Kroll Q1 2022 Threat Landscape Report | Redscan
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

A new report from Kroll reveals a concerning trend of threat actors targeting email for access and extortion.

This, as well as other notable threats from the previous quarter, are discussed in the report, Q1 2022 Threat Landscape: Threat Actors Target Email for Access and Extortion.


Incidences of phishing for initial access soar

In Q1 2022, Kroll observed a 54% increase in phishing attacks being used for initial access in comparison with Q4 2021. Email compromise and ransomware were the two most common threat incident types, highlighting the integral part played by end users in the intrusion lifecycle.

Most popular access methods by quarter

Well-known vulnerabilities used as pivot points to access and compromise systems

The report highlights that Kroll continues to observe widely-publicised vulnerabilities such as ProxyShell and Log4J being used as pivot points for attackers to access and compromise systems through approaches such as business email compromise and cryptominers. In Q1 2022, Kroll observed these vulnerabilities being leveraged by multiple different ransomware groups for initial access into systems. In the same quarter, Kroll also observed an increase in attacks related to Emotet and IcedID malware.


Email compromise rises while ransomware ebbs

The report discusses that while email compromise saw an increase of 19% from Q4, ransomware incidents trended down. Overall, ransomware activity in the first quarter of 2022 was down nearly 30% from Q3 2021. Kroll observed an uptick in ransomware activity in March 2022, indicating the regrouping and rebranding of ransomware gangs as new variants like QuantumLocker and Dark Angel. Web compromise continues to experience a gradual rise as significant vulnerabilities like Log4J and Spring4Shell make it easier for cybercriminals to exploit web applications.


Email compromise leads to extortion

The report outlines a case study that is of particular interest because it illustrates the ongoing trend of email compromises followed by attempts to financially extort individuals or organisations, reflecting the tactics employed by ransomware gangs. The case study begins with a phishing email targeting IT departments and ends with the threat actors using multiple different methods to contact the compromised account holders and even taking over social media accounts associated with the employees to further pressure victims into meeting their ransom demands.


Defending against established methods and new approaches

The report shares key insights that confirm that even with fewer ransomware incidents and the disruption and exposure of a number of key threat groups, the threat landscape remains complex. With attacker diversity at the fore, due to actors exploiting new methods and the ongoing events relating to Russia’s war on Ukraine, it is highly likely that conditions will remain challenging throughout 2022.

It is essential to maintain a robust cyber security approach in order to defend against the ongoing acceleration of cyber threats throughout the second half of 2022. Apart from outlining email security best practices, the report also demonstrates the value of threat intelligence and the importance of an effective Managed Detection and Response programme.

Download the Report