KROLL年6月威胁情报（TI）焦点趋势报告（英）

Threat Intelligence (TI) Spotlight Trends ReportJune 2025Methodology2▪ Kroll TI monthly spotlights are based on intelligence from Kroll’s cyber incident response engagements where we are engaged to respond, manage, or mitigate a cybersecurity incident. Kroll’s incident response work is informed by intelligence gained from the thousands of engagements handled per year by the Kroll Cyber Data & Resilience team. ▪ Data is collected and processed by the Kroll Cyber Threat Intelligence team during the initial scoping intake as well as during the lifecycle of a Kroll engagement. ▪ Kroll currently reports on data on a monthly and quarterly basis through the monthly spotlights and Quarterly Threat Landscape reports. TLP: CLEARTLP: CLEARKey Takeaways Initial Access Methods*•Phishing: Link (26%)•Phishing: Non-Technical (22%)•Phishing: Attachment (17%)•Valid Accounts (17%)Most Impacted IndustriesTop Ransomware Variants•QILIN (40%)•AKIRA (20%)•PLAY (20%)•MEDUSALOCKER (20%)Top Threat Incident Types• Email Compromise (35%)• Insider Threat (26%)• Ransomware (12%)• Unauthorized Access (11%)• Malware (4%)• Professional, Scientific, and Technical Services (18%)• Finance and Insurance (14%)• Health Care and Social Assistance (12%)• Manufacturing (12%)• Information (11%)TLP: CLEARTLP: CLEARJune 2025*Does not include engagements in which Insider Threat was the threat typeIndustry AnalysisJune 2025PROFESSIONAL, SCIENTIFIC, AND TECHNICAL SERVICES WAS THE MOST IMPACTED INDUSTRY IN JUNE 2025▪ Email Compromise was the top reported threat incident type impacting the professional, scientific, and technical services industry.▪ In June, threats against the professional, scientific, and technical services industry most often involved Valid Accounts as the initial access method. FINANCE AND INSURANCE WAS THE 2nd MOST IMPACTED INDUSTRY IN JUNE 2025▪ Email Compromise was the top reported threat incident type impacting the finance and insurance industry. ▪ In June, threats against the finance and insurance industry most often involved Valid Accounts as the initial access method.TLP: CLEARTLP: CLEARJune 2025Incidents by IndustryTLP: CLEARTLP: CLEARRetail Trade 2%Administrative and Support and Waste Management and Remediation Services5%Wholesale Trade7%Information11%Manufacturing12%Health Care and Social Assistance 12%Finance and Insurance14%Professional, Scientific, and Technical Services 18%Finance and InsuranceMost Impacted IndustriesPrevious 6 MonthsProfessional, Scientific, and Technical ServicesInformationHealthcare and Social AssistanceManufacturingRetail TradeTLP: CLEARTLP: CLEAR7%3%3%4%1%2%Jan-25Feb-25Mar-25Apr-25May-25Jun-2510%21%10%16%10%12%Jan-25Feb-25Mar-25Apr-25May-25Jun-2510%9%5%4%10%11%Jan-25Feb-25Mar-25Apr-25May-25Jun-2515%6%14%15%13%14%Jan-25Feb-25Mar-25Apr-25May-25Jun-258%8%8%7%7%12%Jan-25Feb-25Mar-25Apr-25May-25Jun-2520%24%29%15%28%18%Jan-25Feb-25Mar-25Apr-25May-25Jun-25Impact AnalysisJune 2025DATA ENCRYPTED FOR IMPACT WAS THE MOST COMMON IMPACT OBSERVED BY KROLL