Cyber attack methods continue to evolve – report

in

BY Richard Summerfield

Cyber criminals are deploying new and innovative lines of attack in addition to modified versions of existing methods, according to Verizon’s 2024 Data Breach Investigations Report.

According to the report, which analysed more than 30,000 real-world security incidents, including a record high of just over 10,000 confirmed data breaches, spanning 94 countries, the three most popular vectors for data breaches were unauthorised uses of web application credentials, email phishing and exploiting vulnerabilities in web applications, when excluding errors and misuse, typically honest mistakes by employees.

Attacks utilising the exploitation of vulnerabilities were up 180 percent, according to the report. This increase comes as no surprise given the mass exploitation of the MOVEit zero-day vulnerability and other similar vulnerabilities. Primarily, these attacks utilised ransomware and other extortion-related threat actors, and the main entry point was web applications. Attacks involving ransomware or extortion have seen considerable growth over the past year, accounting for 32 percent of all breaches.

“The exploitation of zero-day vulnerabilities by ransomware actors remains a persistent threat to safeguarding enterprises,” said Chris Novak, senior director of cybersecurity consulting at Verizon Business.

The human element also had a substantial hand in the number of recorded breaches. Sixty-eight percent of breaches involved a non-malicious human element. Accordingly, the onus remains on organisations to improve security awareness among their employees in order to reduce the impact of breaches. The report explains that the most common causes of breaches involving a non-malicious human element are someone falling victim to a social engineering attack or someone making a mistake.

“In either case, these could have been mitigated by basic security awareness and training. This is an updated metric in the report (we would previously include malicious insiders), and it is roughly the same as the previous period described in the 2023 DBIR,” Verizon added.

Report: 2024 Data Breach Investigations Report

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.