Cyber Threat Intelligence Reports
Threat intelligence from over 3,000 yearly incident response engagements feeds the Cyber Threat Landscape Reports from Kroll. The reports also include real-life case studies to help security and risk leaders “see” how incidents can play out. Get the latest report now.
Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations
Kroll’s findings for Q2 2023 reveal a notable shift towards increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability but also by a rise in email compromise attacks. This and other key security trends depict a threat landscape where cyber threats are lurking behind every corner.
- A 33% rise in CLOP ransomware activity due to the MOVEit transfer vulnerability
- An 8% rise in email compromise attacks, with new session token stealing tactics and open redirect phishing campaigns challenging blue teams
- The industries targeted the most in Q2 2023, including an ongoing attack on professional services, closely followed by an increased focus on financial services
Q1 2023 Threat Landscape Report: Ransomware Groups Splinter, Swarm Professional Services Sector
In Q1 2023, Kroll observed a 57% increase in the overall targeting of the professional services sector from the end of 2022. Ransomware propelled this increase, as the sector, particularly legal firms, was the most likely target of extortion and encryption attacks in Q1.
- Key themes and patterns in the changing threat landscape and how these could impact organizations in 2023
- Critical shifts in attacker behavior in the past quarter, including popular incident types and initial access methods and the use of exfiltration
- Notable trends, such as a 56% increase in the number of independent attackers conducting ransomware operations outside of the established ransomware-as-a-service (RaaS) groups
- The continued reinvention and evolution of threat actor groups and attack methods
Q4 2022 Threat Landscape: Tech and Manufacturing Targeted as Ransomware Peaks for 2022
In Q4 2022 Kroll identified a volatile and fragmented threat landscape, with ransomware peaking and tech and manufacturing sectors being increasingly frequently targeted.
- The Manufacturing, Healthcare and Technology sectors saw significant quarter-over-quarter increases in ransomware attacks in Q4 2022
- Familiar threats remained active throughout 2022, with phishing rising and unauthorized access increasing from 18% in 2021 to 25% in 2022
- Since the Conti disbandment, LockBit became the most commonly observed ransomware across Kroll engagements in 2022, with newcomers like BlackBasta and Royal becoming increasingly active
Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse of 2022
In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents, set against a background of an increasingly fluid labor market and economic turbulence.
- Q3 saw an increase in insider threat incidents, accounting for a jump in unauthorized access as a threat incident type, which went from 24% in Q2 to 35% in Q3.
- Kroll observed an increase in malware due to the increased popularity in credential stealing malware, which has driven a rise in the use of valid accounts as initial access methods.
- With the shutdown of the Conti ransomware group, the official release of LockBit 3.0 dominated the ransomware headlines in the first part of Q3.
Q2 2022 Threat Landscape Report: Ransomware Returns, Health Care Hit
In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted compared to Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID-19 pandemic.
- Healthcare overtook professional services as the top targeted sector in Q2, accounting for 21% of all Kroll cases, compared to only 11% in Q1 2022
- Phishing attacks continued to evolve in Q2, as Kroll observed threat actors using old and new malware such as Qakbot and Bumblebee
- External remote services such as RDP and VPN were used for initial access 700% more this quarter and CVEs were exploited for initial access 46% more in Q2
Get Threat Intelligence in Your Inbox
Thank you! A confirmation email has been sent to you.
Sorry, something went wrong. Please try again later!
About Kroll’s Cyber Threat Landscape Reports
Handling over 3,000 cyber incidents worldwide every year, Kroll is one of the largest incident response providers in the world. This unparalleled volume of investigations feeds a rich cyber threat intelligence database, from which our investigators and analysts publish trends every quarter.
Kroll’s Cyber Threat Landscape Reports are solely driven by real-life data from incidents and insights from our investigators on the frontlines. Each report focuses on:
- The most popular threat incident types, including ransomware, email compromise, unauthorized access, web compromise and more
- Quarterly threat timelines to help network defenders, security and risk leaders catch up with meaningful developments in malware development, vulnerabilities and threat actor movements
- Most targeted industry sectors, identifying the industries under the heaviest volume of attacks
- Most popular initial access methods, including phishing, external remote services (like VPN, RDP, etc.), CVE/ zero-day exploitation, SQL injection and more
- Most popular ransomware variants, outlining the threat actor groups that have been most aggressive
- Recommendations from Kroll experts on how to improve your security posture
The reports also include real-life case studies to help security and risk leaders “see” how incidents can play out and understand how Kroll responds to incidents.