Return to Blog
Cybersecurity Trends and Threats Revealed in the 2024: Verizon Data Breach Investigations Report
Industry News

Cybersecurity Trends and Threats Revealed in the 2024: Verizon Data Breach Investigations Report

The 2024 Verizon Data Breach Investigations Report (DBIR) is a must-read for anyone in cybersecurity. The report analyzes thousands of security incidents and data breaches to identify the latest trends and threats.

Here are the key takeaways from this year's report:

Ransomware and Extortion Remain Top Threats

Ransomware attacks continued to decline in 2023 compared to previous years, but extortion attacks surged, especially due to the large-scale MOVEit breach. Extortion was present in 46% of breaches in North America. Ransomware groups are increasingly using double extortion tactics, stealing data before encrypting systems and threatening to leak the data if a ransom isn't paid.

Social Engineering Attacks Evolve

Pretexting overtook phishing as the top social engineering tactic, indicating threat actors are getting more sophisticated in their social manipulation. However, phishing is still extremely effective, with the median time for users to fall for a phishing email less than 60 seconds after opening it. Malicious packages on developer platforms like npm are also increasingly using social engineering techniques like fake game currency generators and typosquatting to trick developers into installing malware.

Stolen Credentials Fuel Attacks

Stolen credentials were the top method for gaining initial access in breaches, used in 77% of cases. Credentials are easy for attackers to obtain, with one analysis finding 99% of stolen credentials were from common instances of malware. Brute-force attacks using easily guessable passwords were also common.

Insider Threats Persist

While external actors were behind the majority of breaches, insiders accounted for a significant portion of incidents, especially in the Financial and Professional Services industries[1]. Malicious insiders intentionally misused their access, while negligent insiders accidentally caused breaches through errors and misconfigurations.

Retail and Healthcare Hit Hard

The Retail industry saw a spike in breaches, with payment card skimming and POS intrusions common attack vectors. Healthcare also experienced a high volume of breaches, with ransomware and insider misuse major issues. Personal and medical data was frequently targeted in these industries.

Espionage Attacks Target APAC

In the Asia-Pacific (APAC) region, espionage was the motive behind 25% of breaches, much higher than other regions. APAC also saw a higher percentage of breaches involving internal actors. Stolen data was more likely to include internal information and secrets compared to other regions.

Improving Cybersecurity Requires Tools

The report emphasizes that improving cybersecurity requires collaboration between governments and industry. Threat intelligence sharing, joint operations, and developing capabilities together are key. Governments can also play a role in updating legislation and providing guidance to industry.

Understanding the most common web application vulnerabilities is the first step in safeguarding your digital assets. By familiarizing yourself and your company with these vulnerabilities and using tools like VScanner, even smaller companies can manage the risks associated with web applications. In the world of cyber threats, knowledge and preparation are your best defense.

Discover & Solve Your Domain Vulnerabilities Now ! #VulnerabilityScanner #VScanner #CyberSecurity