Phishing attacks increased by 11 percent and ransomware hijacks bumped up six percent from last year, Verizon Business said in a new report analyzing nearly 30,000 security incidents worldwide, 18 percent of which were confirmed breaches.
Some 60 percent of the 5,258 breaches involved the theft of credentials, such as weak passwords, according to the 14th edition of the Verizon Business 2021 Data Breach Investigations Report. In a nod to the impact of companies moving mission critical functions to the cloud, hack attacks on web applications accounted for nearly 40 percent of the total volume of breaches.
“The COVID-19 pandemic has had a profound impact on many of the security challenges organizations are currently facing,” said Tami Erwin, Verizon Business chief executive. “As the number of companies switching business-critical functions to the cloud increases, the potential threat to their operations may become more pronounced, as malicious actors look to exploit human vulnerabilities and leverage an increased dependency on digital infrastructures.”
Here are some top level data from the report:
- Misrepresentation, such as social engineering scams, increased by 15 times when compared to last year.
- 95 percent of organizations suffering credential stuffing attacks had between 637 and 3.3 billion malicious login attempts through the year.
- 85 percent of breaches involved a human element.
- More than 80 percent of breaches were discovered by external parties.
- Breach simulations found the median financial impact of a breach is $21,659, with 95 percent of incidents falling between $826 and $653,587.
- In the financial and insurance industries, 83 percent of data compromised in breaches was personal information.
- In the professional, scientific and technical services sector 49 percent of heisted data was personal.
The study examined cyber breaches 12 industries. Here is a sampling of the data:
- Financial: Misdelivery represented 55 percent of financial sector errors. The financial sector frequently faces credential and ransomware attacks from external actors.
- Healthcare: Basic human error continues to beset healthcare. The most common error continues to be misdelivery (36 percent), whether electronic or paper documents.
- Public administration: Social engineering is the biggest threat. Actors who can craft a credible phishing email are stealing credentials at an alarming rate in this sector.
- Retail: Social tactics include pretexting and phishing, with pretexting commonly resulting in fraudulent money transfers. The retail industry continues to be a target for cyber criminals looking to cash in on the combination of payment cards and personal information.
The study also looked at cyber breaches in three regions of the world. Here is a data sampling:
- Asia Pacific: Many of the breaches were caused by financially motivated attackers launching phish attacks on employees to steal credentials and then using that information to gain access to email accounts and web application servers.
- Europe, Middle East and Africa: The region continues to be beset by basic web application attacks, system intrusion and social engineering.
- North America: Targeted by financially motivated actors searching for money or easily monetizable data. Social engineering, hacking and malware continue to be the favored tools utilized by actors in this region.
“When you read the contents of the report, it is tempting to think that a vast array of threats demands a sweeping and revolutionary solution,” said Alex Pinto, the report’s lead author. “However, the reality is far more straightforward. The truth is that, whilst organizations should prepare to deal with exceptional circumstances, the foundation of their defences should be built on strong fundamentals, addressing and mitigating the threats most pertinent to them.”
