Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

August 21, 2024
Our quarterly threat landscape reports are fueled by frontline incident response intel and elite analysts.
Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

In Q2, Kroll saw professional services retain their top spot as the most targeted industry, with other sectors seeing increases in comparison with the previous quarter. Kroll’s key findings for Q2 highlight a 7% increase in incidents related to unauthorized access. Our experts also noted attackers targeting cloud services, pinpointing threat actors’ increasing focus on the cloud as an entry point into networks.

During the session, our experts — Keith Wojcieszek, Laurie Iacono and George Glass — explore key trends and outline insights drawn from thousands of cyber incidents handled worldwide each year. They also address the issues that organizations should be aware of, including notable threat incidents and active ransomware groups.

The briefing covers:

  • The key themes defining today’s threat landscape and their impact on organizations
  • The FOG ransomware group’s focus on the education sector
  • The latest malware trends, including the growing use of infostealers
  • The tactics behind some of the world’s most high-profile cyber incidents

Key Sections From the Webinar

Seasonal Cycles in Threat Actor Behavior

Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

“It's interesting to note that we tend to see seasonal increases associated with education sector and it's likely that this kind of seasonal ebb and flow is definitely related to the fact that threat actors may be looking at education as more of an attractive sector in the summer months.” – Laurie Iacono

In Q2, Kroll noticed 18% of ransomware cases across sectors on average, with about 29% of those incidents targeting the education sector. The same trend was identified in relation to unauthorized access and malware. While malware cases are usually consistent across all sectors, when we look just  the education sector alone, it actually counts for 7% of what we see this quarter. Learn more.

Information Stealer Infection Chain

Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

“Information Stealers have been around for a long time, but in terms of their capability to be bought and sold, it's a very commoditized market now. There are ways that lower skilled threat actors can quickly get access to credentials and tokens and sell those on the deep and dark web or underground forums.” – George Glass

In this section, our experts look at examples of infection chains particularly CLEARFAKE, IDATLOADER and REDLINESTEALER. They highlight how a REDLINESTEALER information stealing malware may end up on corporate or even a personal device. Watch the case study now.

Q2 2024 Ransomware Variants – FOG Decends on Education Sector

Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

“FOG ransomware has been targeting higher education institutions like colleges, universities, technical colleges and they are directly related to info stealer malware as they are coming in via some kind of compromise credentials or found readily available on the dark web.” – Laurie Lacono

Here, our CTI experts analyze FOG ransomware and their modus operandi. Our team highlights how they use brute force to escalate privileges and create accounts to maintain persistence. Some of the tools  they leveraged were advanced support scanners and several different third-party services for exfiltration. Watch now to learn more.

PAN-OS “Pandemonium”​

Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

“Phishing remains the top initial access method that was observed. A lot of that is related to email compromise as we  saw a lot of email compromise cases that used phishing as a vector. We also saw a big jump in CVE most of which was related to PAN-OS.” – Laurie Lacono

The PAN-OS global protect zero day received a CVSS score of 10, and it essentially enabled a unauthenticated threat actor to execute arbitrary code on the device. The initial exploitation was discovered in the wild on March 26th and the activity was associated with an advanced persistent threat group that was deploying the up style backdoor, which essentially receives commands and outputs them into a CSS file. Watch now to learn more about this vulnerability.

Minimizing Impact Against Cloud Attacks

Webinar Replay – Q2 2024 Cyber Threat Landscape Virtual Briefing

What does your organization have in place to minimize the damage when an incident happens? Having handled thousands of incident response cases, our experts recommend putting high quality monitoring tools in place to detect potential threats to the cloud, such as zero-day vulnerabilities, misconfigurations and insider threats and more. Watch now.


Cyber and Data Resilience

Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.

Kroll Responder MDR

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.


24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

Malware Analysis and Reverse Engineering

Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.

Office 365 Security, Forensics and Incident Response

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.


Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Incident Response and Litigation Support

Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.