Cyber Threat Intelligence Reports

Tue, Feb 25, 2025

January Threat Intelligence Spotlight Report

/en/our-team/george-glassGeorge Glass

George Glass

/en/our-team/keith-wojcieszekKeith Wojcieszek

Keith Wojcieszek

Download the Report

Download the January Report

We will use this information to respond to your inquiry and process your data in accordance with our privacy policy.

Each month, our Cyber Threat Intelligence team compiles data from our engagements to determine key industry trends. We look at the initial access methods threat actors are using to gain entry into a network, types of incidents most commonly impacting organizations, which sectors are being more heavily targeted, and which threat groups are most prevalent. 

Our Methodology 

  • Kroll CTI monthly spotlights are based on intelligence from Kroll’s cyber incident response engagements where we are engaged to respond, manage, or mitigate a cybersecurity incident.
  • Kroll’s incident response work is informed by intelligence gained from the 3,000+ engagements handled per year by the Kroll Cyber Risk team. 
  • Data is collected and processed by the Kroll Cyber Threat Intelligence team during the initial scoping intake as well as during the lifecycle of a Kroll engagement. 

Sector Analysis

  • Professional, Scientific, and Technical services is the top most impacted industry throughout January 2025.
  • Insider Threat was the top threat incident type impacting the professional services sector.
  • Ransomware was the second most observed threat incident type impacting the industry.
  • Finance and Insurance is the second most impacted industry in January 2025.
  • Ransomware was the top reported threat incident type impacting the Finance and Insurance industry.
  • In January, threats against the Finance and Insurance industry most often involved Phishing – Voice and Valid Accounts as the initial access method.

Ransomware Analysis

AKIRA was the most common ransomware variant observed by Kroll in January 2025.

  • In January, Finance and Insurance was the top industry targeted by ransomware actors across Kroll engagements.
  • Ransomware actors primarily gained initial access through external remote services, such as VPN. The most frequently observed VPN was SonicWall.
  • Consumer/Industrial was the top industry for victims posted to ransomware actor-controlled shaming sites and blogs.
  • North America was the top region for victims posted to ransomware actor-controlled shaming sites and blogs.

Connect With Us

Stay Ahead with Kroll

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.

Cyber Threat Intelligence

24x7 Incident Response

Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.

24x7 Incident Response

Cyber Risk Retainer

Kroll delivers more than a typical incident response retainer—secure a true cyber risk retainer with elite digital forensics and incident response capabilities and maximum flexibility for proactive and notification services.

Cyber Risk Retainer

Computer Forensics

Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.

Computer Forensics

Mobile Device Forensics

With a global mobile device forensics team and a proven track record in investigation and litigation support, Kroll enables key digital insights to be accessed quickly and securely.

Mobile Device Forensics

Kroll is headquartered in New York with offices around the world.

One World Trade Center
285 Fulton Street, 31st Floor
New York NY 10007
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2025 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.
Return to top