Kroll launches Q4 Threat Landscape Report

Kroll's Q4 Threat Landscape Report finds the quarter was characterized by a 356% growth in the number of attacks

Kroll has released the results of its Q4 Threat Landscape Report.

The report found the quarter was characterized by a 356 per cent growth in the number of attacks where the infection vector was CVE/zero day vulnerabilities compared to Q3. This shows that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit would appear.

Law enforcement disrupted a significant amount of cybercrime in the quarter, according to the report. REvil suffered a takedown, there were arrests made around the Kaseya exploitation, and BlackMatter was closed alongside several dark web markets. In total, six key cyber criminal groups exited in the fourth quarter of 2021. Consequently, there was a spike in new extortion sites and new ransomware variants as cyber criminals adapted and regrouped following law enforcement action.

Other findings of note included:

  • Despite a 12 point reduction compared to last quarter, phishing remained the most popular source of infection vector, responsible for 39 per cent of all suspected initial access methods during the final quarter of 2021.
  • Kroll saw a slight drop in the number of ransomware attacks in Q4, but it remained the most popular attack type accounting for 40 per cent of all threats in Q4. Conti and LockBit were the top ransomware variants observed. Splinter ransomware groups are emerging, in some cases selling on their initial access to other groups.
  • The professional services sector was the most targeted, followed by technology/ telecom, healthcare, manufacturing, financial services and education.

Keith Wojcieszek, Managing Director for Cyber Risk at Kroll says: "It is no surprise that phishing and ransomware were heavily featured in the quarterly Kroll Threat Landscape Report, but the extent of regrouping and reattacking done by cyber criminal groups was unusual. While law enforcement made significant headway in disrupting attackers, the fact that we saw new ransomware variations and extortion sites, combined with splinter ransomware groups, demonstrates the agile operations and malicious intent of these criminal groups. Add this to the higher number of software vulnerabilities being exploited by ransomware operators and the speed at which they are compromised, and it underlines the importance of legislative action against attackers to take them out of operation completely.

“Above all, organisations must be able to identify gaps in their security posture, be able to quickly detect threats and confidently respond to those that do make it through. When you consider the speed with which attackers are exploiting vulnerabilities and the extent of patching that needs to be done by security teams, taking six months to test a patch until you’re comfortable to deploy is simply risky. By further verifying these security measures through vulnerability assessments and red team exercises, true resilience can be tested and assured.”

Share

Featured Articles

Trustwave Reveals the Financial Sector's Cyber Threats

Although it's not new to think that financial services organisations are prime targets for cybercriminals, the threat landscape they find themselves in is

TCS and Google Cloud Join for Solution to Secure the Cloud

TCS partners with Google Cloud to launch a range of AI-powered cybersecurity solutions to help businesses secure their clouds against advanced threats

Cybersecurity Conglomerate Reveals Threats Facing Consumers

Cybersecurity Conglomerate Gen quarterly report reveals shocking statistics like the fact that consumers are now increasingly at risk from Ransomware

Decoding the US' Most Misunderstood Data Security Terms

Cyber Security

Orange Cyberdefense's Wicus Ross Talks Cyber Extortion Trend

Hacking & Malware

Palo Alto Networks Buy IBM's QRadar Assets in Win for SIEM

Network Security