Kroll analysts have identified new tactics used by threat actors associated with the AvosLocker ransomware. Critical vulnerabilities have been exploited within Veeam Backup and Replication, which may be an attempt to hide activity from detection technologies. The proxy tool “Chisel” has been identified, which can encrypt traffic through a victim’s firewall and could be used as a further evasion technique.

As organizations continue to move their business operations into the cloud, the expanded attack surface generated by the “digital transformation” continues to present new opportunities for threat actors. Luckily, strategies to mitigate these new risks do exist and, as always, these center around the techniques and tactics of the adversaries.

In Q3 2022, Kroll saw insider threat peak to its highest quarterly level to date, accounting for nearly 35% of all unauthorized access threat incidents. Kroll also observed a number of malware infections via USB this quarter, potentially pointing to wider external factors that may encourage insider threat, such as an increasingly fluid labor market and economic turbulence.

As the number of high-profile cyberattacks and data breaches has increased in recent years, more companies have made investments to better secure their systems and develop incident response plans. While these are essential concerns, a firm’s obligations don’t simply end when a threat is removed from the network and they are able to resume normal operations. They must also notify those whose data may have been impacted by the breach.

The increase in successful cyberattacks driven by both an explosion of ransomware activity and a series of high profile zero-day vulnerabilities, is forcing cyber insurers to further scrutinize the companies they insure and the policies they offer.