Throughout 2023, the Vulnerability Detection and Cyber Incident and Cyberattack Response System resources were used to process about 18 billion events, collected using the means for monitoring, analysis and transmission of telemetry information on cyber incidents and cyberattacks; detect 133 million suspicious information security events (at initial analysis); process 148,000 critical information security events (possible cyber incidents detected through filtering suspicious IS events and secondary analysis).
Besides, security analysts have directly detected and processed 1,105 cyber incidents, which is 62.5% more than in 2022.
24 new cyber defense objects of the government (22), energy (1), and military (1) sectors have been connected to the Vulnerability Detection and Cyber Incident and Cyberattack Response System throughout 2023.
Among the autonomous systems, whose infrastructure was identified as an active scanning source most frequently over the reporting period, we can distinguish Google, Hurricane, Google-Cloud-Platform, Cloudflarenet, DigitalOcean-ASN.
1,516,861 suspicious unique files were automatically detected over the reporting period by the subsystems included in the Vulnerability Detection and Cyber Incident and Cyberattack Response System. At that, SmokeLoader, Agent Tesla, Snake Keylogger, Remcos, Formbook prevail among the malware families detected in information security events under the category “02 Malicious software code.”
The detailed statistics is available in the Report below.
For reference. The Vulnerability Detection and Cyber Incident and Cyberattack Response System refers to a complex of software and software & hardware tools that ensure round-the-clock monitoring, analysis and transmission of telemetry data on cyber incidents and cyberattacks occurring or having occurred at cyber defense facilities and possibly affecting their sustainable performance.
