New Report by Kroll Shows a Dramatic Rise in Phishing Attacks for Q1 2022
In the first quarter of 2022, employees found themselves on the front-line of cyber defense. While the total number of ransomware incidents decreased by 20% in Q1, Kroll’s Threat Landscape Report saw a 54% increase in phishing attacks from the end of last year.
Email compromise and ransomware were the two most common threat incident types for the quarter, with email compromises increasing by 19% from the end of December. While professional services remained the most targeted sector, manufacturing saw a 33% increase in incidents, with 68% of those involving ransomware.
This data reflects an ongoing trend, seen by Kroll since mid-2021, of attackers using email compromises as an initial access method for financial extortion, placing employees in the firing line of cyberattacks.
In one real-world case, a phishing email was sent to an IT department, clicked by an end-user, who then entered their log-in credentials. With the threat actor now having access to global admin credentials, they were able to gain access to the system, take over multiple email accounts belonging to IT staff and C-level employees and download sensitive data. A ransom note was left, demanding payment to end the attack and employees were targeted via text message, email and even social media to pressure victims into meeting their demands. Notably, no ransomware or encryption was used in the attack.
Comment from Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll: “Employees are undoubtedly an important line of defense for any company. Security training programs need to enhance cyber awareness among employees and firms should encourage a culture where raising concerns and reporting suspicious issues is a positive thing. Our latest Kroll Threat Landscape Report underlines this more than ever, as in the last quarter employees faced not only phishing attacks but email compromises which lead to extortion or the introduction of malware.”
“Of further note in the Kroll Threat Landscape report was the continued use of relatively recently exposed vulnerabilities. While 2021 will be remembered as the year of the vulnerability, 2022, particularly the first quarter, will go down as the year that threat actor groups such as ransomware gangs harnessed those vulnerabilities to launch more destructive attacks. For instance, while most activity around Log4j exploitation in Q4 2021 revolved around cryptominers, threat actors from multiple ransomware gangs leveraged the vulnerability to set the stage for network encryption in Q1 2022.”