Kroll has launched its latest Cyber Threat Landscape report, on the rising challenge of insider threat faced by businesses.
The Q3 report found that insider threat, which Kroll’s team recorded at its highest level yet, accounted for nearly 35% of all unauthorized access threat incidents in Q3 2022. This could potentially be the result of wider external factors that may encourage insider threat, such as an increasingly fluid labor market and economic turbulence.
Other findings in the report included:
- An increase in phishing, particularly via valid accounts which could be tied to malware trends, such as a growth in the use of credential stealer, URSA
- A decrease in overall ransomware attacks but interesting activity among specific groups such as LockBit
- Increase in malware, fueled by the proliferation of credential stealing malware such as Vidar and Raccoon among others
- Increase in attacks against professional services and manufacturing firms
In Q3 2022, Kroll saw insider threat peak to its highest level yet, accounting for nearly 35% of all unauthorized access threat incidents. Kroll also observed a number of malware infections via USB this quarter, potentially pointing to wider external factors that may encourage insider threat, such as an increasingly fluid labor market and economic turbulence.
With the widespread use of info-stealer malware, it may come as no surprise that Kroll continues to see valid accounts used to gain an initial foothold into a network. This shows that, in many cases, threat actors are using legitimate credentials to access and authenticate into systems.
Other findings in the report include: an increase in phishing, particularly via valid accounts which could be tied to malware trends, such as a growth in the use of credential stealer, URSA; a decrease in overall ransomware attacks but interesting activity among specific groups such as LockBit; an increase in malware, fueled by the proliferation of credential stealing malware such as Vidar and Raccoon; and an increase in attacks against professional services and manufacturing firms.
Laurie Iacono, Associate Managing Director for Cyber Risk at Kroll, said: “The steady growth of insider threat is a worrying trend for businesses. Whether it be insiders that are malicious by intent, simply careless or compromised by cybercriminals, the potential damage – particularly with regards to intellectual property (IP) theft – can be significant.”
“Rising inflation and the number of jobs available post-pandemic has become a reason for many to move jobs. This becomes ripe ground for possible insider threat, as employees try to retain information on the projects they’ve worked on outside of corporate devices or, in other cases, they retain access rights and permissions for tools and applications they previously used as HR and IT teams struggle to keep up with the amount of staff turnover.”
“To counter insider threat, organizations should pay close attention to the access rights they give to staff and always try to maintain a ‘least-privilege’ environment. Monitoring for suspicious activity – such as a particularly large data download or unknown USB device – is another way to spot potential compromises of security. Above all, clear instructions to employees on what is and isn’t allowed, combined with fast and efficient IT and HR processes that work together in harmony, will prove the best defense against insider threat becoming a trojan horse.”
The full report can be accessed here.
Source: Kroll
