The 2024 Verizon Data Breach Investigations Report (DBIR) is always one of the most hotly anticipated cyber security reports and this year it has been released chockful of insights.
Check Point was proud to be one of the research contributors. In this blog, we’ll share some of the key findings from the report.
The DBIR focuses on how attackers get into the environment in the first place. To that end, there was a staggering 180% increase over last year in the exploitation of vulnerabilities. This is, in large part, due to vulnerabilities like the one from MOVEit, but also included ransomware and other extortion attacks. Relatedly, Verizon saw a 68% increase where breaches involved a third party that included partner infrastructure being affected and direct or indirect software supply chain issues.
Despite the increase, the most effective way in remains stolen credentials. That said, there has been a decrease over time, particularly as exploiting vulnerabilities take charge. Web applications remain the most common way for hackers to use stolen credentials, with phishing via email right behind.
Speaking of phishing, the DBIR found that the rate of users clicking on phishing links after the email is opened is just 21 seconds; it’s only another 28 seconds for the person to then enter sensitive information. In all, the median time for users to fall for phishing emails is under 60 seconds. That’s concerning, especially when the human element played a role in 68% of breaches.
Ransomware and extortion combine for nearly two-thirds of all financial-based attacks, with a median loss of $46,000. In other financially motivated attacks, Business Email Compromise (BEC) makes up about a quarter of these attacks. Verizon refers to BEC interchangeably with Pretexting, which accounts for 40% of email attacks; traditional phishing is at 31%.
Interestingly, Verizon did not find any indications of widespread use of generative AI in these attacks. In fact, in their criminal form database, GenAI was only mentioned 100 times over the last two years.
When it comes to the actions that threat actors take, the top two are using stolen credentials and ransomware. Both top out at around a quarter of all attacks. Web applications and email continue to be the top attack vector, both hovering around 40%, with carelessness leading to errors right behind.
The DBIR provides a detailed look at the top trends in cybersecurity, providing practitioners with a helpful roadmap to prioritize vulnerable areas.