George Glass
Associate Managing Director
Cyber Risk
London
Download the July Report
Each month, our Cyber Threat Intelligence team compiles data from our engagements to determine key industry trends. We look at the initial access methods threat actors are using to gain entry into a network, types of incidents most commonly impacting organizations, which sectors are being more heavily targeted, and which threat groups are most prevalent.
Our Methodology
- Kroll CTI monthly spotlights are based on intelligence from Kroll’s cyber incident response engagements where we are engaged to respond, manage, or mitigate a cybersecurity incident.
- Kroll’s incident response work is informed by intelligence gained from the 3,000+ engagements handled per year by the Kroll Cyber Risk team.
- Data is collected and processed by the Kroll Cyber Threat Intelligence team during the initial scoping intake as well as during the lifecycle of a Kroll engagement.
Key Takeaways for July 2024
Top Initial Access Methods
- Valid accounts – Insider (32%)
- Phishing – Link (32%)
- Valid accounts – externally exposed (9%)
Most Impacted Sectors
- Professional Services (24%)
- Financial Services (15%)
- Construction (8%)
Top Ransomware Variants
- AKIRA (33%)
- FAUST (11%)
- HUNTERSINTERNATIONAL (11%)
Most Common Threat Incident Types
- Email Compromise (48%)
- Insider Threat (15%)
- Ransomware (14%)
Sector Analysis
- Professional services is the top most impacted sector throughout July 2024.
- Email Compromise was the top threat incident type impacting the professional services sector.
- In July, threats against the professional services sector most often involved Valid Accounts – Insider as the initial access method.
- Financial services is the second most impacted sector in July 2024.
- Email Compromise was the top reported threat incident type impacting the financial services sector.
- In July, threats against the financial services sector most often involved Phishing – Link as the initial access method.
Ransomware Analysis
- External remote services was the most common initial access method for ransomware operators this month.
- AKIRA was observed obtaining initial access through Virtual Private Networks (VPN).
- The top sectors targeted by ransomware actors in July were professional services and construction.
- Professional services and manufacturing were the top sectors for victims posted to ransomware actor controlled shaming sites and blogs.
- North America was the top region for victims posted to ransomware actor controlled shaming sites and blogs.
Cyber Threat Intelligence
Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.
24x7 Incident Response
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Cyber Risk Retainer
Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.
Computer Forensics
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Mobile Device Forensics
With a global mobile device forensics team and a proven track record in investigation and litigation support, Kroll enables key digital insights to be accessed quickly and securely.
Kroll is headquartered in New York with offices around the world.
55 East 52nd Street 17 Fl
New York NY 10055
Sign up to receive periodic news, reports, and invitations from Kroll.
Our privacy policy describes how your data will be processed.
© 2024 Kroll, LLC. All rights reserved.
Kroll is not affiliated with Kroll Bond Rating Agency,
Kroll OnTrack Inc. or their affiliated businesses. Read more.