Kroll’s Q2 2022 Threat Landscape report has revealed a 90% increase in the number of healthcare organisations targeted, in comparison with Q1 2022. This has been fuelled by ransomware, with attacks increasing to a level which made it the most common threat for the quarter.
Created by threat intelligence specialists from Kroll and Redscan, the new report, Q2 2022 Threat Landscape: Ransomware Returns, Healthcare Hit, explores key insights and trends, and is based on our experience derived from handling over 3,200 cyber incidents handled worldwide a year.
The report outlines some notable shifts in attacker behaviour, one being a 700% increase in external remote services, such as remote desktop protocol (RDP) and virtual private networks (VPN), being used for initial access in the quarter. Of ransomware incidents beginning with phishing, Kroll observed an uptick in the use of Qakbot malware as a delivery mechanism, particularly for new ransomware groups like Black Basta.
The recent shift to targeting the healthcare industry comes alongside the persistence of ransomware as an incident type and the rise in external remote services being used as an initial access method, giving an indication of where attackers may focus in coming months.
The report also discusses:
- The statistics that made healthcare the most targeted sector in Q2
- The threat actors targeting External Remote Services/VPN for initial access
- The leading initial access method across threat incident types
- The ransomware variants most popular with attackers
What organisations need to do to stay ahead of evolving threats
As the new report highlights, it is vital that organisations are fully prepared for continued challenges throughout the rest of 2022. All organisations would benefit from testing the resilience of their external remote services and preparedness for ransomware, as well as paying close attention to the security around remote services. The report demonstrates the value of harnessing threat intelligence and establishing an effective Managed Detection and Response program for effective threat validation and containment and to support post-incident recovery.