We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
Upswings in ransomware and phishing, as well as cloud and web application attacks, mark the computing landscape today. Events like the Colonial Pipeline hack highlight the increased role threat actors play as they reinvent themselves to exploit newly found weaknesses.
Verizon’s Data Breach Investigations Report for 2021 finds the world’s threat actors have one thing in common. They all crave cold hard cash and are digitally transforming themselves fast to get it. Cloud apps, phishing, and ransomware are where the digital transformation begins.
Breaches today most often start with social engineering techniques designed to get buy-in from busy end users, the Verizon study found. That’s the first step in accessing privileged credentials, delivering ransomware, or finding other vulnerabilities across a network.
Threat actors know any breach strategy in the cloud depends on getting social engineering right.
Verizon found that 85% of the breaches involve a human element, which threat actors prefer by a 24% margin over breaches involving credentials. Verizon also found a correlation between the increase in social engineering breaches and cloud-based email servers being compromised.
That is because, the study speculates, emails are being mined for privileged credentials and used for mass mailings of phishing attempts and ransomware delivery.
Into the data breach
These days, threat actors often combine technologies and techniques in their strategies to breach an organization. That is according to the report, which is based on 79,635 incidents, of which 29,207 met Verizon’s quality standards and 5,258 were confirmed data breaches. Verizon sampled from 88 countries around the world for the study.
Threat actors tend to concentrate on the following strategies, according to Verizon:
- The cloud is the cornerstone of threat actors’ digital transformation strategies. Today, 39% of all breaches are in the cloud and web-based applications. Cloud app adoption rates are continuing to accelerate in 2021, following a rush to get as many employee- and customer-facing systems into the cloud as possible in 2020. That trend will gain momentum, as indicated by Gartner’s anticipation that worldwide cloud end user spending will grow 23.1% in 2021 to reach $332.3 billion, up from $270 billion in 2020. Consistent with the double-digit growth of public cloud services spending, Verizon said it was more common to find external cloud assets involved in incidents and breaches than on-premises assets.
- Web application attacks are 80% of hacking-based breaches today. Bad actors favor web application attacks due to the relatively few steps needed to gain greater access to email and web application data. Verizon finds that web application breaches often lead to email and web application data being stolen and repurposed for malware distribution, as well as asset and application defacement. They are also being used as a springboard for future DDoS attacks. And 96% of email servers compromised are cloud-based, resulting in the compromise of personal, internal, or medical data, according to Verizon. Desktop sharing is growing as an attack vector, following cloud and web-based apps.
- Ransomware is now the third leading cause of breaches, more than doubling in frequency from last year and appearing in 10% of all breaches. The recent Colonial Pipeline ransomware hack illustrates how threat actors used ransomware to extort a confirmed $4.4 million from the pipeline company after stealing over 100GB of data and threatening to release it publicly. Verizon’s analysis shows the Colonial Pipeline ransomware attack is consistent with patterns seen globally. Threat actors launch ransomware after gaining access and then extort millions of dollars or Bitcoin as payment in exchange for not releasing the data publicly. Ransomware itself is digitally transforming in 2021. Threat actors and ransomware groups develop infrastructure to securely host data dumps held hostage before sending red alert screens across organizations announcing the breach and demand for payment.
- Phishing accounted for 36% of all breach actions in 2020, up from 25% in 2019. Bad actors relied heavily on phishing in 2020, often creating fraudulent emails offering COVID-19 related health care supplies, protective equipment, and fictitious treatments. Verizon found phishing grew as a misrepresentation strategy when the worldwide stay-at-home orders went into effect.
Social engineering breaking bad
Verizon’s research disclosed that public administration organizations led all industries in breaches last year. Threat actors rely primarily on social engineering to create credible-looking phishing emails to steal privileged access credentials. The entertainment industry experienced the greatest amount of overall activity, with 7,065 incidents and 109 breaches, followed by public administration, with 3,326 incidents and 885 breaches.
Threat actors targeted entertainment using social engineering to commit ticket fraud, intercept online payments, and combine phishing and ransomware to divert cash from companies in this industry.
Verizon’s work reveals that even as enterprises pursued new digital transformation amid a global pandemic, threat actors have discovered their own digital transformation strategies. Social engineering — getting people to trust an email or text message, even if it’s as simple as clicking on a link — is the pivot point bad actors’ digital transformation strategies rely on.
The Verizon study provides a sobering glimpse into how quickly cybercrime is changing to become more opportunistic, deceptive, and destructive to its victims.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.