Expel Quarterly Threat Report – Q1 2022
Cybersecurity data, trends, and recommendations from the Expel Security Operations Center (SOC)
Welcome to the first-ever Expel Quarterly Threat Report! Since July 2021, we’ve brought you monthly attack vector reports that dug into the biggest threats we saw across the incidents we investigated for our customers.
Now, we’re changing things up to bring you these reports on a quarterly basis. The report surfaces the most significant data we’re seeing in our threat detection and response efforts, curates that data into trends that can impact your cybersecurity posture, and offers resilience recommendations to protect your organization. Think: Great eXpeltations annual report, but for the quarter.
This Q1 report delivers intelligence on some of the most active attack vectors our SOC leadership team observed, including:
- Business email compromise (BEC)
- Business application compromise (BAC)
- Pre-ransomware
- Commodity malware
- Cloud infrastructure
- Phishing
We looked for patterns and trends to help guide strategic decision-making and operational processes for your team. We used a combination of time series analysis, statistics, customer input, and analyst instinct to identify these key insights.
By sharing how attackers got in, and how we stopped them, we’ll translate the security events we detect into security strategy for your org.
Get the report
Thanks for clicking submit. You should be redirected to your download in a moment.
What’s inside the Expel Quarterly Threat Report

- Observations from our SOC for attack trends this quarter
- How these attack trends impacted individual industries
- Top attack methods and tactics
- A look ahead to potential vectors to watch in Q2
Learn more about what the Expel SOC sees
BLOG
Attack trend alert: Email scams targeting donations to Ukraine
As more people look to donate to Ukrainian relief efforts, bad actors are taking advantage. Lookout for these phishing scams to ensure your donations are actually going to help those in need.
BLOG
Top 7 recs for responding to the Lapsus$ breach claims
While the situation surrounding the reported breach of Okta by Lapsus$ is still developing, here are our top 7 recommendations you can take to protect yourself and your org.
BLOG
5 pro tips for detecting in AWS
Cloud-based infrastructures can be confusing, but sometimes building a better security program starts with the basics. Try these pro tips to help focus the lens for detecting threats in AWS.