Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate

Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering.

The data, contained in the new Verizon 2021 Data Breach Investigations Report (DBIR), shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

After crunching the data, the DBIR found that the ransomware spike was influenced by new tactics, where some ransomware actors are stealing the data and naming-and-shaming victims during extortion negotiations. 

“These actors will first exfiltrate the data they encrypt so that they can threaten to reveal it publicly if the victim does not pay the ransom,” the report said, noting that ransomware is now in third place among actions causing breaches.

The report also calls out a spike in attacks against web applications, noting that web-app hacks are the main attack vector in the “hacking actions” category, accounting for more than 80 percent of all documented data breaches.

The 2021 DBIR is based on the analysis of nearly 30,000 incidents (including DDoS attacks) and more than 5,200 confirmed data breaches. While the overall number of incidents is smaller compared to the past two years, the number of breaches has continued to increase — roughly 2,000 breaches analyzed for the 2019 report and 4,000 for the 2020 report.

Of the 5,258 confirmed data breaches, 885 impacted organizations in the public administration sector. This was the sector that reported the highest number of breaches, followed by professional services (630), healthcare (472), financial and insurance (467), information (381), education (344), mining (335), manufacturing (270) and retail (165).

Advertisement. Scroll to continue reading.

Social engineering has been the biggest threat to organizations in the public administration and mining and utilities sectors. The number of breaches involving social engineering in these two sectors is higher than for all other sectors combined. 

Organizations in North America reported more than 13,000 incidents and over 1,000 data breaches last year, according to data from Verizon. In a vast majority of cases, the attacks were launched by financially-motivated actors, with social engineering, hacking and malware being their favorite tools.

More than 5,000 of the incidents and nearly 1,500 of the confirmed data breaches covered by the latest DBIR impacted organizations in the APAC region, where the most common type of attack involved financially-motivated hackers phishing employee credentials and using them to access email accounts and web application servers. 

The theft of credentials was also very common in the EMEA region, where there were more than 5,000 incidents and nearly 300 confirmed data breaches. 

Related: Verizon 2020 DBIR: More Extensive, Detailed and Thorough Than Ever

Related: Verizon Publishes 2019 Data Breach Investigations Report (DBIR) 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Register

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

Orchid Security has appointed a new Chief Product Officer and three advisors.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.