In Q2 and Q3 of this year, Kroll observed an increase in large-scale AiTM phishing and BEC attacks targeting organizations within the professional services, banking and financial industries. In 90% of Kroll's recent BEC investigations, MFA was in place at the time of unauthorized access, but attackers can obtain authentication tokens and/or session cookies to easily evade defenses.

The new rules from the U.S. Securities and Exchange Commission (SEC) on reporting mark a significant shift in the requirements for disclosing cyber breaches, leaving many businesses wondering how their cybersecurity practices will be impacted in the long run. These new rules create significant new disclosure obligations for public companies, requiring timely and detailed disclosures of material cybersecurity incidents and periodic disclosures about cybersecurity risk management and governance.

An effective detection and response capability is essential for monitoring key assets, containing threats early and eradicating them. However, due to the current disparate nature of potential attack vectors within an organization, affording the wide range of sensors necessary can be a challenge as well as the worry of the disruption of critical services. Yet, without robust detection and response processes, businesses are left vulnerable.

Kroll has observed an uptick in cases of DARKGATE malware being delivered through Microsoft Teams messages. These campaigns have mainly targeted organizations in the transportation and hospitality sectors. This activity has also been reported throughout open-source reporting, sharing a number of key indicators with Kroll observations, such as common filenames, adversary infrastructure and similar domain name conventions to host the initial download.

Kroll’s findings for Q2 2023 reveal a notable shift toward increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability, but by a rise in email compromise attacks. This and other key security trends are shaping a threat landscape in which diverse cyber threats are present.

Kroll’s Cyber Threat Intelligence (CTI) team has been tracking an uptick in phishing campaigns utilizing open redirects. Open redirects are vulnerabilities commonly found on websites that allow for the manipulation of legitimate URLs, which actors can leverage to redirect users to arbitrary external URLs. They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization.

KuppingerCole has named Kroll as an Overall Leader in its latest analysis of the Managed Detection & Response services market. The KuppingerCole Leadership Compass provides an overview of the market for managed detection and response (MDR) services that manage a collection of cybersecurity technologies to provide advanced cyber threat detection and response capabilities, including Security Operations Center as a Service (SOCaaS) offerings.