The press release from Verizon included these top items:
- Vulnerability exploitation surged by nearly three times (180 percent) over last year.
- Ransomware and the meteoric rise of extortion techniques accounted for a third (32 percent) of all breaches.
- More than two-thirds (68 percent) of breaches involve a non-malicious human element.
- 30,458 security incidents and 10,626 confirmed breaches were analyzed in 2023 — a twofold increase over 2022.
- Verizon security by the numbers: 4,200-plus networks managed globally, 34 trillion raw logs processed/year, and nine security operation centers around the globe.
Also, analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog revealed that on average it takes organizations 55 days to remediate 50 percent of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the Internet is five days.
Here were some of the summary excerpts from the full report:
- “Our ways-in analysis witnessed a substantial growth of attacks involving the exploitation of vulnerabilities as the critical path to initiate a breach when compared to previous years. It almost tripled (180% increase) from last year, which will come as no surprise to anyone who has been following the effect of MOVEit and similar zero-day vulnerabilities. These attacks were primarily leveraged by Ransomware and other Extortion-related threat actors. As one might imagine, the main vector for those initial entry points was Web applications.
- "Roughly one-third of all breaches involved Ransomware or some other Extortion technique. Pure Extortion attacks have risen over the past year and are now a component of 9% of all breaches. The shift of traditional ransomware actors toward these newer techniques resulted in a bit of a decline in Ransomware to 23%. However, when combined, given that they share threat actors, they represent a strong growth to 32% of breaches. Ransomware was a top threat across 92% of industries.
- "Our dataset saw a growth of breaches involving Errors, now at 28%, as we broadened our contributor base to include several new mandatory breach notification entities. This validates our suspicion that errors are more prevalent than media or traditional incident response-driven bias would lead us to believe.”
This video describes many of the 2024 report’s top findings:
WATCHGUARD INTERNET SECURITY REPORT
Key findings from the data show:
- Detections of malware targeting endpoints increased by 82 percent.
- Widespread detection of a malware variant targeting enterprise Internet of Things (IoT) devices such as smart TVs, with detection of “Pandoraspear” malware targeting enterprise smart TVs.
- Emerging trends in malware targeting Chromium-based web browsers.
I think this summary is interesting: “There was a 23% decrease in ransomware detections compared to Q4 2023, with zero-day malware detections falling by 36%.
“The findings from the Q1 2024 Internet Security Report demonstrate the importance for organizations of all sizes to secure internet-connected devices regardless of whether they are used for business or entertainment purposes,” said Corey Nachreiner, chief security officer at WatchGuard. “As we have seen in many recent breaches, attackers can gain a foothold in an enterprise network through any connected device and move laterally to do tremendous damage to critical resources and exfiltrate data. It is now imperative for organizations to adopt a unified security approach, which can be governed by managed service providers, that includes broad monitoring of all devices and endpoints.”
Additional key findings from WatchGuard’s Q1 2024 Internet Security Report include:
- The average volume of malware detections per WatchGuard Firebox plummeted by nearly half (49 percent) during the first quarter, while the amount of malware delivered over an encrypted connection swelled by 14 points in Q1 to 69 percent.
- A new variant of the Mirai malware family that targeted TP-Link Archer devices by using a newer exploit (CVE-2023-1389) to access compromised systems emerged as one of the most widespread malware campaigns of the quarter. The Mirai variant reached nearly 9 percent of all WatchGuard Fireboxes around the globe.
- This quarter, Chromium-based browsers were found to be responsible for producing more than three-quarters (78 percent) of the total volume of malware originating from attacks against web browsers or plugins, a significant rise compared to the previous quarter (25 percent).
- A vulnerability in the widely used HAProxy Linux-based load balancer application, which was first identified in 2023, was among the top network attacks of the quarter. The vulnerability shows how weaknesses in popular software can lead to a widespread security problem.
FINAL THOUGHTS
There are many other new, and excellent, cyber threat, ransomware and data breach reports available to readers, such as the Ransomware Trends Report from Veeam, which highlights that ransomware victims permanently lose 43 percent of the data affected by an attack on average. The IT Governance USA blog provides top U.S. data breach statistics for 2024 (and previous years).
Also, the BlackFog State of Ransomware reports are always fascinating, relevant and interesting. I use their ransomware stats in some of my keynote presentations.
But more than just focusing on current cyber attack trends, which I think are mixed overall, I highlight these reports to help teach readers where to go to gain additional knowledge and deeper insights and on data related to their industries, along with specific aids to help gauge metrics and data surrounding these topics.
I will close with a bit of good news. According to The Hacker News, the U.S. Federal Bureau of Investigation has disclosed that it’s in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.
“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote address at the 2024 Boston Conference on Cyber Security.