Attacks by ransomware and other extortion-related threat actors increased by 180% over 2023. Web applications were found to be the most common attack entry points. 35% of threat actors were internal to attacked organizations. More than half were affiliated with organized crime.
Out of 9,982 actions recorded, use of stolen credentials was the top action used in attacks, accounting for 24% of breaches, while 23% of all breaches involved ransomware. Pure extortion attacks were a component of 10% of all breaches. 68% of breaches involved a human element.
According to Verizon’s research, breaches as the result of errors were estimated at 28%, while 15% of breaches involved vulnerabilities in supply-chain interconnetions, third party infrastructure or third party software, which could be reduced through better attention to internal and vendor security practices.
Out of 2,770 attacks that resulted from breaches that did not involve errors or misuse, about half were the result of poorly protected Web application credentials. Exploits involving VPNs were found to be negligible.
While the reporting rate for phishing attack rates reported in security simulation engagements increased, the median time it took for users to fall for (open), and respond to (click-through), phishing attacks was just 49 seconds.
While generative artificial intelligence is a topic of current interest across industry and society, the number of mentions of GenAI terms alongside traditional attack types and vectors such as “phishing,” “malware,” “vulnerability” and “ransomware” were shockingly low, barely breaching 100 cumulative mentions over the past two years, according to Verizon.
Methodology
Verizon analyzed 30,458 real-world security incidents across 94 countries, which took place between November 1, 2022, and October 31, 2023; of which 10,626 were confirmed data breaches.
Data and research used to examine and analyze relevant trends in cybercrimewere were developed by outside contributors and by the Verizon Threat Research Advisory Center (VTRAC).
The report uses the VERIS (Vocabulary for Event Recording and Incident Sharing) vocabulary.
Further details
Summary of findings: 2024 Data Breach Investigations Report (DBIR). Research summary. May 2024. Verizon Business
2024 Data Breach Investigations Report (DBIR). Full report (PDF). May 2024. Verizon Business
Why it matters
According to data reported by the FBI’s Internet Crime Complaint Center (IC3), ransomware and extortion breaches accounted for about 2/3 of all financially-motivated attacks over the past three years, with a resulting median loss of about $46,000. Incidents involving deception to entice mail recipients to give up sensitive information (pre-texting) were estimated to account for about 1/4 of financially-motivated attacks with a median transaction of about $50,000.
