The first quarter of 2022 saw employees on the frontline of cyber defense. Despite a 20% decrease in ransomware attacks during Q1, the number of incidents was still up by 20%. Kroll’s Threat Landscape Report the number of phishing attacks has increased by 54% since the end last year.
Ransomware and email compromise were the most prevalent threat types in the quarter. Email compromises increased by 19% since December. Professional services were still the most targeted sector. However, incidents in manufacturing increased by 33%, with 68% of them involving ransomware.
These data reflect a continuing trend as seen by Kroll email compromises have been used by attackers to obtain financial extortion as an initial access method since mid-2021. This has put employees in the crosshairs of cyberattackers.
A phishing email was sent out to an IT department. An end-user clicked the link, and then entered their login credentials. They gained access to the global admin credentials of the threat actor, which allowed them to gain access to the system, access multiple email accounts belonging C-level IT employees, and download sensitive information. Employees were sent a ransom note demanding payment in order to end the attack. They also targeted them via email, text, and social media. It is notable that no encryption or ransomware was used in this attack.
Laurie Iacono, Associate Manager for Cyber Risk at Kroll.: “Employees are undoubtedly an important line of defense for any company. Employees must be more aware of cyber threats and companies should encourage employees to raise concerns and report suspicious incidents. Our latest Kroll Threat Landscape Report underlines this more than ever, as in the last quarter employees faced not only phishing attacks but email compromises which lead to extortion or the introduction of malware.”
“Of further note in the Kroll Threat Landscape report was the continued use of relatively recently exposed vulnerabilities. 2021 will be remembered by many as the year of vulnerability. But 2022, in particular the first quarter, is going to be remembered as the decade when threat actor groups, such as ransomware criminal gangs, exploited those vulnerabilities for more severe attacks. For instance, while most activities around Log4j exploitation in Q4 2021 revolved around cryptominers, threat actors from multiple ransomware gangs leveraged the vulnerability to set the stage for network encryption in Q1 2022.”