Q2 2024 Threat Landscape Report: Threat Actors Do Their Homework, Ransomware and Cloud Risks Accelerate
by Keith Wojcieszek, Laurie Iacono, George Glass
In Q2, Kroll saw professional services retain their top spot as the most targeted industry, with other sectors seeing increases in comparison with the previous quarter. Kroll’s key findings for Q2 highlight a 7% increase in incidents related to unauthorized access. Our experts also noted attackers targeting cloud services, pinpointing threat actors’ increasing focus on the cloud as an entry point into networks.
During the session, our experts — Keith Wojcieszek, Laurie Iacono and George Glass — explore key trends and outline insights drawn from thousands of cyber incidents handled worldwide each year. They also address the issues that organizations should be aware of, including notable threat incidents and active ransomware groups.
The briefing covers:
“It's interesting to note that we tend to see seasonal increases associated with education sector and it's likely that this kind of seasonal ebb and flow is definitely related to the fact that threat actors may be looking at education as more of an attractive sector in the summer months.” – Laurie Iacono
In Q2, Kroll noticed 18% of ransomware cases across sectors on average, with about 29% of those incidents targeting the education sector. The same trend was identified in relation to unauthorized access and malware. While malware cases are usually consistent across all sectors, when we look just the education sector alone, it actually counts for 7% of what we see this quarter. Learn more.
“Information Stealers have been around for a long time, but in terms of their capability to be bought and sold, it's a very commoditized market now. There are ways that lower skilled threat actors can quickly get access to credentials and tokens and sell those on the deep and dark web or underground forums.” – George Glass
In this section, our experts look at examples of infection chains particularly CLEARFAKE, IDATLOADER and REDLINESTEALER. They highlight how a REDLINESTEALER information stealing malware may end up on corporate or even a personal device. Watch the case study now.
“FOG ransomware has been targeting higher education institutions like colleges, universities, technical colleges and they are directly related to info stealer malware as they are coming in via some kind of compromise credentials or found readily available on the dark web.” – Laurie Lacono
Here, our CTI experts analyze FOG ransomware and their modus operandi. Our team highlights how they use brute force to escalate privileges and create accounts to maintain persistence. Some of the tools they leveraged were advanced support scanners and several different third-party services for exfiltration. Watch now to learn more.
“Phishing remains the top initial access method that was observed. A lot of that is related to email compromise as we saw a lot of email compromise cases that used phishing as a vector. We also saw a big jump in CVE most of which was related to PAN-OS.” – Laurie Lacono
The PAN-OS global protect zero day received a CVSS score of 10, and it essentially enabled a unauthenticated threat actor to execute arbitrary code on the device. The initial exploitation was discovered in the wild on March 26th and the activity was associated with an advanced persistent threat group that was deploying the up style backdoor, which essentially receives commands and outputs them into a CSS file. Watch now to learn more about this vulnerability.
What does your organization have in place to minimize the damage when an incident happens? Having handled thousands of incident response cases, our experts recommend putting high quality monitoring tools in place to detect potential threats to the cloud, such as zero-day vulnerabilities, misconfigurations and insider threats and more. Watch now.
by Keith Wojcieszek, Laurie Iacono, George Glass
by Laurie Iacono, Keith Wojcieszek, George Glass
by Laurie Iacono, Keith Wojcieszek, George Glass
by Laurie Iacono, Keith Wojcieszek, George Glass
Incident response, digital forensics, breach notification, security strategy, managed security services, discovery solutions, security transformation.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.