Russian Analysts Report Shift in Cyberattack Tactics
Cyberattacks are increasingly targeted and persistent, with hackers aiming to remain inside corporate networks for weeks to maximize damage and data theft.
Analysts at Kod Bezopasnosti (Security Code company) report a shift from mass cyberattacks to targeted, multi-stage operations, with roughly one in six attacks now classified as targeted. The average dwell time of attackers inside Russian corporate networks reached 42 days, and in some cases extended to as long as 181 days.
Another emerging trend is the growing use of legitimate software by attackers, allowing them to avoid leaving obvious traces of malware while maintaining long-term access to victim infrastructure.
According to the study, up to 30% of incidents began with breaches of contractors, integrators or external service providers. By exploiting compromised accounts or remote maintenance channels, attackers can bypass traditional defenses and remain undetected for months.
AI and Fake Calls
Phishing remains the most common initial attack vector, but attackers are increasingly using artificial intelligence to generate convincing messages, along with fake calls and the so-called FakeBoss technique.
Experts say large-scale DDoS attacks have not disappeared but have become more sophisticated. Targeted attacks on APIs increased by 68%, the share of multi-vector attacks rose from 25% to 52%, and “carpet bombing” DDoS attacks grew by 83%. The expansion of botnets continues to drive this trend: infections of IoT devices boosted bot traffic in Russia by 1.7 times. The impact of incidents is becoming more severe, with 230 new databases from Russian companies leaked publicly in just six months, containing more than 767 million user records.
