Verizon’s 16th Annual DBIR Finds Social Engineering is a Weapon of Choice in Cyberattacks

by Amy Larsen DeCarlo, posted in Secure
Amy Larsen DeCarlo – Principal Analyst, Security and Data Center Services

Summary Bullets:

• The Verizon Data Breach Investigations report (DBIR) revealed a sizeable jump in pretexting while ransomware continues unabated.

• While actors external to the breached organizations are responsible for most incidents, 19% of the either intentional or accidental security events are perpetrated by internal staff.

With contributions from dozens of organizations including law enforcement agencies like the US Federal Bureau of Investigation (FBI), Verizon’s 2023 DBIR offers insight into the nature of current threat landscape through the analysis of more than 16,000 security incidents, 5,199 of which were confirmed data breaches. What the report reveals is an environment dominated by profit-motivated bad actors who continue to advance techniques in areas like social engineering that exploit human susceptibilities.

The DBIR reports that 74% of all breaches play into human vulnerabilities either through error, privilege misuse, credential theft, or social engineering. Most breaches – 83% – are carried out by people outside of the attacked organization; 95% of all breaches are profit-driven.

The DBIR points out that the number of business email compromise attacks have almost doubled in the last six years (2018) as percentage of all breaches. These incidents – which are effectively pretexting in which cybercriminals use a fictitious story to manipulate the targeted end user into sharing confidential or high-value data, download malware, transfer money to the bad actor, or otherwise do harm to the preyed-upon organization – can be highly profitable and scale easily.

Credential theft was the most popular threat actor action type applied in more than 47% of all incidents. Ransomware remains a major element in breaches. While the number of ransomware incidents didn’t increase, it is still 24% of all breaches and 15.5% of all incidents.

Ransomware is used against organizations across all industries, but healthcare is targeted at the highest rate.

Analysis conducted on the FBI Internet Crime Complaint Center found that the median loss has more than doubled since 2021. However, there was a silver lining in that the FBI data showed that only 7% of incidents cost the targeted organization anything in financial terms.

Log4j was responsible for 90% of the identified exploit vulnerability attacks. Nearly a third of Log4j activity occurred within the first month of its release. This demonstrates that fast action on vulnerability patching alleviated what could have been an even more widespread and devastating impact.

With a tone that is not without a fair dose of levity without being dismissive, the DBIR offers broad insights and a fair level of detail into the threat environment during a recent window in time. Examining not just breaches but also attempted attacks provides a more nuanced view of tactics of the bad actors and the defenses of those targeted.

The entire report can be accessed here:
https://www.verizon.com/business/resources/reports/dbir/

Leave a Reply