9 findings from Verizon’s 2021 Data Breach Investigations Report (DBIR)

Updated at May 20, 2021
By Gatefy
Blog, Security News

Verizon’s Data Breaches report (DBIR 2021) saw a considerable increase in the number of attacks involving phishing, social engineering, and ransomware. The report also points out that the pandemic caused by COVID-19 had a significant influence in the world’s security scenario.

More than 79,000 security incidents have been analyzed, with 5,258 cases of confirmed data breaches. Last year, we wrote about the main points of DBIR as well.

According to Verizon, “breaches are moving toward social and webapp vectors, and those are becoming more server based, such as gathering credentials and using them against cloud-based email systems”.

Verizon’s document is one of the leading information security reports on the market, providing ideas and scenarios on how digital threats have affected people and companies.

“The DBIR is not in the business of prediction, but it can go a long way to help you shape your response strategy in the face of an uncertain future”, states the report.

Identify advanced and targeted threats and block them faster with Gatefy

Key points from Verizon’s data breach report

1. Phishing

According to the report, the incidence of phishing attacks in data breaches increased 11% more than in the previous year. It went from 25% to 36%.

This high variation is related to the pandemic and scams that use COVID-19 to deceive and persuade people. An important point to note is the analysis of at least 150 templates of phishing emails.

“Phishing remains one of the top action varieties in breaches and has done so for the past two years”, says the report.

“This increase correlates with our expectations given the initial rush in phishing and COVID-19-related phishing lures as the worldwide stay-at-home orders went into effect.”

2. Social engineering

The report also points to an increase in social engineering attacks that result in data breaches: from 22% to almost 35%.

“We’ve definitely seen a jump in social engineering breaches as a pattern from last year with an overall upward trend since 2017. For the past couple of years, it appears to be correlated to an uptick in the compromise of cloud-based mail servers. What we cannot say is why email is so enticing to threat actors”.

Verizon says that the most common forms of social engineering are phishing, BEC (Business Email Compromise), and spam. These scams are mostly propagated via malicious emails.

“BEC were the second most common form of social engineering. This attack scenario reflects the meteoric rise of misrepresentation, which was 15 times higher than last year in social incidents”.

Verizon also claims that social engineering and phishing attacks are widely used to steal credentials and spread malware, such as C2, backdoor, trojan, and ransomware.

“The majority of social engineering incidents were discovered externally. (…) This means that when employees are falling for the bait, they don’t realize they’ve been hooked”.

3. Most common types of compromised data

As in previous years, credentials remain at the top of the list as the type of data most compromised by cybercriminals. By hacking credentials, criminals have access to systems and sensitive information.

In addition to credentials, personal data is another type of data that is highly targeted by cybercriminals. This kind of information is then sold on the dark web or even used in other types of fraud.

Check the list with the most compromised data in breaches:

Credentials.
Personal data.
Medical data.
Bank data.
Internal data.

4. System intrusion

A chapter in the Verizon report is dedicated to system intrusion. According to the document, system intrusion is a pattern that consists of sophisticated and complex attacks that have several steps.

“The majority of these attacks involve malware (70%), usually of the Ransomware variety, but also of the magecart attack type used to target payment card data in web applications. Hacking (40%) also appears in many attacks and most often consists of the use of stolen credentials or brute force attacks”.

5. Malware

Making a comparative analysis, the use of malware in breaches has not changed much compared to the previous year. The percentage remains in about 20% of cases. The most used types of malware are:

Ransomware.
C2.
Trojan.
Downloaders.

“We found 30% of the malware was directly installed by the actor, 23% was sent there by email and 20% was dropped from a web application. While this probably doesn’t surprise many people, it does highlight the importance of having a robust defense to cover these three major entry paths for malware”.

6. Ransomware

Ransomware is responsible for the vast majority of data breaches involving malware. About 10% of all breaches analyzed by Verizon involve ransomware.

This percentage represents more than twice the frequency of the previous year, which confirms an upward trend since 2016.

“This is because actors have adopted the new tactic of stealing the data and publishing it instead of just encrypting it. These attacks have some variety in terms of how the ransomware gets on the system, with actors having strong preferences that can be broken into several vectors”.

The most common forms of ransomware infections involve stolen credentials, brute force attacks, and malicious emails.

“Attackers are less likely to purely target payment data and are more likely to broadly target any data that will impact the victim organization’s operations. This will increase the likelihood that the organization will pay up in a Ransomware incident”.

7. Human error and misuse

Verizon continues to rate human errors and misuse as significant actions in cases of breaches. Despite this, the numbers dropped this year.

The error is present in 17% of breaches (from 22%). The main varieties of error are misconfiguration and misdelivery.

“Sadly, misdelivery remains alive and well in our dataset, and while a number of these breaches are electronic data only (e.g., email to the wrong distribution list), there remains a significant number that involve paper documents”.

The misuse corresponds to about 5% of cases (from 8%). In these cases, the most common variety is privilege abuse. The second place went to data mishandling.

“We would have expected an appreciable increase in people performing misuse from home, given the increase of those who are working remotely due to the pandemic. However, we did not see an increase from remote access as a vector”.

However, Verizon reports that companies’ difficulty identifying and reporting this access vector may influence the data.

8. Actors and motivation

Compared to last year, the participation of external actors in breaches rose to 80% (from 70%). Internal actors and partners now account for 20% of cases.

“It seems clear that our external actors are not giving up their close-ups, as they continue year after year to dominate the actor types in breaches”.

“As in past years, financially motivated attacks continue to be the most common (90%), likewise, actors categorized as organized crime continue to be number one (80%)”.

9. Other takeaways

85% of breaches involved a human element.
61% of breaches involved credentials.
3% of breaches involved vulnerability exploitation.
Around 22% of breaches involved basic web application attacks.

Verizon’s 2021 Data Breach Investigations Report (DBIR)

If you would like to check out the full report, click here.

Advanced protection for businesses

As seen in the article, social engineering, phishing, ransomware, and other forms of malware remain active. It means that companies need to take precautions to not become victims of scams and fraud.

Gatefy can help with this by providing advanced artificial intelligence for data and information security. Our solutions are compatible with Microsoft Office 365, G Suite, Exchange, Zimbra, and other email providers.

Talk to one of our experts to find out more.