Request a Quote

Verizon 2023 DBIR: DDoS attacks dominant, while pretexting drives BEC growth

We Keep you Connected

Verizon 2023 DBIR: DDoS attacks dominant, while pretexting drives BEC growth

Verizon 2023 DBIR: DDoS attacks dominant, while pretexting drives BEC growth
Your email has been sent
In Verizon’s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway.
Verizon’s just-released 2023 Data Breach Investigations Report shows the continued effectiveness of business email compromises. The study, which tracked incidents occurring between November 1, 2021 and October 31, 2022, found that BEC attacks doubled and represented more than 50% of social engineering attacks. The global study included incidents in the Asia-Pacific regions, EMEA, North America, and Latin America.
BECs have evolved to include several sophisticated gambits, including one recently reported by Avanan, a unit of Check Point Software, involving the use of legitimate services, like Dropbox, to hide malware.
The study offered a broad look at actors, actions, trends and incidents across industries, noting that public administration (3,270 incidents), information (2,105), finance (1,829) and manufacturing (1,814) are the sectors that experienced the highest numbers of incidents over the period.
The report offered these major findings:
Jump to:
Built upon analysis of 953,894 incidents, of which 254,968 are confirmed breaches, the Verizon study found that 50% of all social engineering incidents during the study period used pretexting, a phishing tactic that involves tricking someone into giving up information that may result in a breach. According to the study, the practice, which is commonly used in BEC attacks, doubled in volume compared to the prior year’s.
Verizon reported 1,700 social engineering incidents overall, with attackers most often using it to steal credentials (Figure A).
Figure A
SEE: Half of companies tracked in a new study were hit by spearphishing campaigns (TechRepublic)
An uptick in espionage and state-aligned actors notwithstanding, the Verizon study reported that financial motives were behind 94.6% of breaches, with organized crime being the most prevalent threat actor.
The authors of the study also reported a fourfold increase this year in the number of breaches involving cryptocurrency compared to the prior year’s recorded breaches. “That is a far cry from the days of innocence in 2020 and earlier, when we got one or two cases maximum each year,” they wrote.
Verizon reported the percentages of financially motivated attacks by category:
Verizon reported 6,248 distributed denial of service incidents. The study’s authors noted the brute force DDoS tactic called DNS water torture reportedly grew in prevalence (Figure B).
Figure B
“A point of attention that some of our partners brought to us was the growth of distributed DNS Water Torture attacks in, you guessed it, shared DNS infrastructure,” the study authors wrote, noting the attacks are a resource exhaustion attack done by querying random name prefixes on the DNS cache server so it always misses and forwards it to the authoritative server.
According to the study, there were 3,966 system intrusion incidents involving attacks using malware to breach organizations, which often resulted in the delivery of ransomware. In 34% of cases, data compromised was personal in nature, followed by system data, and finally internal data.
SEE: Web users are not very aware of their data footprints. (TechRepublic)
About one quarter of Verizon’s dataset for its study involved basic web application attacks, 86% of them using stolen credentials, which attackers employ to gain access to enterprises. The study reported 1,404 such incidents over its period of observation, with 86% aimed at credential theft, 72% for personal data and 41% seeking internal data.
Verizon also recorded 602 miscellaneous errors that include misconfigurations often committed by system administrators and developers. The study reported that 99% of these errors were internal, with 89% of compromises involving personal data.
Attackers on the outside were responsible for 83% of breaches, while internal actors (deliberately or inadvertently) accounted for 19% of breaches, according to Verizon. The report’s authors said 62% of all incidents were committed by organized crime.
Nearly half of breaches in the study period involved theft of credentials, with delivery of ransomware being the central action in just over 20% of breaches. Phishing was the action attackers took in 12% of external attacks, followed by breaches, in which the actions attackers focused on were:
The vast majority of attacks tracked by Verizon (83%) affected servers. Only 20% of attacks affected people directly. A decreasingly small percentage of attacks impacted media, kiosks and terminals, networks and embedded systems.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Verizon 2023 DBIR: DDoS attacks dominant, while pretexting drives BEC growth
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Get up and running with ChatGPT with this comprehensive cheat sheet. Learn everything from how to sign up for free to enterprise use cases, and start using ChatGPT quickly and effectively.
Get the most out of your payroll budget with these free, open source payroll software options. We’ve evaluated the top eight options, giving you the information you need to make the right choice.
We highlight some of the best certifications for DevOps engineers. Learn more about DevOps certifications.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these ten.
This Microsoft PowerToys app simplifies the process of visualizing and modifying the contents of the standard Windows Registry file.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Google’s Chrome web browser held a 64.92% command of the global browser market share in April 2023. That means more users are working with Chrome in significantly more use cases: mobile, desktop and even business. Because of that, users of all types must employ Chrome with a measure of caution and intelligence. After all, most …
A safe and healthy work environment provides the foundation for all employees to be at their most productive. Not only does it promote productivity in the workforce, but it also helps prevent accidents, lawsuits and, in extreme cases, serious injury and loss of life. A clear and robust ergonomic policy, like this one from TechRepublic …
Internet of Things devices serve a number of useful applications, such as environmental, asset or inventory monitoring/control, security functions, fitness devices and smartwatches. There is an array of IoT functions for both consumer and business purposes, but determining the total cost of ownership and the return on your enterprise investment in a widespread or large-scale …
No matter where in the world an enterprise operates, politics is going to play a major role in the lives of its employees. Depending on the country and the current political situation, it’s possible for affiliations, candidates and political parties to become a driving passion in your workforce. While an actively engaged workforce taking interest …

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE