Annual Verizon DBIR Highlights “Era of Vulnerability Exploitation,” Continued Importance of Timely Patching

by | May 8, 2024

While it is hardly news that organizations are having a hard time with patching and that phishing remains rampant, the new Verizon DBIR shines some light on the scope of the problem and the work that is left to be done. Aside from continuing employee- and staffing-related struggles, the report also sees something of a “golden age” of vulnerability exploitation developing for cyber criminals.

Vulnerability exploitation up 180% on the back of MOVEit breach

While vulnerability exploitation is sharply up, most of this is owed to the rampant devastation caused by Cl0p and its MOVEit breach almost a year ago. The big story is essentially the same as it was with last year’s Verizon DBIR: employees are still a key factor in over two-thirds of breaches, but the vast majority of the time this is some sort of “miscellaneous error” that is not part of an intentional insider attack.

Financially motivated organized criminal groups are the biggest intentional threat by far, responsible for 60% of attacks on the year. By comparison, state-sponsored threat groups (usually focused on targeted espionage) were attributed to only about 5% of the breaches.

And while criminals are definitely exploring the possibilities of generative AI, and have put it to successful use in production of audio deepfakes as part of business email compromise (BEC) schemes, for the most part it is not yet a factor in assisting with vulnerability exploitation. That time is coming at some point, but the researchers do not see it in the very near future.

The “vulnerability exploitation era” is progressing just fine without AI assistance, however. For the most part, criminals are simply following published vulnerabilities and finding that organizations are slow to patch them. There is an uptick in known ransomware gangs finding/obtaining and being the first to deploy zero-days, but often they don’t need to be the first through the door. The Verizon DBIR finds that 85% of critical vulnerabilities are still unpatched a month out, and at six months out 20% are still out there. After a full year, 8% will still be present in the wild.

Verizon DBIR sees jump in extortion-only capers from ransomware gangs

A huge jump in vulnerability exploitation (of 180%) in just a year is due in large part to the MOVEit breach. A quieter trend, but perhaps a more important one, has been spotted among ransomware gangs: dropping the ransomware in favor of pure extortion. This has been very noticeable with the MOVEit attacks and other incidents involving big-name ransomware gangs over the past year, but the Verizon DBIR finally puts some numbers to the trend: 9% of attacks of this type were extortion-only, up from no more than about 1% (and usually less than that) in all previous years.

Another trend among financially motivated attackers is the use of “pretexting” as a means of scamming organizations, seen in about 25% of financially motivated attacks on companies on the year. Pretexting specifically targets employees for social engineering and often is designed to nudge them into making first contact with the hackers. This approach has been increasingly bot-driven and focused on social media in recent years.

Attacks that originated with a third party also jumped from 9% in last year’s Verizon DBIR to 15% in the current edition, though this year’s definition was also expanded to include breaches in which a software choice with a better security track record may have stopped the attack. In total the report incorporated over 30,400 security incidents and over 10,600 confirmed breaches, about twice the total number of incidents seen the previous year.

Recent Posts

How can we help?

10 + 11 =

× How can I help you?