Webinar Replay: Q3 2023 Threat Landscape: Social Engineering Takes Center Stage

November 15, 2023
Our Quarterly Threat Landscape reports are fueled by frontline incident response intel and elite analysts.
Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

The third quarter of 2023 saw cybersecurity threats continue to increase in sophistication. Kroll’s findings for Q3 revealed that social engineering attacks peaked at their highest level yet, with almost twice as many incidents compared to what we observed in Q2 of this year.

In this briefing, Kroll’s cyber threat intelligence leaders Keith Wojcieszek, Laurie Iacono and George Glass will explore key insights and trends from hundreds of cyber incidents handled worldwide each year. They will also outline critical issues organizations should be aware of, including the sectors hit the hardest and active ransomware groups such as LOCKBIT and BLACKCAT.

The Briefing Covers:

  • Key themes and patterns in the changing threat landscape and how these could impact organizations
  • Critical shifts in attacker behavior in the past quarter, including popular incident types and initial access methods
  • The most active types of ransomware groups and the industries most targeted
  • The continued reinvention and evolution of threat actor groups and attack methods

Key Sections From the Webinar

BEC Attacks Continue to Surge Across Sectors

Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono

Kroll continues to see the professional services sector rank first across cases — in particular legal firms — fueled by a rise in BEC across all sectors and specific campaigns targeting the legal industry, such as the BLACKCAT ransomware gang. We also observed nominal rises in the targeting of the manufacturing (2%) and construction sectors (1.5%) from the previous quarter. In Kroll’s observation, both sectors most frequently experienced BEC in the third quarter. For manufacturing, ransomware was the second most likely threat type to be observed, while insider threat was the second most likely threat type for construction. Learn why:

Social Engineering Yields Initial Access

Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono

Kroll saw social engineering tactics increase dramatically in the third quarter, with significant increases in phishing (8%), valid accounts (9%) and voice phishing (“vishing”), as well as other tactics (3%). This rise in social engineering activity aligns with multiple open-source reports warning about these types of attacks via Microsoft Teams and the rise of activity by the group KTA243 (SCATTERED SPIDER), which uses phone- and SMS-based social engineering tactics to lure users into exposing their credentials. See how this is accomplished via the Kroll intrusion lifecycle:

How Social Engineering Led to Data Exfiltration

Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

The increasing volume of social engineering attacks is matched by a broadening range of approaches, whether that is via phone and SMS (as the group K2A243 (SCATTERED SPIDER) is known to abuse novel email phishing scams), or directly via Microsoft Teams. In this section, Kroll experts analyze how they have impacted organizations across sectors. Learn more:

Kroll Top 10 Malware Strains

Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

Kroll actively tracks malware command and control infrastructure, submissions to public sandboxes and active incident response (IR) and managed detection and response (MDR) case data to generate lists of the most active malware strains for comparison.

A marked difference from the findings shared in the Q2 Threat Landscape Report is the absence of QAKBOT in the top ten malware list. Since the QAKBOT disruption, Kroll has observed a rise in relatively unseen malware strains, such as DARKGATE and PIKABOT, while other open-source stealer malware trends remain consistent. This indicates that QAKBOT operators are looking for a new initial access malware to deploy. Learn more:

Minimizing Impact

Q3 2023 Threat Landscape: Social Engineering Takes Center Stage—Cyber Risk

Organizations are not only at risk from evolving threats. but also from their own perception of their readiness to address those threats.

With social engineering on the rise in Q3, it is critical that businesses take proactive steps to ensure that they have adequate defenses in place. As this type of threat continues to diversify, organizations need to be vigilant about identifying and addressing all potential areas of attack. This starts with applying a number of key security controls to improve overall security posture. Learn what your businesses should consider:


Dive Deeper into Kroll’s Cyber Risk Solutions

Get a better understanding of the breadth of Kroll’s cyber risk services. Download below for more information: 

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Malware Analysis and Reverse Engineering

Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Office 365 Security, Forensics and Incident Response

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.

Digital Forensics and Incident Response

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.