Kroll saw insider threat peak to its highest level yet, with an almost 50% rise in volume compared with the second quarter of the year. Insider threat makes up part of the unauthorized access category, which saw an increase in popularity as a threat incident type from 24% in Q2 to 35% in Q3. Kroll also observed a number of malware infections via USBs in Q3, suggesting that wider external factors may encourageinsider threat, such as an increasingly fluid labor market and widespread economic turbulence.

Other findings in the report include:

1. An increase in the use of valid accounts, including through account take-overs, as a means to launch attacks

2. A growth in the use of information-stealing malware, such as URSA, which specifically targets credentials for banking portals

3. An increase in the targeting of small- to medium-sized ecommerce websites via web compromises aimed at stealing credit card information

4. A decrease in the ratio of ransomware attacks, following the demise of the Conti threat actor group, but a pick-up in activity by groups such as LockBit, BlackBasta and Hive

5. A rise in effective attacks against professional services, manufacturing firms and the education sector

Join us for this informative briefing covering the latest Kroll threat intelligence, outlining what our incident response teams across the globe have observed, developing trends in threat actor behavior and emerging threats cyber defenders need to be aware of.