Kroll launches Q4 Threat Landscape Report

Kroll's Q4 Threat Landscape Report finds the quarter was characterized by a 356% growth in the number of attacks

Kroll has released the results of its Q4 Threat Landscape Report.

The report found the quarter was characterized by a 356 per cent growth in the number of attacks where the infection vector was CVE/zero day vulnerabilities compared to Q3. This shows that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit would appear.

Law enforcement disrupted a significant amount of cybercrime in the quarter, according to the report. REvil suffered a takedown, there were arrests made around the Kaseya exploitation, and BlackMatter was closed alongside several dark web markets. In total, six key cyber criminal groups exited in the fourth quarter of 2021. Consequently, there was a spike in new extortion sites and new ransomware variants as cyber criminals adapted and regrouped following law enforcement action.

Other findings of note included:

  • Despite a 12 point reduction compared to last quarter, phishing remained the most popular source of infection vector, responsible for 39 per cent of all suspected initial access methods during the final quarter of 2021.
  • Kroll saw a slight drop in the number of ransomware attacks in Q4, but it remained the most popular attack type accounting for 40 per cent of all threats in Q4. Conti and LockBit were the top ransomware variants observed. Splinter ransomware groups are emerging, in some cases selling on their initial access to other groups.
  • The professional services sector was the most targeted, followed by technology/ telecom, healthcare, manufacturing, financial services and education.

Keith Wojcieszek, Managing Director for Cyber Risk at Kroll says: "It is no surprise that phishing and ransomware were heavily featured in the quarterly Kroll Threat Landscape Report, but the extent of regrouping and reattacking done by cyber criminal groups was unusual. While law enforcement made significant headway in disrupting attackers, the fact that we saw new ransomware variations and extortion sites, combined with splinter ransomware groups, demonstrates the agile operations and malicious intent of these criminal groups. Add this to the higher number of software vulnerabilities being exploited by ransomware operators and the speed at which they are compromised, and it underlines the importance of legislative action against attackers to take them out of operation completely.

“Above all, organisations must be able to identify gaps in their security posture, be able to quickly detect threats and confidently respond to those that do make it through. When you consider the speed with which attackers are exploiting vulnerabilities and the extent of patching that needs to be done by security teams, taking six months to test a patch until you’re comfortable to deploy is simply risky. By further verifying these security measures through vulnerability assessments and red team exercises, true resilience can be tested and assured.”


Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI