The third quarter of 2023 saw cybersecurity threats continue to increase in sophistication. Kroll’s findings for Q3 revealed that social engineering attacks peaked at their highest level yet, with almost twice as many incidents compared to what we observed in Q2 of this year.
In this briefing, Kroll’s cyber threat intelligence leaders Keith Wojcieszek, Laurie Iacono and George Glass will explore key insights and trends from hundreds of cyber incidents handled worldwide each year. They will also outline critical issues organizations should be aware of, including the sectors hit the hardest and active ransomware groups such as LOCKBIT and BLACKCAT.
The Briefing Covers:
“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono
Kroll continues to see the professional services sector rank first across cases — in particular legal firms — fueled by a rise in BEC across all sectors and specific campaigns targeting the legal industry, such as the BLACKCAT ransomware gang. We also observed nominal rises in the targeting of the manufacturing (2%) and construction sectors (1.5%) from the previous quarter. In Kroll’s observation, both sectors most frequently experienced BEC in the third quarter. For manufacturing, ransomware was the second most likely threat type to be observed, while insider threat was the second most likely threat type for construction. Learn why:
“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono
Kroll saw social engineering tactics increase dramatically in the third quarter, with significant increases in phishing (8%), valid accounts (9%) and voice phishing (“vishing”), as well as other tactics (3%). This rise in social engineering activity aligns with multiple open-source reports warning about these types of attacks via Microsoft Teams and the rise of activity by the group KTA243 (SCATTERED SPIDER), which uses phone- and SMS-based social engineering tactics to lure users into exposing their credentials. See how this is accomplished via the Kroll intrusion lifecycle:
The increasing volume of social engineering attacks is matched by a broadening range of approaches, whether that is via phone and SMS (as the group K2A243 (SCATTERED SPIDER) is known to abuse novel email phishing scams), or directly via Microsoft Teams. In this section, Kroll experts analyze how they have impacted organizations across sectors. Learn more:
Kroll actively tracks malware command and control infrastructure, submissions to public sandboxes and active incident response (IR) and managed detection and response (MDR) case data to generate lists of the most active malware strains for comparison.
A marked difference from the findings shared in the Q2 Threat Landscape Report is the absence of QAKBOT in the top ten malware list. Since the QAKBOT disruption, Kroll has observed a rise in relatively unseen malware strains, such as DARKGATE and PIKABOT, while other open-source stealer malware trends remain consistent. This indicates that QAKBOT operators are looking for a new initial access malware to deploy. Learn more:
Organizations are not only at risk from evolving threats. but also from their own perception of their readiness to address those threats.
With social engineering on the rise in Q3, it is critical that businesses take proactive steps to ensure that they have adequate defenses in place. As this type of threat continues to diversify, organizations need to be vigilant about identifying and addressing all potential areas of attack. This starts with applying a number of key security controls to improve overall security posture. Learn what your businesses should consider:
Grab a copy of the latest reports and insights below and stop by to discuss with our experts. Click to download:
Get a better understanding of the breadth of Kroll’s cyber risk services. Download below for more information:
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.
Kroll’s elite security leaders deliver rapid responses for over 3,000 incidents per year and have the resources and expertise to support the entire incident lifecycle, including litigation demands. Gain peace of mind in a crisis.
by Laurie Iacono, Keith Wojcieszek, George Glass
by George Glass, Laurie Iacono, Keith Wojcieszek
by Laurie Iacono, Keith Wojcieszek, George Glass
by Laurie Iacono, Keith Wojcieszek, George Glass