Kroll’s latest Threat Landscape report highlights the key trends of 2022, including a peak in ransomware, mainly due to increased attacks on the manufacturing, healthcare, technology and telecommunications industries.
This and other notable threats from the previous quarter, as well as a look ahead to potential issues in 2023, are discussed in our Q4 Threat Landscape 2022 report.
Ransomware regroups in 22, rising activity in Q4
Kroll’s Threat Landscape report shows that ransomware continues to be a top threat, with many ransomware groups adapting their tactics to reach more victims.
With security controls becoming better at stopping certain types of ransomware attacks, affiliates had to switch to different variants during the same access period. This highlights that affiliates distributing ransomware are often doing so on behalf of more than one cybercriminal group. In 2022, Kroll observed increased activity from familiar groups such as Hive, AvosLocker and Vice Society.
After Conti disbanded in June 2022, LockBit became the most commonly observed ransomware across Kroll engagements. Other newcomers such as BlackBasta and Royal were also active throughout the year.
Sector analysis: Tech and manufacturing targeted
In 2022, the top five impacted sectors across Kroll incident response cases were: professional services, health care, financial services, manufacturing and technology and telecommunications.
While the professional services sector has typically been the top targeted sector for Kroll cases, in 2022, Kroll observed a slight decline in those attacks, while other sectors were targeted more frequently.
Familiar threats remain strong
The report shows that several familiar threats remained highly active throughout 2022. These include a sharp rise in phishing and a notable increase in unauthorized access. Notable new initial access methods included an infection method leveraging Google Ads to spread credential-stealing malware and a rise in the use of USB-borne malware as a means to spread infection throughout a network.
The report also discusses:
- Key threat landscape trends and how these could impact organisations in 2023
- Critical shifts in attacker behaviour throughout 2022
- The most common threat incident types of 2022 and how they have evolved
How organisations can stay ahead of threats
Actionable threat intelligence and a robust managed detection and response program will play a vital role in enabling businesses to respond effectively to the many and varied threats likely to arise in 2023. Aside from working with trusted partners to achieve this, businesses can implement specific changes themselves. These include enforcing multifactor authentication, using remote desktop protocol (RDP), creating multiple backups and having effective access control.