Royal Ransomware Deep Dive
by Laurie Iacono, Keith Wojcieszek, George Glass
Q4’s rise in the use of external remote services as a ransomware attack vector sets the tone for what is already looking to be a demanding year ahead. With the popularity of remote or hybrid working, organizations must be vigilant in ensuring they have strong defenses in place both centrally and at perimeter level.
Key Findings
Dive Deeper
Social engineering in its many forms took center stage in Q3 2023. The quarter saw “human hacking” evolve from a long-standing security challenge to threat actors’ method of choice. This was evidenced by our observations of the dramatic escalation of social engineering tactics, with significant increases in phishing, smishing, valid accounts, voice phishing and other tactics—adding up to the highest volume of incidents we have seen in 2023.
Key Findings
Dive Deeper
Kroll’s findings for Q2 2023 reveal a notable shift towards increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability but also by a rise in email compromise attacks. This and other key security trends depict a threat landscape where cyber threats are lurking behind every corner.
Key Findings
Dive Deeper
In Q1 2023, Kroll observed a 57% increase in the overall targeting of the professional services sector from the end of 2022. Ransomware propelled this increase, as the sector, particularly legal firms, was the most likely target of extortion and encryption attacks in Q1.
Key Findings
Dive Deeper
In Q4 2022 Kroll identified a volatile and fragmented threat landscape, with ransomware peaking and tech and manufacturing sectors being increasingly frequently targeted.
Key Findings
Dive Deeper
In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents, set against a background of an increasingly fluid labor market and economic turbulence.
Key Findings
Dive Deeper
In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted compared to Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID-19 pandemic.
Key Findings
Dive Deeper
Sign up to receive the next Threat Landscape Report and breaking threat intelligence before anyone else, along with periodic news, alerts and exclusive invitations from Kroll. Our privacy policy describes how your data will be handled.
Handling over 3,000 cyber incidents worldwide every year, Kroll is one of the largest incident response providers in the world. This unparalleled volume of investigations feeds a rich cyber threat intelligence database, from which our investigators and analysts publish trends every quarter.
Kroll’s Cyber Threat Landscape Reports are solely driven by real-life data from incidents and insights from our investigators on the frontlines. Each report focuses on:
The reports also include real-life case studies to help security and risk leaders “see” how incidents can play out and understand how Kroll responds to incidents.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Stop cyberattacks. Kroll Responder managed detection and response is fueled by seasoned IR experts and frontline threat intelligence to deliver unrivaled response.
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Kroll’s ransomware preparedness assessment helps your organization avoid ransomware attacks by examining 14 crucial security areas and attack vectors.
Deftly navigate a host of risk and reputational landmines caused by a cyber crisis with a full suite of strategic communications support for incident response, preparedness and training.
Cyber incident remediation and recovery services are part of Kroll’s Complete Response capabilities, expediting system recovery and minimizing business disruption.
by Laurie Iacono, Keith Wojcieszek, George Glass
by Eric Zimmerman, Andrew Rathbun
by Laurie Iacono, Keith Wojcieszek, George Glass
by David White