Social engineering in its many forms took center stage in Q3 2023. The quarter saw “human hacking” evolve from a long-standing security challenge to threat actors’ method of choice. This was evidenced by our observations of the dramatic escalation of social engineering tactics, with significant increases in phishing, smishing, valid accounts, voice phishing and other tactics—adding up to the highest volume of incidents we have seen in 2023.
The increasing volume of social engineering attacks is matched by a broadening range of approaches, whether that is via phone and SMS as the group K2A243 (SCATTERED SPIDER) is known to abuse novel email phishing scams, or directly via Microsoft Teams using DARKGATE malware. As part of the rise in social engineering, business email compromise (BEC) continues to grow steadily in popularity, with both established and newer threat actor groups using a range of tactics to access data and, in some cases, ransom the information.
In our analysis of all types of cases handled by Kroll, the professional services sector continued to rank first in Q3, with a high concentration of this activity related to legal firms. We also observed nominal rises in the targeting of the construction and manufacturing industries compared with the previous quarter.
Our observations of malware for the quarter highlight some notable trends, including the fact that while the infamous QAKBOT malware has been disrupted, certain indicators suggest that its operators remain active.