Kroll launches Q4 Threat Landscape Report

Kroll's Q4 Threat Landscape Report finds the quarter was characterized by a 356% growth in the number of attacks

Kroll has released the results of its Q4 Threat Landscape Report.

The report found the quarter was characterized by a 356 per cent growth in the number of attacks where the infection vector was CVE/zero day vulnerabilities compared to Q3. This shows that attackers are becoming more adept at exploiting vulnerabilities, in some cases leveraging them on the same day that the proof-of-concept exploit would appear.

Law enforcement disrupted a significant amount of cybercrime in the quarter, according to the report. REvil suffered a takedown, there were arrests made around the Kaseya exploitation, and BlackMatter was closed alongside several dark web markets. In total, six key cyber criminal groups exited in the fourth quarter of 2021. Consequently, there was a spike in new extortion sites and new ransomware variants as cyber criminals adapted and regrouped following law enforcement action.

Other findings of note included:

  • Despite a 12 point reduction compared to last quarter, phishing remained the most popular source of infection vector, responsible for 39 per cent of all suspected initial access methods during the final quarter of 2021.
  • Kroll saw a slight drop in the number of ransomware attacks in Q4, but it remained the most popular attack type accounting for 40 per cent of all threats in Q4. Conti and LockBit were the top ransomware variants observed. Splinter ransomware groups are emerging, in some cases selling on their initial access to other groups.
  • The professional services sector was the most targeted, followed by technology/ telecom, healthcare, manufacturing, financial services and education.

Keith Wojcieszek, Managing Director for Cyber Risk at Kroll says: "It is no surprise that phishing and ransomware were heavily featured in the quarterly Kroll Threat Landscape Report, but the extent of regrouping and reattacking done by cyber criminal groups was unusual. While law enforcement made significant headway in disrupting attackers, the fact that we saw new ransomware variations and extortion sites, combined with splinter ransomware groups, demonstrates the agile operations and malicious intent of these criminal groups. Add this to the higher number of software vulnerabilities being exploited by ransomware operators and the speed at which they are compromised, and it underlines the importance of legislative action against attackers to take them out of operation completely.

“Above all, organisations must be able to identify gaps in their security posture, be able to quickly detect threats and confidently respond to those that do make it through. When you consider the speed with which attackers are exploiting vulnerabilities and the extent of patching that needs to be done by security teams, taking six months to test a patch until you’re comfortable to deploy is simply risky. By further verifying these security measures through vulnerability assessments and red team exercises, true resilience can be tested and assured.”


Featured Articles

Secure 2024: AI’s impact on cybersecurity with Integrity360

With 2023 seeing increased AI in cybersecurity, and rising cyberattacks, Integrity360 leaders consider what the 2024 cyber landscape will look like

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Magazine speaks with Radiflow’s CEO, Ilan Barda, about converging IT and OT and how leaders can better protect businesses from cybersecurity threats

QR ‘Quishing’ scams: Do you know the risks?

QR code scams, or Quishing scams, are rising and pose a threat to both private users and businesses as cyberattacks move towards mobile devices

Zero Trust Segmentation with Illumio’s Raghu Nandakumara

Network Security

Is the password dead? Legacy technology prevents the shift

Network Security

Fake Bard AI malware: Google seeks to uncover cybercriminals

Technology & AI