DEV Community

Mark0
Mark0

Posted on

Missed incidents, persistent threats, and response gaps: Insights from compromise assessment projects

⚠️ Region Alert: UAE/Middle East

The 2025 Kaspersky Compromise Assessment report highlights a significant detection gap, with nearly a third of all incidents remaining undetected for over three months. The analysis reveals that 60% of these threats were missed due to a lack of high-confidence alerts from existing security tools. Proactive audits and regular assessments were found to significantly reduce the frequency of high-severity incidents compared to reactive, post-incident investigations, which often uncovered hidden persistence that initial response efforts missed.

A recurring theme in the findings is the reliance of threat actors on Living-off-the-Land Binaries (LoLBins) and remote management tools to evade detection. Furthermore, 40% of discovered web shells were found within backups, leading to unintentional malware re-infection after remediation efforts. The report emphasizes that security controls are not self-sufficient; effective defense requires continuous human monitoring, threat hunting, and mature incident response playbooks that evolve as new forensic artifacts are discovered.


Read Full Article

Top comments (0)