Mon, Oct 21, 2024

September Threat Intelligence Spotlight Report

/en/our-team/george-glass

George Glass

/en/our-team/keith-wojcieszek

Keith Wojcieszek

/en/our-team/laurie-iacono

Laurie Iacono

Download the Report

Download the September Report

First Name

Last Name

Company

Job Title

Business Email

Region

I would like to receive invitations, insights and thought leadership content from Kroll.

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.

Each month, our Cyber Threat Intelligence team compiles data from our engagements to determine key industry trends. We look at the initial access methods threat actors are using to gain entry into a network, types of incidents most commonly impacting organizations, which sectors are being more heavily targeted, and which threat groups are most prevalent.

Our Methodology

Kroll CTI monthly spotlights are based on intelligence from Kroll’s cyber incident response engagements where we are engaged to respond, manage, or mitigate a cybersecurity incident.
Kroll’s incident response work is informed by intelligence gained from the 3,000+ engagements handled per year by the Kroll Cyber Risk team.
Data is collected and processed by the Kroll Cyber Threat Intelligence team during the initial scoping intake as well as during the lifecycle of a Kroll engagement.

Key Takeaways for September 2024

Initial Access Methods

Phishing - Link (32%)
Valid Accounts - Insider (24%)
External Remote Services (21%)

Most Impacted Sectors

Professional Services (25%)
Manufacturing (20%)
Tech & Telecom (9%)

Top Ransomware Variants

AKIRA (17%)
LOCKBIT (17%)
PLAY (17%)

Top Threat Incident Types

Email Compromise (37%)
Ransomware (21%)
Unauthorized Access (17%)

Sector Analysis

Professional services is the top most impacted sector throughout September 2024.
- Email Compromise was the top threat incident type impacting the professional services sector.
- In September, threats against the professional services sector most often involved Phishing – Link as the initial access method.
Manufacturing is the second most impacted sector in September 2024.
- Email Compromise and Ransomware were the top reported threat incident types impacting the manufacturing sector.
- In September, threats against the manufacturing sector most often involved Valid Accounts – Insider and External Remote Services as the initial access methods.

Ransomware Analysis

External remote services was the most common initial access method for ransomware operators this month.
- AKIRA, APTINC, LOCKBIT, MEDUSA, and RANCOZ were observed obtaining initial access through Virtual Private Networks (VPN).
- The top sector targeted by ransomware actors in September was manufacturing.
- Consumer/industrial was the top sector for victims posted to ransomware actor controlled shaming sites and blogs.
- North America was the top region for victims posted to ransomware actor controlled shaming sites and blogs.

Connect With Us

George Glass

Associate Managing Director

Cyber and Data Resilience

London

+44 2071478785 George Glass

Laurie Iacono

Associate Managing Director

Cyber and Data Resilience

Secaucus

+1 4122092962

Keith Wojcieszek

Global Head of Threat Intelligence

Cyber and Data Resilience

Washington DC

+1 443 295 5082 Keith Wojcieszek

Stay Ahead with Kroll

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.

Cyber Threat Intelligence

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

24x7 Incident Response

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Cyber Risk Retainer

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Computer Forensics

Mobile Device Forensics

With a global mobile device forensics team and a proven track record in investigation and litigation support, Kroll enables key digital insights to be accessed quickly and securely.

Mobile Device Forensics

Kroll is headquartered in New York with offices around the world.

One World Trade Center

285 Fulton Street, 31st Floor

New York NY 10007

Global

Return to top