Anatomy of a Cyber World Global Report 2026

Kaspersky’s 2025 MDR/IR/Compromise Assessment summary aggregates global telemetry and incident response data: the MDR processed ~15,000 telemetry events per host/day, generating ~400,000 alerts (39,000 investigated); most customers were in the CIS, Middle East, and Europe, with government and industrial sectors most targeted and IT rising to third. Key trends include a decline in high-severity incidents (many tied to APTs and red-team activity), widespread exploitation of Microsoft RCE CVEs (including unauthenticated cases), over 80% of attacks initiating via public-facing apps, valid accounts or trusted relationships, and frequent use of living-off-the-land binaries (powershell.exe, rundll32.exe, mshta.exe) and tools such as Mimikatz, PsExec, PowerShell, and AnyDesk; the full report maps initial vectors to MITRE ATT&CK and lists CVEs discovered during IR engagements.