The Verizon DBIR report noted a whopping 180 per cent increase in attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach compared with last year. The report noted that Ransomware and other extortion-related threat actors primarily leveraged these attacks, with web applications as the initial entry point.
Interestingly, there were over 8302 incidents in the EMEA region, over 6005 with confirmed data disclosures. Social engineering represented a whopping 87 per cent of these breaches. Close to 94 per cent of all breaches were for financial reasons. The report stated that these include phishing and pretexting through email. Globally, these account for 73 per cent of the breaches.
Over the past two years, there have been incidents involving ‘Pretexting’—most of which resulted in business email compromise (BEC). This accounted for 24 to 25 per cent of financially motivated attacks. In both years, the median transaction amount of a BEC was around $50,000, according to an FBI IC3 dataset.
Saeed Abbasi, Manager, Vulnerability Research at Qualys, said, “This year’s report highlights a significant surge in vulnerability exploitation, a trend that spotlights the escalating daily challenges that organisations face. Today’s cyber threats are dynamic and increasingly sophisticated, with a notable increase in ransomware, extortion techniques, and vulnerability exploitation. This shows that cybercriminals are becoming more adaptive and opportunistic. They effectively utilise everything from zero-day vulnerabilities to social engineering tactics like phishing to penetrate systems.”
In these three years, Ransomware and other extortion breaches accounted for two-thirds (between 59 per cent and 66 per cent) of those attacks.
According to the FBI’s Internet Crime Complaint Center (IC3) ransomware complaint data,
the median loss associated with the combination of Ransomware and other Extortion breaches has been $46,000, ranging between $3 and $1,141,467 for 95 per cent of the
cases.
The report stated, “We also found from ransomware negotiation data contributors that the median ratio of the initially requested ransom to company revenue is 1.34 percent. Still, it fluctuated between 0.13 per cent and 8.30 per cent for 80 per cent of the cases.”
“Ransomware is also evolving into more complex forms of extortion, marking a convergence of threats where different attack methods merge into hybrid tactics. This convergence complicates organizations’ ability to predict and defend against attacks as the distinctions between attack types become increasingly blurred,” said Abbasi.
As the report stated – Phishing attacks mostly have an email vector, which is self-explanatory. Thus, the report focussed on the concentration of the web application vector prevalence for both credentials and exploit vulnerability. The presence of Credentials in the graphic should not be surprising as it carries a large share of the guilt for the Basic Web Application Attacks pattern (that is, getting unauthorised access to cloud-based email and collaboration accounts).
However, recency bias might make folks doubt the prevalence of vulnerability exploitation. Abbasi added that the 2024 Verizon DBIR emphasises a critical increase in vulnerability exploitation, highlighting the need for urgent, strategic vulnerability management.
“We advise organisations to implement comprehensive, proactive strategies, including agent-based and agent-less security measures, to preempt potential breaches. Additionally, organizations require a multi-layered defence strategy, integrating advanced detection tools, zero-trust frameworks, and rapid patch management.  Given supply chains’ increasing complexity and interconnectedness, this holistic approach to cybersecurity is essential. Cyber threats often target these networks, affecting not just individual organizations but also extending to third-party interactions and the broader supply chain,” added Abbasi.
