13% Spike in Ransomware Is Biggest in 5 YearsFinancial Gain Is Primary Motive Behind Attacks, Followed by Espionage
Ransomware has grown 13% year on year in 2022, a jump greater than the past five years combined, a Verizon Business 2022 Data Breach Investigations Report published on Tuesday shows. The report records trends in ransomware rather than absolute figures such as the total number of breaches during the past five years.
As criminals look to leverage increasingly sophisticated forms of malware, ransomware continues to prove particularly successful in exploiting and monetizing illegal access to private information, the Verizon study says. Financial gain continues to be the primary motive for attacks, followed by espionage, it says.
The Verizon research team reviewed 23,896 security incidents, of which 5,212 were confirmed breaches. Eighty-seven organizations participated in the study.
The DBIR report sheds light on how the most common forms of cyberattacks affected the international security landscape. The data analyzed in the report comes from contributors ranging from law enforcement agencies to forensic and law firms to CERTs and ISACs and government agencies from several countries.
The amount and frequency of ransomware payments have increased today, Chris Novak, global director, threat research advisory center, Verizon Business Group, tells Information Security Media Group. "The victims pay well and pay quickly. This almost incentivizes them [threat actors] and emboldens them to conduct these kinds of attacks more often," he says.
In the early days of ransomware, organizations struggled with traditional payment mechanisms, such as money transfers or prepaid gift cards. When cryptocurrency came along, they had to figure out how to use wallets and exchanges. "Now it’s almost like a cottage industry that's grown up out of all of that, that helps facilitate ransom payments. I think in some ways that has also emboldened the threat actors, because it's easier now," Novak says.
Anshuman Sharma, head of investigative response, APJ, at Verizon, says that the increase in cyberattacks, especially ransomware, is due to the continued explosion of connected devices and widespread digitization in multiple sectors. "While the pandemic led to a rise in ransomware attacks, the inaction, or the delay in the implementation of technical and infrastructure changes in the new normal, has made organizations more vulnerable," he says.
Sharma says the emergence of ransomware-as-a-service and the adoption of cryptocurrency could be contributing factors as well.
Key Paths to Data Breaches
The study determined that the four key paths to data breaches are unauthorized credentials, phishing, vulnerability exploitation and botnets.
Organized crime also continues to be a pervasive force in the world of cybersecurity. About four in five breaches can be attributed to organized crime, with external actors four times more likely to cause breaches in an organization than internal actors, the report says.
Heightened geopolitical tensions are also driving increased sophistication, visibility and awareness around nation-state-affiliated cyberattacks.
For many businesses, the past year has been dominated by supply chain issues, and this trend was also reflected across the cybersecurity landscape. In fact, 62% of system intrusion incidents came through an organization's partner, the Verizon report shows. Compromising the right partner is a force multiplier for cybercriminals and highlights the difficulties that many organizations face in securing their supply chain.
Novak says that supply chain is a "big area of focus," since many organizations moved toward cloud infrastructure and as-a-service offerings during the pandemic. "It has dramatically changed the way they operate. And that also changes their [threat actors'] attack surface area or footprint. Because more organizations are relying more heavily on third parties, those third parties may be the avenue of entry into the end target," he says.
In a finding that exposes the cost of human influence, people by far remain the weakest link in an organization's cybersecurity defenses. Social engineering attacks accounted for 20% of the total breaches recorded in the Verizon report. When human errors and misuse of privilege are added, the human element accounts for 82% of analyzed breaches over the past year.
"We continue to see the human element as a dominant factor. I see organizations deploying a lot of technology, but at the end of the day there will always be people involved. So it is important to educate them and make them aware of the role they play in security," Novak says.
It is also important to consider the "fair bit" of human error that goes into the implementation, design, execution and detection stages of security, he says. "That ultimately could lead to organizations having either increased breaches or increased severity of breaches if their people aren't prepared for how to handle those types of events."
The report also finds that more than half of breaches analyzed involved the use of either remote access or web applications; 66% of the breaches involved phishing, stolen credentials and/or ransomware; and a vast majority of breaches - 95% - involved five or fewer intrusion steps.
Commenting on these findings, Novak says threat actors value credentials. "Many of the attacks we see are related to someone getting access to the credentials, whether it's buying them on the deep or dark web market or using something like social engineering or phishing in order to obtain them," he says.
He also observes "incredible activity" around exploiting vulnerabilities and leveraging botnets and says it's "not just the confidentiality of data, in terms of stealing data, but making systems inaccessible to their end customer, if you will."