The article below was extracted from The Monitor newsletter, a monthly digest of Kroll’s global cyber risk case intake. The Monitor also includes an analysis of the month’s most popular threat types investigated by our cyber experts. Subscription is available below: Kroll has investigated many different tactics that threat actors use to steal consumer data on e-commerce sites.

Having conducted more than 3,200 incident response engagements in 2021, Kroll’s Threat Intelligence team now tracks more than 200 ransomware threat actor groups. Kroll’s global Incident Response teams are very familiar with actions traditionally associated with a network intrusion, from initial access to lateral movement to privilege escalation to data exfiltration—and in the case of financially motivated actors, ransomware deployment.

The invasion of Ukraine has caused enormous human tragedy with millions displaced and many more in desperate need of basic supplies and transport. Donation websites quickly appeared to make supporting Ukraine easy—so quick, in fact, that it was reminiscent of the 2019 Notre Dame de Paris fire and the immediate groundswell of enthusiasm that followed for rebuilding the iconic church.

The Kroll Artifact Parser and Extractor (KAPE) utilizes Targets and Modules to collect and parse digital evidence. Its Compound Targets and Compound Modules call upon other Targets and Modules in order to collect and parse the most important data as efficiently as possible. One of KAPE’s most widely used Compound Targets for incident response (IR) is KapeTriage.