Expel Quarterly Threat Report – Q3 2022
Q3 Cybersecurity data, trends, and recommendations from the Expel Security Operations Center (SOC)
In Q2 we said to be on the lookout for the Q3 Expel Quarterly Threat Report – and here it is! Just like previous quarters, this report surfaces the most significant data we’re seeing in our threat detection and response efforts, curates that data into trends that can impact your cybersecurity posture, and offers resilience recommendations to protect your organization.
This Q3 report delivers intelligence on some of the most active attack vectors our SOC leadership team observed, including:
- Business email compromise (BEC)
- Business application compromise (BAC)
- Identity attacks against cloud providers
In all these reports we looked for patterns and trends to help guide strategic decision-making and operational processes for your team. We used a combination of time series analysis, statistics, customer input, and analyst instinct to identify these key insights.
By sharing how attackers got in, and how we stopped them, we’ll translate the security events we detect into security strategies for your org.
Get the report
What’s inside the Expel Q3 Threat Report
A notable change in Q3: the increase in removable media as an attack vector.
- Overall SOC observations for attack trends this quarter
- Top attack methods and tactics (what changed, what’s up and what’s down – hint – identity is still the new endpoint)
- What percent of all Q3 incidents were identity-based attacks, BEC, BAC, and how to detect and respond
- How attackers leveraged IPs geolocated in the U.S.
- The jump in the use of removable media as an attack vector (in Q2, about 4%, 10% in Q3)
- Why effective detection and response strategy is identity-oriented and endpoint detection and response (EDR) tools alone don’t provide broad enough coverage
- Potential vectors to watch in Q4