The 2022 Verizon Data Breach Investigations Report has been published, which shows the extent to which ransomware is being used in cyberattacks on businesses. Ransomware has proven to be a highly successful tool for monetizing system compromises. Threat actors gain initial access to the network, exfiltrate data, then encrypt files. Payment is demanded to prevent the sale or exposure of sensitive data and for the keys to decrypt files.
According to the report, ransomware attacks increased 13% from 2020 to 2021, which is more than the increases that have occurred over the previous five years combined. Ransomware was involved in 25% of all data breaches in 2021 and 70% of all malware-related data breaches.
2021 was not all about ransomware, as Verizon explained in the report. “The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well-publicized critical infrastructure attacks to massive supply-chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
Verizon did not mention individual attacks, but the report does provide a major supply chain attack as an example, which was the SolarWinds Orion supply chain attack in late 2020/early 2021. Supply chain attacks tend to be conducted by nation-state threat actors who are not financially motivated. The goal is to gain persistent access to networks for long periods of time for espionage purposes. These attacks are becoming much more commonplace, and in 2021 accounted for 62% of all system intrusion incidents. For threat actors the attraction is clear. An attack on one company in the supply chain can allow many others to be attacked, and these attacks often go undetected for long periods of time.
Data breaches caused by external actors outnumbered insider breaches by 4 to 1; however, the majority of all attacks did have a human component. The human element was the key factor in 82% of data breaches in 2021, which includes mistakes such as misconfigurations, responses to phishing emails and social engineering, and simple errors that open the door for threat actors. One of the most common errors is misconfigured cloud storage repositories, which leave large amounts of data exposed over the Internet.
The top three methods used in cyberattacks remained the same as in 2020 although 2021 saw a change in the positions, with system intrusions soaring and reductions in all other methods of gaining access to networks.
While many different types of attacks have occurred, Verizon identified four common paths that lead into an organization and they are credentials, phishing, vulnerabilities, and botnets. It is essential for organizations to implement a plan to deal with each of these paths.