Kroll’s findings for Q2 2023 reveal a notable shift toward increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability, but by a rise in email compromise attacks. This and other key security trends are shaping a threat landscape in which diverse cyber threats are present.
While CLOP ransomware activity dominated the headlines in Q2, analysis of Kroll engagement data painted a more complex picture of the threat environment. Looking at the numbers, CLOP activity increased by 33% over Q1, with the mass exploitation event also driving up incidences of CVE/exploits for initial access. Even with the volume of cases related to this event, Kroll observed other concerning shifts within the landscape as email compromise engagements rose by 8% and phishing continued to dominate the initial access category. From an industry perspective, attacks on the financial services sector increased by 2%, while attacks on healthcare rose by 2%—a small but modest increase that propelled the sector to the top five most targeted industries for the first time in two quarters.
Our analysis of incidents in Q2 highlights several areas in which actors have evolved their tactics to bypass common security controls(such as multi-factor authentication) and continue to prey on organizations via third-parties and trusted relationships.