Cyberattacks targeted the public and industrial sectors in 2025

A global report by Kaspersky Security Services, Anatomy of a Cyber World, shows that the government sector has emerged as the most-targeted sector for the 2nd consecutive year, accounting for 19% of all high-severity incidents in 2025. The industrial sector closely followed at 17%, while the IT sector rose to third place with 15%, displacing finance from the top three targeted industries. 

Anatomy of a Cyber World draws on incident statistics from Kaspersky tools and services. It sheds light on the most prevalent attacker tactics, techniques and tools, as well as the characteristics of detected incidents and their distribution across regions and industry sectors.  

In addition to revealing that the government bodies continued to be the most targeted sector in 2025, the research found that advanced persistent threats (APTs) were the most common incident type, accounting for 33.3% of incidents. This trend highlights the increasing sophistication of adversaries who persistently evolve their tactics to bypass automated protection, Kaspersky said. Additionally, 18.9% of government organisations experienced social engineering attacks, underscoring that employees remain a critical entry point for cyberthreats.

This dual vulnerability, from both advanced persistent attackers and social engineering campaigns, underscores the need to strengthen not only technology but also organisational resilience, Kaspersky said. Implementing measures such as role-based access control and limiting privileges can significantly reduce the impact of compromised accounts, particularly in large, distributed government environments, the company advised.

In the industrial sector, threats are distributed uniformly: APT-driven incidents constitute 17.8%, malware 14.9% and social engineering 13.9%. This pattern suggests that industrial organisations attract a broad range of adversaries with different capabilities and objectives, rather than being primarily targeted by a single type of threat actor. 

Notably, confirmed cyber exercises like red teaming accounts for 22.8% of incidents in the sector, the highest share among the top three industries, reflecting growing investment in proactive security validation among industrial organisations, Kaspersky said. Red teaming simulates advanced, real-world attacks, to help uncover vulnerabilities and assess incident response capabilities. 

In contrast, IT organisations are clearly a priority target for sophisticated threat actors seeking to exploit trusted relationships and scale their impact through supply chains, Kaspersky said, with 41% of incidents attributed to human-driven APT attacks for the IT sector. This was the highest rate across all sectors. 

APT traces, which are artifacts from previous advanced persistent threat activity, were identified in an additional 17% of cases, while social engineering accounted for 11%. In contrast, red teaming represented only 9% of IT incidents, suggesting that proactive security testing remains underutilised relative to the sector’s actual threat exposure.

The finance sector, typically an attractive target, was not in the top three targeted industries in 2025. According to the report, red teaming in this sector accounts for 36.1% of incidents, reflecting a mature, compliance-driven approach to proactive defence, while confirmed APT activity remained comparatively low at 11.5%. This pattern indicates that sustained investment in security assessment can effectively enhance a company’s ability to identify vulnerabilities early, avoiding costly breaches and reducing the risk of significant damage to reputation and operations.

"Government, industrial and IT organisations consistently attract sophisticated adversaries because of the strategic value of what they hold, operate and connect to geopolitical intelligence, critical infrastructure and global supply chains respectively. The 2025 data confirms that these attacks are not opportunistic: they are targeted and often aimed at establishing persistent access. 

"Each of these sectors needs to operate on the assumption that determined attackers will find a way in, and focus their defences on early detection, rapid containment and minimising the window of exposure. So, proactive threat hunting, continuous monitoring and regular compromise assessments are no longer optional for organisations of any size across these industries," said Sergey Soldatov, Head of Security Operations at Kaspersky.  

Details

Read the report at https://www.kaspersky.com/enterprise-security/resources/reports/mdr-ir-analyst-reports?utm_source=press-release&utm_medium=referral&utm_campaign=Global-Report_26_MDR-IR&utm_content=5637437839

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

AWS: AI adoption grows 20% in Singapore

Image
Amazon Web Services (AWS), an Amazon.com company, has found* that AI adoption continues to accelerate in Singapore. In the past year alone, 27,000 1 Singapore businesses adopted AI for the first time—equivalent to over three new adopters every hour. In sum, nearly 170,000 (48%) of businesses in Singapore have adopted AI 2 , up from approximately 143,000 (40%) a year ago. This represents a 20% year-over-year growth rate, AWS said. AI adoption is the strongest in the financial services industry (71%), followed by the technology sector ( software developers, data analytics firms, cloud service providers, and digital startups) at 70%, and healthcare at 63%. Among Singapore’s businesses that have adopted AI, 82% reported an increase in revenue, at an average increase of 19%, while 90% report significant productivity improvements. A large majority (85%) of those who have adopted AI say the technology is likely to increase their growth in the next year, and 89% expect an average of 17%...
Read more