Cyber risk has never been completely independent of world politics and international affairs, but in recent weeks, there has been a significant shift in alignment. The domain of physical war has closer ties to the digital sphere than ever before. As part of efforts to manage elevated cyber risk, it is vital to understand the short-term impact and longer-term risk of current events, and where focus should be placed to achieve the best defense.

Having conducted more than 3,200 incident response engagements in 2021, Kroll’s Threat Intelligence team now tracks more than 200 ransomware threat actor groups. Kroll’s global Incident Response teams are very familiar with actions traditionally associated with a network intrusion, from initial access to lateral movement to privilege escalation to data exfiltration—and in the case of financially motivated actors, ransomware deployment.

The invasion of Ukraine has caused enormous human tragedy with millions displaced and many more in desperate need of basic supplies and transport. Donation websites quickly appeared to make supporting Ukraine easy—so quick, in fact, that it was reminiscent of the 2019 Notre Dame de Paris fire and the immediate groundswell of enthusiasm that followed for rebuilding the iconic church.

The Kroll Artifact Parser and Extractor (KAPE) utilizes Targets and Modules to collect and parse digital evidence. Its Compound Targets and Compound Modules call upon other Targets and Modules in order to collect and parse the most important data as efficiently as possible. One of KAPE’s most widely used Compound Targets for incident response (IR) is KapeTriage.

In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. With 2021 being a record year for vulnerabilities, this finding may not be surprising, but it underscores the risk to organizations in the wake of high-profile vulnerability notifications - and the speed with which cybercriminals are able to exploit weaknesses in companies’ defenses.

Does the saying "compliance does not equal security" paint a holistic picture? Sure, the concept is genuine; meeting a single compliance standard will not directly improve security posture. However, after working with hundreds of organizations, we have learned there are key considerations that can help maximize the value and urgency of compliance requirements by channeling such efforts into more practical risk assessments.