Cookie Notice

We use cookies to analyse site traffic and optimise your browsing experience. Accepting necessary cookies is required to provide you with a minimum level of service. Read Cookie Statement

Get In Touch
Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy
Experiencing a breach? Get emergency incident response assistance.
Last updated on

Kroll’s latest Threat Landscape report highlights the key trends of 2022, including a peak in ransomware, mainly due to increased attacks on the manufacturing, healthcare, technology and telecommunications industries.

This and other notable threats from the previous quarter, as well as a look ahead to potential issues in 2023, are discussed in our Q4 Threat Landscape 2022 report.

 

Ransomware regroups in 22, rising activity in Q4

Kroll’s Threat Landscape report shows that ransomware continues to be a top threat, with many ransomware groups adapting their tactics to reach more victims.

With security controls becoming better at stopping certain types of ransomware attacks, affiliates had to switch to different variants during the same access period. This highlights that affiliates distributing ransomware are often doing so on behalf of more than one cybercriminal group. In 2022, Kroll observed increased activity from familiar groups such as Hive, AvosLocker and Vice Society.

After Conti disbanded in June 2022, LockBit became the most commonly observed ransomware across Kroll engagements. Other newcomers such as BlackBasta and Royal were also active throughout the year.

 

Sector analysis: Tech and manufacturing targeted

In 2022, the top five impacted sectors across Kroll incident response cases were: professional services, health care, financial services, manufacturing and technology and telecommunications.

While the professional services sector has typically been the top targeted sector for Kroll cases, in 2022, Kroll observed a slight decline in those attacks, while other sectors were targeted more frequently.

 

Familiar threats remain strong

The report shows that several familiar threats remained highly active throughout 2022. These include a sharp rise in phishing and a notable increase in unauthorized access. Notable new initial access methods included an infection method leveraging Google Ads to spread credential-stealing malware and a rise in the use of USB-borne malware as a means to spread infection throughout a network.

The report also discusses:

  • Key threat landscape trends and how these could impact organisations in 2023
  • Critical shifts in attacker behaviour throughout 2022
  • The most common threat incident types of 2022 and how they have evolved

 

How organisations can stay ahead of threats

Actionable threat intelligence and a robust managed detection and response program will play a vital role in enabling businesses to respond effectively to the many and varied threats likely to arise in 2023. Aside from working with trusted partners to achieve this, businesses can implement specific changes themselves. These include enforcing multifactor authentication, using remote desktop protocol (RDP), creating multiple backups and having effective access control.

Download the report