KROLL-2025年8月威胁情报（TI）焦点趋势报告（英）

Threat Intelligence (TI) Spotlight Trends ReportAugust 2025Methodology2▪ Kroll TI monthly spotlights are based on intelligence from Kroll’s cyber incident response engagements where we are engaged to respond, manage, or mitigate a cybersecurity incident. Kroll’s incident response work is informed by intelligence gained from the thousands of engagements handled per year by the Kroll Cyber Data & Resilience team. ▪ Data is collected and processed by the Kroll Cyber Threat Intelligence team during the initial scoping intake as well as during the lifecycle of a Kroll engagement. ▪ Kroll currently reports on data on a monthly and quarterly basis through the monthly spotlights and Quarterly Threat Landscape reports. TLP: CLEARTLP: CLEARKey Takeaways Initial Access Methods*•External Remote Services (20%)•Phishing: Link (17%)•Phishing: Attachment (13%)•Valid Accounts (13%)•Phishing: Non-Technical (10%)Most Impacted IndustriesTop Ransomware Variants•QILIN•SINOBI •NITROGEN•INC•FOGS•DRAGONFORCE•KAWA4096Top Threat Incident Types• Email Compromise (40%)• Ransomware (31%)• Insider Threat (18%)• Unauthorized Access (5%)• Web Compromise (3%)• Professional, Scientific, and Technical Services (27%)• Manufacturing (16%)• Finance and Insurance (9%)• Health Care and Social Assistance (8%)• Educational Services (8%)August 2025*Does not include engagements in which Insider Threat was the threat typeTLP: CLEARIndustry AnalysisAugust 2025PROFESSIONAL, SCIENTIFIC, AND TECHNICAL SERVICES WAS THE MOST IMPACTED INDUSTRY IN AUGUST 2025▪ Email Compromise and Ransomware were the top reported threat incident types impacting the professional, scientific, and technical services industry.▪ In August, threats against the professional, scientific, and technical services industry most often involved External Remote Services and Phishing: Link as the initial access methods.MANUFACTURING WAS THE 2nd MOST IMPACTED INDUSTRY IN AUGUST 2025▪ Ransomware was the top reported threat incident type impacting the manufacturing industry. ▪ In August, threats against the manufacturing industry most often involved External Remote Services as the initial access method.TLP: CLEARAugust 2025Incidents by IndustryMining 3%Wholesale Trade 3%Arts, Entertainment, and Recreation 3%Construction 5%Real Estate Rental and Leasing5%Retail Trade 5%Educational Services 8%Health Care and Social Assistance8%Finance and Insurance9%Manufacturing 16%Professional, Scientific, and Technical Services 27%TLP: CLEARFinance and InsuranceMost Impacted IndustriesPrevious 6 MonthsProfessional, Scientific, and Technical ServicesInformationHealthcare and Social AssistanceManufacturingRetail Trade10%16%10%12%9%21%Mar-25Apr-25May-25Jun-25Jul-25Aug-255%4%10%11%6%0%Mar-25Apr-25May-25Jun-25Jul-25Aug-258%7%7%12%9%0%Mar-25Apr-25May-25Jun-25Jul-25Aug-2514%15%13%14%11%11%Mar-25Apr-25May-25Jun-25Jul-25Aug-2529%15%28%18%23%32%Mar-25Apr-25May-25Jun-25Jul-25Aug-253%4%1%2%3%0%Mar-25Apr-25May-25Jun-25Jul-25Aug-25TLP: CLEARImpact AnalysisAugust 2