In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.

Does the saying "compliance does not equal security" paint a holistic picture? Sure, the concept is genuine; meeting a single compliance standard will not directly improve security posture. However, after working with hundreds of organizations, we have learned there are key considerations that can help maximize the value and urgency of compliance requirements by channeling such efforts into more practical risk assessments.

Late December 2021: A company coming off a record year for revenue growth was preparing to ramp down for a week to celebrate the December holidays. However, unbeknownst to the company, just a few days prior, one of its longest-serving employees had been recruited by a ransomware group. The employee had responded to a posting on a computer hacking forum asking for access to corporate networks in return for cash payouts.

Third-party risk management (TPRM) has grown in prominence as organizations increase their reliance on external parties, from cloud providers to credit card processors. As more enterprises invest in this critical business function, certain best practices are becoming key to a successful TPRM program.

PYSA is the most recent ransomware variant known distributed by the Mespinoza Ransomware as a Service (RaaS) gang, which has been infecting victims since 2019. Kroll has consistently observed PYSA in our incident response engagements since 2020 and has noted an increase in frequency of this variant since the second quarter of 2021. Our analysis shows PYSA is opportunistic and not restricted to one sector or geographical area.

A critical vulnerability has been recently discovered in the Apache Log4j Java logging library (CVE-2021-44228), a library used in many client and server applications. The Log4j library is commonly included in Java based software including multiple Apache frameworks such as Struts2, Solr, Druid and Fink. The library provides enhanced logging functionality for Java applications and is commonly used in business system development.