vectors in 2025

MW Insider · 2026-05-10T07:39:51+08:00

Public-facing applications, valid accounts and trusted relationships remained the main initial attack vectors in 2025, according to Kaspersky Security Services. The findings are from Kaspersky’s recent global report, Anatomy of a Cyber World. The report is based on incident data gathered in 2025 from Kaspersky Managed Detection and Response, Kaspersky Incident Response, Kaspersky Compromise Assessment and Kaspersky SOC Consulting. Kaspersky said the main initial attack vectors in 2025 remained similar to 2024, but their combined share increased to more than 80%. Public-facing applications accounted for 43.7% of initial attack vectors. Valid accounts made up 25.4%, while trusted relationships increased from 12.7% to 15.5%. Data from Kaspersky Incident Response shows that the top three initial attack vectors have remained relatively stable over the past seven years. Valid accounts and exploits in public-facing applications have consistently been among the most common entry points. The third position has changed over time. Malicious emails were previously a common initial vector, but trusted relationships first appeared in 2021 and entered the top three in 2023. Kaspersky said these attack vectors are often connected within the same attack chain. For example, organisations affected through trusted relationships may first be exposed through exploits in public-facing applications. In recent cases, attackers targeted service providers or IT integrators before using that access to reach their clients. The issue can be more serious when small service providers lack dedicated cybersecurity expertise and resources. Some of these providers manage accounting software or websites for other organisations. If they are breached, their clients’ systems may also be exposed through compromised remote access. Kaspersky’s analysis also examined attacks by duration and impact. The majority of investigated attacks, at 50.9%, were rapid and usually lasted less than a day. These attacks most often resulted in file encryption. Another 33% of attacks lasted longer, with an average duration of 108 hours. In these cases, attackers not only encrypted files but also installed persistence mechanisms, compromised Active Directory and caused data leakage. The remaining 16.1% showed a hybrid pattern. These attacks first appeared to be rapid incidents, but there was a major delay between the initial breach and later malicious activity. This extended the overall duration to nearly 19 days. Kaspersky said organisations should not rely only on reactive responses. It recommended timely patching, enforcement of multi-factor authentication and strict control of third-party access. The company also recommended stronger monitoring, detection and response capabilities to help organisations identify and respond to cyber threats before they cause wider damage.

This topic has 0 replies, 1 voice, and was last updated 1 month, 2 weeks ago by MW Insider.

Viewing 1 post (of 1 total)

Posts

May 10, 2026 at 7:39 am
MW Insider
Moderator
insert_chart
Public-facing applications, valid accounts and trusted relationships remained the main initial attack vectors in 2025, according to Kaspersky Security Services.
The findings are from Kaspersky’s recent global report, Anatomy of a Cyber World. The report is based on incident data gathered in 2025 from Kaspersky Managed Detection and Response, Kaspersky Incident Response, Kaspersky Compromise Assessment and Kaspersky SOC Consulting.
Kaspersky said the main initial attack vectors in 2025 remained similar to 2024, but their combined share increased to more than 80%. Public-facing applications accounted for 43.7% of initial attack vectors. Valid accounts made up 25.4%, while trusted relationships increased from 12.7% to 15.5%.
Data from Kaspersky Incident Response shows that the top three initial attack vectors have remained relatively stable over the past seven years. Valid accounts and exploits in public-facing applications have consistently been among the most common entry points. The third position has changed over time. Malicious emails were previously a common initial vector, but trusted relationships first appeared in 2021 and entered the top three in 2023.
Kaspersky said these attack vectors are often connected within the same attack chain. For example, organisations affected through trusted relationships may first be exposed through exploits in public-facing applications. In recent cases, attackers targeted service providers or IT integrators before using that access to reach their clients.
The issue can be more serious when small service providers lack dedicated cybersecurity expertise and resources. Some of these providers manage accounting software or websites for other organisations. If they are breached, their clients’ systems may also be exposed through compromised remote access.
Kaspersky’s analysis also examined attacks by duration and impact. The majority of investigated attacks, at 50.9%, were rapid and usually lasted less than a day. These attacks most often resulted in file encryption.
Another 33% of attacks lasted longer, with an average duration of 108 hours. In these cases, attackers not only encrypted files but also installed persistence mechanisms, compromised Active Directory and caused data leakage.
The remaining 16.1% showed a hybrid pattern. These attacks first appeared to be rapid incidents, but there was a major delay between the initial breach and later malicious activity. This extended the overall duration to nearly 19 days.
Kaspersky said organisations should not rely only on reactive responses. It recommended timely patching, enforcement of multi-factor authentication and strict control of third-party access. The company also recommended stronger monitoring, detection and response capabilities to help organisations identify and respond to cyber threats before they cause wider damage.
0