Verizon’s 2024 Data Breach Investigations Report (DBIR), released earlier this month and now in its 17th edition, delves into today’s intricate world of cybersecurity, unveiling the dynamics of modern threats and defenses. Covering data from November 1, 2022, to October 31, 2023, this comprehensive report illuminates how cyber incidents unfold to reveal who is behind the attacks, the methods they use, which assets they target, and the impact on organizations.
Verizon’s research team has uncovered the latest trends in social engineering, ransomware, and system intrusions, providing detailed industry-specific and regional analyses. Their findings reveal emerging threats, sophisticated attack strategies, and proactive measures that can help to significantly strengthen your organization’s defenses in an increasingly hostile cyber environment.
Understanding VERIS and Key Takeaways
At the core of the DBIR is VERIS (Vocabulary for Event Recording and Incident Sharing), Verizon’s framework that standardizes data collection and analysis related to security incidents. VERIS categorizes data into four main components: Actors (entities responsible for the incident, such as external attackers, insiders, or partners), Actions (methods used by the actors to cause the incident, including hacking, malware, and social engineering), Assets (targets of the incident, such as servers, endpoints, or databases), and Attributes (impact of the incident on the confidentiality, integrity, and availability of the assets).
The DBIR reveals several key insights based on the VERIS framework:
- Actors: Threat actors are categorized into external, internal, and partner groups. External actors, mainly organized crime groups, caused 65% of breaches. Internal actors were responsible for 35%, with a notable increase due to errors like misdelivery and misconfiguration.
- Actions: Among the key actions leading to breaches, stolen credentials accounted for 24%, ransomware was responsible for 23%, and extortion contributed to 10% of incidents. Pretexting, where attackers create a fabricated scenario to deceive victims into revealing sensitive information, has surpassed phishing in frequency, reflecting the sophistication of business email compromise (BEC) attacks. System intrusions, involving malware and hacking, were the culprit behind 36% of breaches.
- Assets: Servers were targeted in 95% of breaches. There is significant growth in breaches involving personal devices, driven by social engineering and extortion attacks, underscoring the need for better endpoint security and employee training.
- Attributes: Confidentiality breaches were most common, with personal data as the primary target. Regulatory requirements for disclosure have increased the visibility of customer data breaches. Additionally, integrity breaches (unauthorized changes to data or assets) linked to extortion and phishing have also increased.
Incident Classification Patterns
System intrusion remains the most common pattern, involving complex attacks that combine hacking and malware, especially ransomware. These attacks often exploit web application vulnerabilities and use stolen credentials. Ransomware accounted for 70% of incidents in this pattern.
Social engineering incidents, particularly pretexting and phishing, have increased significantly. Extortion drives these attacks, especially in North America, where it was present in 46% of breaches, emphasizing a need for regimented employee awareness and training to mitigate these threats.
Basic web application attacks, typically exploiting vulnerabilities in web applications to steal data, have decreased in frequency but remain significant due to the widespread use of web applications. Errors such as misdelivery and misconfiguration accounted for a substantial portion of breaches, highlighting the need for better data handling and verification processes.
2024 Data Breach Investigations Report | Verizon
Industry-Specific Analyses
In the manufacturing sector, error-related breaches, particularly misdelivery and loss, increased significantly. System intrusions and social engineering were also prevalent, with ransomware being common. Securing supply chains and implementing frequent patch updates have proven beneficial in mitigating these threats.
Healthcare organizations face high volumes of breaches, with personal data as the primary target. The sector is vulnerable to ransomware and social engineering attacks, necessitating enhanced data protection and incident response capabilities.
The financial sector remains a prime target for cybercriminals, with system intrusions and social engineering being the most common attack methods. Espionage-motivated attacks are rising, requiring financial institutions to prioritize and strengthen defenses against advanced persistent threats (APTs).
Regional Analyses
North America saw a significant increase in social engineering attacks, driven by extortion and phishing. System intrusions involving ransomware were also prevalent.
The EMEA region faced diverse threats, with a notable increase in espionage-related breaches. System intrusions and social engineering were common, reiterating the importance of comprehensive security measures and threat intelligence sharing.
In APAC, credential theft and espionage-related attacks were frequent. System intrusions exploiting vulnerabilities in remote services and web applications were common. A newfound emphasis on regional cooperation and information sharing will ideally assist in enhancing cybersecurity defenses going forward.
2024 Data Breach Investigations Report | Verizon
Emerging Threats and Trends
The report identifies several emerging threats and trends. The exploitation of zero-day vulnerabilities is increasing, with notable incidents involving widely deployed software. Organizations have combated this negative effort by implementing detailed vulnerability management practices and timely patching.
Ransomware tactics are evolving to include extortion, increasing their financial impact. Attacks on the software supply chain are rising, posing risks to multiple organizations. Assessing and monitoring third-party security practices is becoming increasingly critical among business partners. Social engineering attacks are becoming more sophisticated, with pretexting surpassing phishing in frequency.
Mitigation Advice
To address these risks, the DBIR provides several recommendations:
- Regular security awareness training to help employees recognize and respond to social engineering attempts.
- Implementing a rigorous patch management process to address known vulnerabilities promptly.
- Requiring MFA for all remote and external access to mitigate credential theft.
- Evaluating and continuously monitoring third-party vendors’ security practices.
- Developing and regularly updating incident response plans to minimize the impact of breaches.
The Wrap
Verizon’s 2024 Data Breach Investigations Report serves as an invaluable resource for organizations of all sizes and across all industries, illuminating the evolution of today’s cyber threats. By leveraging the insightful analyses, industry-specific guidance, and actionable recommendations presented in this report, organizations can fortify their defenses, enhance their security posture, and navigate today’s treacherous waters of cybersecurity with greater confidence and preparedness.
As cyberattacks become increasingly sophisticated and pervasive, the findings of the DBIR offer a vital compass, equipping organizations with the knowledge and strategies needed to safeguard their critical assets and maintain business continuity in the face of formidable cyber risks. Embracing the lessons drawn from this comprehensive report is a crucial step toward building a more resilient and secure digital ecosystem.