In the first quarter of 2022, employees found themselves more than ever at the frontline of cyber defense, according to a new report from Kroll.
In part, this was down to a 54% increase in phishing attacks being responsible for initial attacker access, beating out vulnerability exploitation and third-party vulnerabilities among others. It was also due to an increase in email compromise being used for extortion.
Kroll Threat Landscape report showed that in one real-world case, a phishing email was sent to an IT department, clicked by an end-user, who then entered their log-in credentials. With the threat actor now having access to global admin credentials, they were able to gain access to the system, take over multiple email accounts belonging to IT staff and C-level employees and download sensitive data. A ransom note was left, demanding payment to end the attack and employees were targeted via text message, email and even social media to pressure victims into meeting their demands. Notably, no ransomware or encryption was used in the attack.
"As Australia joins forces with governments around the world to warn of cyber threats to critical infrastructure, we should remember how many of these large scale attacks start on a much smaller scale," says Alex Nixon, senior vice president, cyber risk, Kroll.
"Often beginning as phishing attacks or email compromise, attackers will elevate their privileges once an initial foothold is gained inside an organisation.
"This global threat report demonstrates what we are seeing here in Australia is not unique, but demonstrative of worldwide cybercrime trends," says Nixon.
"The Office of the Australian Information Commissioners latest Notifiable Data Breaches Report cited that phishing attacks resulting in compromised credentials were responsible for 32% of data breaches in Australia in the second half of 2021.
"This tallies with our Threat Landscape report, showing an increase in the number of phishing attacks as an initial access method, and reminds us that security must be built into the fabric of an organisation it truly is everyone's business."
Laurie Iacono, associate managing director for cyber risk at Kroll, adds, "Employees are undoubtedly an important line of defense for any company.
"Security training programs need to enhance cyber awareness among employees and firms should encourage a culture where raising concerns and reporting suspicious issues is a positive thing," Iacono says.
"Our latest Kroll Threat Landscape Report underlines this more than ever, as in the last quarter employees faced not only phishing attacks but email compromises which lead to extortion or the introduction of malware."
The Kroll Threat Landscape report showed the continued use of relatively recently exposed vulnerabilities. While 2021 will be remembered as the year of the vulnerability, 2022, particularly the first quarter, will go down as the year that threat actor groups such as ransomware gangs harnessed those vulnerabilities to launch more destructive attacks.
For instance, while most activity around Log4j exploitation in Q4 2021 revolved around cryptominers, threat actors from multiple ransomware gangs leveraged the vulnerability to set the stage for network encryption in Q1 2022.