New York, NY, USA
Aug 23, 2023   |  By George Glass
Kroll’s findings for Q2 2023 reveal a notable shift toward increased supply chain risk, driven not only by the CLOP ransomware gang’s exploitation of the MOVEit transfer vulnerability, but by a rise in email compromise attacks. This and other key security trends are shaping a threat landscape in which diverse cyber threats are present.
Aug 21, 2023   |  By George Glass
Kroll’s Cyber Threat Intelligence (CTI) team has been tracking an uptick in phishing campaigns utilizing open redirects. Open redirects are vulnerabilities commonly found on websites that allow for the manipulation of legitimate URLs, which actors can leverage to redirect users to arbitrary external URLs. They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization.
Aug 16, 2023   |  By Kroll
KuppingerCole has named Kroll as an Overall Leader in its latest analysis of the Managed Detection & Response services market. The KuppingerCole Leadership Compass provides an overview of the market for managed detection and response (MDR) services that manage a collection of cybersecurity technologies to provide advanced cyber threat detection and response capabilities, including Security Operations Center as a Service (SOCaaS) offerings.
Jul 24, 2023   |  By Devon Ackerman
Kroll has identified two different file exfiltration methodologies leveraged by threat actors, primarily CLOP, during recent engagements involving the exploitation of the MOVEit vulnerability (CVE-2023-34362) throughout May and June 2023. In the vast majority of Kroll’s global MOVEit investigations, the primary data exfiltration method consisted of utilizing the dropped web shell to inject a session or create a malicious account (named Method 1 for this piece).
Jul 11, 2023   |  By George Glass
Ghostscript, an open-source interpreter for the PostScript language and PDF files, recently disclosed a vulnerability prior to the 10.01.2 version. This vulnerability CVE-2023-36664 was assigned a CVSS score of 9.8 that could allow for code execution caused by Ghostscript mishandling permission validation for pipe devices (with the %pipe% or the | pipe character prefix). Debian released a security advisory mentioning possible execution of arbitrary commands.
Jun 23, 2023   |  By Keith Wojcieszek
Kroll has analyzed incidents throughout Q1 2023 where drive-by compromise was the initial infection vector for GOOTLOADER malware. It is likely that the threat actors are utilizing SEO to drive individuals to either their own malicious website or to infected WordPress sites. These sites are then used to host documents that would be attractive to employees within the legal and professional services sectors.
Jun 8, 2023   |  By Scott Downie
NOTE: The MOVEit Transfer vulnerability remains under active exploitation, and Kroll experts are investigating. Expect frequent updates to the Kroll Cyber Risk blog as our team uncovers more details. On June 5, 2023, the Clop ransomware group publicly claimed responsibility for exploitation of a zero-day vulnerability in the MOVEit Transfer secure file transfer web application (CVE-2023-34362).
Jun 7, 2023   |  By Scott Downie
On May 31, 2023, Kroll received multiple reports that a zero-day vulnerability in MOVEit Transfer was being actively exploited to gain access to MOVEit servers. Kroll has observed threat actors using this vulnerability to upload a web shell, exfiltrate data and initiate intrusion lifecycles. This vulnerability may also enable a threat actor to move laterally to other areas of the network.
May 17, 2023   |  By Laurie Iacono
Kroll’s findings for Q1 2023 highlight fragmented threat actor groups and a continued evolution in attack methods and approaches, which, alongside other key shifts in behavior, have concerning implications for organizations in many sectors. In Q1 2023, Kroll observed a 57% increase in the overall targeting of the professional services sector from the end of 2022.
May 10, 2023   |  By Laurie Iacono
Kroll Cyber Threat Intelligence analysts have identified a new strain of ransomware, named CACTUS, targeting large commercial entities since March 2023. The name “CACTUS” is derived from the filename provided within the ransom note, cAcTuS.readme.txt, and the self-declared name within the ransom note itself. Encrypted files are appended with.cts1, although Kroll notes the number at the end of the extension has been observed to vary across incidents and victims.
Sep 13, 2023   |  By Kroll
Watch Kroll’s cyber threat intelligence leaders highlight key trends observed in Q2 2023 and outline the critical issues that organizations should be aware of, including a significant rise in ransomware activity fueled by the MOVEit vulnerability and new methods of email compromise attacks.
Aug 6, 2023   |  By Kroll
Threat intelligence can provide a rich insight into threat actor activity but often lacks the timelines and context that comes from the learning of real-life incident investigations. Security leaders need to know how to leverage this frontline intelligence to not only understand if they are likely to be in a similar situation but also to know how they could take immediate action on their defenses.
Jul 10, 2023   |  By Kroll
Kroll Cyber Threat Intelligence expert, Dave Truman, walks through a proof of concept for the recent Ghostscript vulnerability, CVE-2023-36664, that could allow for remote code execution.
Jun 28, 2023   |  By Kroll
In Q1 2023, Kroll Cyber Threat Intelligence analysts noticed an uptick in GOOTLOADER malware infections leading to large-scale exfiltration of sensitive data, and even extortion. In this video, Threat Intelligence expert, Ryan Hicks, walks through a GOOTLOADER malware case study and provides recommendations for how to prevent such an attack.
May 22, 2023   |  By Kroll
Watch the Q1 2023 Threat Landscape Virtual Briefing to hear from Kroll’s cyber threat intelligence leaders as they explore key insights gained through cyber incidents handled worldwide in the first quarter of 2023.
Apr 13, 2023   |  By Kroll
In this webcast, Kroll Managing Directors Matthew Dumpert, Daniel Linskey and Sherine Ebadi and Crisp Vice President Jon Best shared their unique perspectives on active assailant incidents as former law enforcement and government leaders and discuss how organizations can prioritize workplace safety by focusing on, detecting and mitigating potential threats before they manifest in tragic violence.
Feb 21, 2023   |  By Kroll
In this video, Matthew Dumpert, Managing Director and Head of Kroll’s North America Security Risk Management practice, discusses current security trends in North America and what organizations should expect this year in terms of risk, safety and security. He also explains why it’s more important than ever that companies review their business continuity and threat management plans to ensure they are equipped for the expected increase in workplace violence, theft and safety issues.
Dec 8, 2022   |  By Kroll
As part of our 2-Minute Security Talks series, Bob Thompson, Associate Managing Director in Kroll’s Security Risk Management practice for EMEA and APAC, addresses the threats to critical national infrastructure that are emerging from global geopolitical instability. Bob also discusses how Kroll can support organizations with threat monitoring, security reviews, risk assessments, cyber resilience assessments and crisis preparedness, and reviews the seven key points of Kroll’s risk assessment process that can help companies mitigate threats.
Nov 23, 2022   |  By Kroll
All organizations should have access to the skills needed to detect and contain threats. But typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a 24x7 Security Operations Center.
Apr 5, 2021   |  By Kroll
As per data published by the Office of the Australian Information Commissioner, the healthcare industry in Australia accounted for 22% of notifiable data breaches between January to June 2020, which was more than any other industry. Cybercriminals continue to target this industry due to the vast amounts of highly sensitive personal information (such as Medicare numbers, credit card information and medical insurance numbers) that is stored by healthcare providers.

Kroll is the world’s premier provider of services and digital products related to governance, risk and transparency. We work with clients across diverse sectors in the areas of valuation, expert services, investigations, cyber security, corporate finance, restructuring, legal and business solutions, data analytics and regulatory compliance. Our firm has nearly 5,000 professionals in 30 countries and territories around the world.

Kroll experts provide rapid response to more than 2,000 cyber incidents of all types annually. We help countless more clients with eDiscovery and litigation support (including expert witness services); managed detection and response services for both active threats and as an integral part of network security; notification solutions, including multilingual call center support; and proactive services, including general and threat-focused risk assessments, response planning, tabletop exercises and more.

Our experts are able to deliver best-in-class endpoint security through our managed detection and response solution, Kroll Responder. Responder handles every step, with 24x7 managed detection and response services fueled by threat hunting and superior incident response.