Cyber Threat Intelligence Reports

Threat intelligence from over 3,000 yearly incident response engagements feeds the Cyber Threat Landscape Reports from Kroll. The reports also include real-life case studies to help security and risk leaders “see” how incidents can play out. Get the latest report now.

Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse of 2022

In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents, set against a background of an increasingly fluid labor market and economic turbulence.

Key Findings

  • Q3 saw an increase in insider threat incidents, accounting for a jump in unauthorized access as a threat incident type, which went from 24% in Q2 to 35% in Q3.
  • Kroll observed an increase in malware due to the increased popularity in credential stealing malware, which has driven a rise in the use of valid accounts as initial access methods.
  • With the shutdown of the Conti ransomware group, the official release of LockBit 3.0 dominated the ransomware headlines in the first part of Q3.

Dive Deeper

Q3 2022 Threat Landscape: Insider Threat, The Trojan Horse of 2022

Q2 2022 Threat Landscape Report: Ransomware Returns, Health Care Hit

In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted compared to Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID-19 pandemic.

Key Findings

  • Healthcare overtook professional services as the top targeted sector in Q2, accounting for 21% of all Kroll cases, compared to only 11% in Q1 2022
  • Phishing attacks continued to evolve in Q2, as Kroll observed threat actors using old and new malware such as Qakbot and Bumblebee
  • External remote services such as RDP and VPN were used for initial access 700% more this quarter and CVEs were exploited for initial access 46% more in Q2

Dive Deeper

Q2 2022 Threat Landscape Report: Ransomware Returns, Health Care Hit

Q1 2022 Threat Landscape Report: Threat Actors Target Email for Access and Extortion

In Q1 2022, Kroll observed a 54% increase in phishing attacks being used for initial access in comparison with Q4 2021. Email compromise and ransomware were the two most common threat incident types, highlighting the integral part played by end users in the intrusion lifecycle.

Key Findings

  • While email compromise showed an increase of 19% from Q4, ransomware incidents trended down
  • Incidences of phishing for initial access soared by 54%, potentially driven by a rise in malspam campaigns by Emotet and IcedID
  • Consistent with the previous two quarters, professional services was the most targeted sector

Dive Deeper

Q1 2022 Threat Landscape Report: Threat Actors Target Email for Access and Extortion

Q4 2021 Threat Landscape Report: Software Exploits Abound

In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. 

Key Findings

  • By the end of December, Kroll observed that CVE/zero-day exploitation accounted for just over a quarter (26.9%) of initial access cases over the Q4 period, driven by vulnerabilities in ManageEngine, ProxyShell, VMWare, onicWall and the Log4J exploit
  • Ransomware (39.9%) was once again the most prominent threat type in Q4 despite a small decrease from the previous quarter
  • The professional services sector once again remained the most targeted sector overall in Q4, accounting for 16% of cases, despite a slight dip of almost 6% on last quarter’s figures

Dive Deeper

Q4 2021 Threat Landscape Report: Software Exploits Abound

Get Threat Intelligence in Your Inbox

Sign up to receive the next Threat Landscape Report and breaking threat intelligence before anyone else, along with period news, alerts and exclusive invitations from Kroll. Our privacy policy describes how your data will be handled.

About Kroll’s Cyber Threat Landscape Reports

Handling over 3,000 cyber incidents worldwide every year, Kroll is one of the largest incident response providers in the world. This unparalleled volume of investigations feeds a rich cyber threat intelligence database, from which our investigators and analysts publish trends every quarter.

Kroll’s Cyber Threat Landscape Reports are solely driven by real-life data from incidents and insights from our investigators on the frontlines. Each report focuses on:

  • The most popular threat incident types, including ransomware, email compromise, unauthorized access, web compromise and more
  • Quarterly threat timelines to help network defenders, security and risk leaders catch up with meaningful developments in malware development, vulnerabilities and threat actor movements
  • Most targeted industry sectors, identifying the industries under the heaviest volume of attacks
  • Most popular initial access methods, including phishing, external remote services (like VPN, RDP, etc.), CVE/ zero-day exploitation, SQL injection and more
  • Most popular ransomware variants, outlining the threat actor groups that have been most aggressive
  • Recommendations from Kroll experts on how to improve your security posture

The reports also include real-life case studies to help security and risk leaders “see” how incidents can play out and understand how Kroll responds to incidents.

Stay Ahead with Kroll

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

24x7 Incident Response

Enlist experienced responders to handle the entire security incident lifecycle.

Kroll Responder

Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.

Incident Response Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Ransomware Preparedness Assessment

Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.

Strategic Communications Services

Deftly navigate a host of risk and reputational landmines caused by a cyber crisis with a full suite of strategic communications support for incident response, preparedness and training.

Incident Remediation and Recovery Services

Cyber incident remediation and recovery services are part of Kroll’s Complete Response capabilities, expediting system recovery and minimizing business disruption.

Cyber


How to Build Your Cloud Migration Security Strategy

Sep 16, 2022

by Rob DeaneAlex Cowperthwaite

Cyber


Cyber Risk and CFOs: Over-Confidence is Costly

Sep 13, 2022

by Greg MichaelsJames McLearyWilliam Rimington

Cyber


Guide to Cloud Penetration Testing: What It Is and Why You Need It

Sep 08, 2022

by Alex Cowperthwaite

Cyber


What Is Application Security? Trends, Challenges & Benefits

Aug 12, 2022

by Rahul Raghavan