New York, NY, USA
Jun 24, 2022   |  By Kroll
Like their larger counterparts, small- and medium-sized businesses (SMBs) are moving swiftly to migrate IT workloads to the cloud, hoping to slash operating costs, eliminate technical debt, and accelerate digital transformation projects. However, cloud migration security risks are often poorly understood at the outset or overlooked entirely.
Jun 21, 2022   |  By Kroll
While studying for my master's degree in cyber security, I co-authored a paper regarding the rollout of IoT devices and the security considerations that businesses need to address to ensure these devices are secure. The paper underscored how a large majority of IoT devices used vulnerable components and did not follow basic secure programming principles.
Jun 15, 2022   |  By Kroll
Earlier this month, the United Nations (U.N.) released its latest Global Assessment Report on Disaster Risk Reduction (GAR2022). For those of us who assess risk for a living, it is a sobering read.
Jun 6, 2022   |  By Kroll
Kroll has recently observed a new malware strain called “Bumblebee” operating as a loader, delivered via phishing email, in order to deploy additional payloads for use in ransomware operations. The malware takes its name from the unique user-agent (since changed), which it used to connect to command and control (C2) servers. It was first reported by Google's Threat Analysis Group (TAG) in March 2022, with the first sample submitted to VirusTotal on March 1.
Jun 2, 2022   |  By Kroll
Kroll’s incident responders have seen threat actor groups becoming increasingly sophisticated and elusive in the tactics, techniques and procedures they employ to steal payment card data. One common method is to “scrape” the Track 1 or Track 2 data stored on the card’s magnetic stripe, which provides the cardholder account and personal information criminals need to make fraudulent “card-not-present” (CNP) transactions.
May 27, 2022   |  By Kroll
Kroll has been tracking Emotet since it was first identified in 2014, especially during its transition from a banking Trojan designed to primarily steal credentials and sensitive information to a multi-threat polymorphic downloader for more destructive malware. Today, Emotet operators stand as one of the most prominent initial access brokers, providing cybercriminals with access to organizations for a fee.
May 23, 2022   |  By Kroll
Multi-factor authentication (MFA) exploits and countermeasure tooling are evolving in real time and at a rapid pace. Some threat actors aim to bypass this security feature for financial gain, while other groups seek to control the flow of information.
May 18, 2022   |  By Kroll
In Q1 2022, Kroll observed a 54% increase in phishing attacks being used for initial access in comparison with Q4 2021. Email compromise and ransomware were the two most common threat incident types, highlighting the integral part played by end users in the intrusion lifecycle.
May 11, 2022   |  By Kroll
Across the thousands of cyber incidents that Kroll’s global team investigates every year, our experts are constantly on the hunt to spot established patterns of threat actor activity—and to discover new ones. In observing attack patterns, our experts discovered that threat actors like repeatability. Certain actors can be predictable not only in how they attack, but also in the tools and tactics they use once they have access.
Apr 7, 2022   |  By Keith Wojcieszek
Cyber risk has never been completely independent of world politics and international affairs, but in recent weeks, there has been a significant shift in alignment. The domain of physical war has closer ties to the digital sphere than ever before. As part of efforts to manage elevated cyber risk, it is vital to understand the short-term impact and longer-term risk of current events, and where focus should be placed to achieve the best defense.
Jun 21, 2022   |  By Kroll
Carlos García and Jeff Macko, two leading security experts from Kroll, provide a unique perspective on hacking and how to address it in this insightful webinar, I Get Paid to Hack Your Company and These Are the Controls I Hate the Most! The session outlines the most effective security controls to prevent and mitigate common types of cyberattacks and emphasizes potential quick wins that can be achieved without the need for significant investment, and how to harness the technology already used by most organizations.
May 25, 2022   |  By Kroll
Watch the Q1 2022 Threat Landscape Virtual Briefing to hear from Kroll’s cyber threat intelligence leaders as they explore key insights and trends from from 100s of incident response cases handled by Kroll worldwide.
Apr 20, 2022   |  By Kroll
Introducing Kroll Business Connect for compliance professionals, a centralized, cloud-based platform designed to streamline know your customer (KYC) onboarding workflow – including file sharing, communications and tasks – in real-time with all stakeholders using one single platform. Compliance teams in any industry can tailor our proprietary platform to their specific needs. Business Connect easily integrates with any compliance software or CRM system.
Feb 23, 2022   |  By Kroll
Watch the Q4 2021 Threat Landscape Virtual Briefing to hear from Kroll’s cyber threat intelligence leaders as they explore key insights and trends from over 3,200 cyber incidents handled worldwide in 2021.
Feb 22, 2022   |  By Kroll
Hear insights from Rafael Lopez, Associate Managing Director and Head of Kroll’s LATAM Security Risk Management practice, as he shares 2022 security trends for Latin America. Rafael discusses the effect omicron, a COVID-19 variant, will have on logistics companies, supply chain security, organized crime, business travel and social unrest in Latin America.
Jan 27, 2022   |  By Kroll
As part of our 2-Minute Security Talks series, Nick Doyle, Managing Director and Head of Kroll's EMEA Security Risk Management practice, discusses security trends for 2022, including COVID-19's continued influence across the EMEA region, making the world less stable, thus less predictable. Nick also addresses how companies should be prepared for an increase in theft and fraud due to mounting financial pressures from the high cost of living and gas prices.
Jan 24, 2022   |  By Kroll
Kroll’s solutions enable faster, smarter and more sustainable decisions so you can stay ahead of your complex risk, governance and growth demands.
Dec 13, 2021   |  By Kroll
Kroll's Restructuring Advisory experts Jimmy Saunders and Paul Oliver share insights on the current supply chain issues businesses are facing and what businesses can do to minimize the impact of this disruption.
Nov 25, 2021   |  By Kroll
Nick Doyle talks about the security challenges that can impact law firms and advisory organizations that are providing professional services to companies going through insolvency, restructuring and bankruptcy, and how Kroll can help organizations and stakeholders manage the potential risks.
Nov 19, 2021   |  By Kroll
While threat actors continue to vary attack methods, these 10 essential cyber security controls can significantly improve your security posture, therefore making it harder for cybercriminals to compromise your network and increasing your opportunities for cyber insurance coverage. Validated by our seasoned cyber security experts based on frontline expertise and with a thorough review of the expanded questionnaires now requested by most cyber insurance carriers, this session presents key takeaways for each of the controls and their real-life effectiveness.
Apr 5, 2021   |  By Kroll
As per data published by the Office of the Australian Information Commissioner, the healthcare industry in Australia accounted for 22% of notifiable data breaches between January to June 2020, which was more than any other industry. Cybercriminals continue to target this industry due to the vast amounts of highly sensitive personal information (such as Medicare numbers, credit card information and medical insurance numbers) that is stored by healthcare providers.

Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world.

Kroll experts provide rapid response to more than 2,000 cyber incidents of all types annually. We help countless more clients with eDiscovery and litigation support (including expert witness services); managed detection and response services for both active threats and as an integral part of network security; notification solutions, including multilingual call center support; and proactive services, including general and threat-focused risk assessments, response planning, tabletop exercises and more.

Our experts are able to deliver best-in-class endpoint security through our managed detection and response solution, Kroll Responder. Responder handles every step, with 24x7 managed detection and response services fueled by threat hunting and superior incident response.