Conference

March 3 - 23, 2026

Never publish test

The third quarter of 2023 saw cybersecurity threats continue to increase in sophistication. Kroll’s findings for Q3 revealed that social engineering attacks peaked at their highest level yet, with almost twice as many incidents compared to what we observed in Q2 of this year.

In this briefing, Kroll’s cyber threat intelligence leaders Keith Wojcieszek, Laurie Iacono and George Glass will explore key insights and trends from hundreds of cyber incidents handled worldwide each year. They will also outline critical issues organizations should be aware of, including the sectors hit the hardest and active ransomware groups such as LOCKBIT and BLACKCAT.

The Briefing Covers:

Key themes and patterns in the changing threat landscape and how these could impact organizations
Critical shifts in attacker behavior in the past quarter, including popular incident types and initial access methods
The most active types of ransomware groups and the industries most targeted
The continued reinvention and evolution of threat actor groups and attack methods

Key Sections From the Webinar

BEC Attacks Continue to Surge Across Sectors

“In Q3, we did see an uptick in incidents impacting the manufacturing and construction sector largely led by business email compromise (BEC) or email compromise attacks. One of the reasons for this uptick in BEC attacks has to do with the reliance on third parties and suppliers.” – Laurie Iacono

Kroll continues to see the professional services sector rank first across cases — in particular legal firms — fueled by a rise in BEC across all sectors and specific campaigns targeting the legal industry, such as the BLACKCAT ransomware gang. We also observed nominal rises in the targeting of the manufacturing (2%) and construction sectors (1.5%) from the previous quarter. In Kroll’s observation, both sectors most frequently experienced BEC in the third quarter. For manufacturing, ransomware was the second most likely threat type to be observed, while insider threat was the second most likely threat type for construction. Learn why:

Social Engineering Yields Initial Access

“From using QR codes in emails to sharing links via Microsoft Teams, threat actors are evolving their methodology to manipulate humans to click on the bait. This is not phishing through email; it's phishing through an instant messaging platform.” – Laurie Iacono

Kroll saw social engineering tactics increase dramatically in the third quarter, with significant increases in phishing (8%), valid accounts (9%) and voice phishing (“vishing”), as well as other tactics (3%). This rise in social engineering activity aligns with multiple open-source reports warning about these types of attacks via Microsoft Teams and the rise of activity by the group KTA243 (SCATTERED SPIDER), which uses phone- and SMS-based social engineering tactics to lure users into exposing their credentials. See how this is accomplished via the Kroll intrusion lifecycle:

How Social Engineering Led to Data Exfiltration

The increasing volume of social engineering attacks is matched by a broadening range of approaches, whether that is via phone and SMS (as the group K2A243 (SCATTERED SPIDER) is known to abuse novel email phishing scams), or directly via Microsoft Teams. In this section, Kroll experts analyze how they have impacted organizations across sectors. Learn more:

Kroll Top 10 Malware Strains

Kroll actively tracks malware command and control infrastructure, submissions to public sandboxes and active incident response (IR) and managed detection and response (MDR) case data to generate lists of the most active malware strains for comparison.

A marked difference from the findings shared in the Q2 Threat Landscape Report is the absence of QAKBOT in the top ten malware list. Since the QAKBOT disruption, Kroll has observed a rise in relatively unseen malware strains, such as DARKGATE and PIKABOT, while other open-source stealer malware trends remain consistent. This indicates that QAKBOT operators are looking for a new initial access malware to deploy. Learn more:

Minimizing Impact

Organizations are not only at risk from evolving threats. but also from their own perception of their readiness to address those threats.

With social engineering on the rise in Q3, it is critical that businesses take proactive steps to ensure that they have adequate defenses in place. As this type of threat continues to diversify, organizations need to be vigilant about identifying and addressing all potential areas of attack. This starts with applying a number of key security controls to improve overall security posture. Learn what your businesses should consider: