Verizon’s 2024 DBIR analyzes data from more than 30,458 incidents and 10,626 breaches reported between November 2022 and October 2023, revealing evolving threat trends. Key takeaways span social engineering, ransomware dominance, credential theft, insider threats, supply chain risk, IoT exposures, DDoS activity, and sector-specific challenges. #VerizonDBIR2024 #LockBit #ALPHV #Cl0p #MOVEit #Magecart #StealerLogs #IoT
Keypoints
- Social engineering remains a primary attack vector, with phishing and pretexting via email contributing to about 73% of breaches, and AI-generated deepfakes increasing attack sophistication.
- Ransomware dominates cyber threats, accounting for 70% of System Intrusion breaches, with notable groups like LockBit, Cl0p, and BlackCat (ALPHV) leading the landscape.
- Stolen credentials are pervasive in breaches, with approximately 77% of web application breaches involving stolen credentials and credential-stealing malware playing a major role.
- Extortion and vulnerability exploitation often occur together, underscoring risks from vulnerabilities (e.g., MOVEit) and the need for proactive patching.
- Insider threats remain a concern, but collusion between insiders and outsiders has dropped to less than 1%, highlighting the value of zero-trust approaches.
- Supply chain compromises are rising (about 15%), emphasizing the importance of supply chain visibility and vulnerability intelligence for informed risk management.
MITRE Techniques
- [T1566] Phishing – Phishing and pretexting via email contribute to social engineering attacks in approximately 73% of all breaches. “phishing and pretexting via email contribute to social engineering attacks in approximately 73% of all breaches.”
- [T1003] Credential Dumping – Stealer logs traded on cybercriminal forums contain vast amounts of data stolen by stealer malware. “these logs serve vast amounts of sensitive data that have been stolen by stealer malware.”
- [T1078] Valid Accounts – 77% of web application breaches involved stolen credentials, illustrating the use of valid accounts to access systems. “Approximately 77% of web application breaches involved stolen credentials.”
- [T1190] Exploit Public-Facing Application – Vulnerability exploitation is used to breach systems, including MOVEit-related exposures. “vulnerability exploitation” and MOVEit references illustrate this behavior.
- [T1195] Supply Chain Compromise – Attacks exploiting supply chain vulnerabilities are at 15%, showing how attackers leverage third-party relationships. “Attacks exploiting supply chain vulnerabilities are at 15%.”
- [T1199] Trusted Relationship – Insider-related breaches and collusion with outsiders are noted, with collusion dropping to less than 1%, underscoring risks in trusted relationships. “Collusion, once at 7%, has dropped to less than 1%”
Indicators of Compromise
- [IOC Type] No explicit IOCs named – there are no specific IP addresses, domains, file hashes, or file names provided in the article.
Read more: https://socradar.io/top-10-takeaways-from-verizon-dbir-2024-report/