Kroll’s dedicated cyber risk practice has released its latest Q1 2023 Threat Landscape Report, which shows that one-off, lesser-known ransomware attacks have increased by 56%.

Q1 of 2023 saw ransomware "swarm", the data suggests. While well-known ransomware-as-a-service operations such as LOCKBIT continued to dominate the ransomware landscape, there was a 56% increase in one-off, lesser-known and independent threat actors targeting organisations with ransomware.

The main target for these threat actors was the professional services sector, in particular, legal firms, with a 57% increase in the overall targeting of the professional services sector from the end of 2022.

Laurie Iacono, associate managing director for cyber risk at Kroll, said: “The rising number of 'one-off' ransomware variants means that time-poor security teams need to defend against a swarm of smaller groups on top of the major RaaS players. This increase is likely in part due to several RaaS groups being dismantled in the last year and the ease of entry for smaller threat actors to conduct encryption.

“In our observation, phishing continues to be the main point of entry for hackers so making sure that employees are trained in cyber security best practices and having powerful endpoint protection in place is a key first step in helping to prevent attacks. Detecting exfiltration of data and responding quickly can make the difference between a superficial data loss and a catastrophic one. It also serves as one of the last detection opportunities before a large-scale threat like ransomware which may encrypt systems and render critical services unavailable.

“Network monitoring can be used to detect large amounts of data leaving the corporate network, but there are many way threat actors can avoid detection from network monitoring tools. This means that businesses must carefully analyze behaviors within the network. Remaining vigilant with the right technology and trusted security partners is a vital defense against the swarm.”

Key report findings (Source: Kroll Q1 Threat Landscape Report)

• Ransomware accounted for 30% of Q1 cases and email compromise accounted for 26% of cases

• This rise in unique variants included new variants such as CACTUS, DARKSKY and NOKOYAWA and others familiar, but not observed in several quarters, such as XORIST and RANSRECOVERY

• Phishing continues to lead the pack when it comes to initial access across all cases.

• An ongoing SEO poisoning campaign by the actors behind GOOTLOADER malware, targeting legal professionals searching for standard contracts and templates.

• Several instances of clients downloading malicious OneNote attachments as part of an ongoing QAKBOT campaign.

Share Story: