Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate

Data breaches from 2020 show that not much has changed over the last year: businesses continue to struggle with the basics of securing web apps, cloud deployments and educating employees

The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering.

The data, contained in the new Verizon 2021 Data Breach Investigations Report (DBIR), shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.

After crunching the data, the DBIR found that the ransomware spike was influenced by new tactics, where some ransomware actors are stealing the data and naming-and-shaming victims during extortion negotiations. 

“These actors will first exfiltrate the data they encrypt so that they can threaten to reveal it publicly if the victim does not pay the ransom,” the report said, noting that ransomware is now in third place among actions causing breaches.

The report also calls out a spike in attacks against web applications, noting that web-app hacks are the main attack vector in the “hacking actions” category, accounting for more than 80 percent of all documented data breaches.

The 2021 DBIR is based on the analysis of nearly 30,000 incidents (including DDoS attacks) and more than 5,200 confirmed data breaches. While the overall number of incidents is smaller compared to the past two years, the number of breaches has continued to increase — roughly 2,000 breaches analyzed for the 2019 report and 4,000 for the 2020 report.

Of the 5,258 confirmed data breaches, 885 impacted organizations in the public administration sector. This was the sector that reported the highest number of breaches, followed by professional services (630), healthcare (472), financial and insurance (467), information (381), education (344), mining (335), manufacturing (270) and retail (165).

Social engineering has been the biggest threat to organizations in the public administration and mining and utilities sectors. The number of breaches involving social engineering in these two sectors is higher than for all other sectors combined. 

Organizations in North America reported more than 13,000 incidents and over 1,000 data breaches last year, according to data from Verizon. In a vast majority of cases, the attacks were launched by financially-motivated actors, with social engineering, hacking and malware being their favorite tools.

More than 5,000 of the incidents and nearly 1,500 of the confirmed data breaches covered by the latest DBIR impacted organizations in the APAC region, where the most common type of attack involved financially-motivated hackers phishing employee credentials and using them to access email accounts and web application servers. 

The theft of credentials was also very common in the EMEA region, where there were more than 5,000 incidents and nearly 300 confirmed data breaches. 

Related: Verizon 2020 DBIR: More Extensive, Detailed and Thorough Than Ever

Related: Verizon Publishes 2019 Data Breach Investigations Report (DBIR)