{"id":92415,"date":"2023-06-06T21:48:34","date_gmt":"2023-06-06T21:48:34","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4109164"},"modified":"2023-06-06T21:48:34","modified_gmt":"2023-06-06T21:48:34","slug":"verizon-2023-dbir-ddos-attacks-dominate-and-pretexting-lead-to-bec-growth","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92415","title":{"rendered":"Verizon 2023 DBIR: DDoS attacks dominate and pretexting lead to BEC growth"},"content":{"rendered":"<div id>\n<p> In Verizon\u2019s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_4001793\" aria-describedby=\"caption-attachment-4001793\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4001793\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/verizon-2023-dbir-ddos-attacks-dominate-and-pretexting-lead-to-bec-growth.jpg\" alt=\"A red lock representing cybersecurity is being destroyed.\" width=\"770\" height=\"433\"><figcaption id=\"caption-attachment-4001793\" class=\"wp-caption-text\">Image: Ar_TH \/Adobe Stock<\/figcaption><\/figure>\n<p><a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener noreferrer\">Verizon\u2019s just-released 2023 Data Breach Investigations Report<\/a> shows the continued effectiveness of business email compromises. The study, which tracked incidents occurring between November 1, 2021 and October 31, 2022, found that BEC attacks doubled and represented more than 50% of social engineering attacks. The global study included incidents in the Asia-Pacific regions, EMEA, North America, and Latin America.<\/p>\n<p>BECs have evolved to include several sophisticated gambits, including one <a href=\"https:\/\/www.techrepublic.com\/article\/bec-attacks\/\">recently reported<\/a> by Avanan, a unit of Check Point Software, involving the use of legitimate services, like Dropbox, to hide malware.<\/p>\n<p>The study offered a broad look at actors, actions, trends and incidents across industries, noting that public administration (3,270 incidents), information (2,105), finance (1,829) and manufacturing (1,814) are the sectors that experienced the highest numbers of incidents over the period.<\/p>\n<p>The report offered these major findings:<\/p>\n<ul>\n<li>74% of all breaches included the human element, with people being involved either via error, privilege misuse, use of stolen credentials or social engineering.<\/li>\n<li>83% of breaches involved external actors, and the primary motivation for attacks continues to be overwhelmingly financially driven (95%).<\/li>\n<li>The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilities.<\/li>\n<\/ul>\n<p>Jump to:<\/p>\n<h2 id=\"social\">Social engineering pretexts trick users into dropping credentials<\/h2>\n<p>Built upon analysis of 953,894 incidents, of which 254,968 are confirmed breaches, the Verizon study found that 50% of all social engineering incidents during the study period used pretexting, a phishing tactic that involves tricking someone into giving up information that may result in a breach. According to the study, the practice, which is commonly used in BEC attacks, doubled in volume compared to the prior year\u2019s.<\/p>\n<p>Verizon reported 1,700 social engineering incidents overall, with attackers most often using it to steal credentials (<strong>Figure A<\/strong>).<\/p>\n<p><strong>Figure A<\/strong><\/p>\n<figure id=\"attachment_4109169\" aria-describedby=\"caption-attachment-4109169\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4109169\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/verizon-2023-dbir-ddos-attacks-dominate-and-pretexting-lead-to-bec-growth.png\" alt=\"Pretexting showed rapid growth over the past three years.\" width=\"770\" height=\"343\"><figcaption id=\"caption-attachment-4109169\" class=\"wp-caption-text\">Pretexting showed rapid growth over the past three years. Image: Verizon<\/figcaption><\/figure>\n<p><strong>SEE: <\/strong>Half of companies tracked in a <a href=\"https:\/\/www.techrepublic.com\/article\/barracuda-networks-spearphishing-study\/\">new study<\/a> were hit by spearphishing campaigns (TechRepublic)<\/p>\n<h2 id=\"financial\">Financial gain trumps politics in exploits<\/h2>\n<p>An uptick in espionage and <a href=\"https:\/\/www.techrepublic.com\/article\/ddos-attacks-finland-israel\/\">state-aligned actors<\/a> notwithstanding, the Verizon study reported that financial motives were behind 94.6% of breaches, with organized crime being the most prevalent threat actor.<\/p>\n<p>The authors of the study also reported a fourfold increase this year in the number of breaches involving cryptocurrency compared to the prior year\u2019s recorded breaches. \u201cThat is a far cry from the days of innocence in 2020 and earlier, when we got one or two cases maximum each year,\u201d they wrote.<\/p>\n<p>Verizon reported the percentages of financially motivated attacks by category:<\/p>\n<ul>\n<li><strong>System intrusions:<\/strong> 97%, with only 3% aimed at espionage.<\/li>\n<li><strong>Social engineering exploits: <\/strong>89%, with 11% aimed at espionage.<\/li>\n<li><strong>Basic web application attacks:<\/strong> 95%, with 4% aimed at espionage.<\/li>\n<li><strong>Lost and stolen assets:<\/strong> 100% financial gain.<\/li>\n<\/ul>\n<h2 id=\"ddos\">DDoS tops the list of attack patterns<\/h2>\n<p>Verizon reported 6,248 distributed denial of service incidents. The study\u2019s authors noted the brute force DDoS tactic called DNS water torture reportedly grew in prevalence (<strong>Figure B<\/strong>).<\/p>\n<p><strong>Figure B<\/strong><\/p>\n<figure id=\"attachment_4109167\" aria-describedby=\"caption-attachment-4109167\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-article wp-image-4109167\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/06\/verizon-2023-dbir-ddos-attacks-dominate-and-pretexting-lead-to-bec-growth-1.png\" alt=\"DDoS is still the most prevalent attack action, followed by system intrusions.\" width=\"770\" height=\"344\"><figcaption id=\"caption-attachment-4109167\" class=\"wp-caption-text\">DDoS is still the most prevalent attack action, followed by system intrusions. Image: Verizon<\/figcaption><\/figure>\n<p>\u201cA point of attention that some of our partners brought to us was the growth of distributed DNS Water Torture attacks in, you guessed it, shared DNS infrastructure,\u201d the study authors wrote, noting the attacks are a resource exhaustion attack done by querying random name prefixes on the DNS cache server so it always misses and forwards it to the authoritative server.<\/p>\n<p>According to the study, there were 3,966 system intrusion incidents involving attacks using malware to breach organizations, which often resulted in the delivery of ransomware. In 34% of cases, data compromised was personal in nature, followed by system data, and finally internal data.<\/p>\n<p><strong>SEE: <\/strong>Web users are not very aware of their <a href=\"https:\/\/www.techrepublic.com\/article\/okta-customer-identity-trends\/\">data footprints<\/a>. (TechRepublic)<\/p>\n<h2 id=\"use\">Use of stolen credentials drives web application attacks<\/h2>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>About one quarter of Verizon\u2019s dataset for its study involved basic web application attacks, 86% of them using stolen credentials, which attackers employ to gain access to enterprises. The study reported 1,404 such incidents over its period of observation, with 86% aimed at credential theft, 72% for personal data and 41% seeking internal data.<\/p>\n<p>Verizon also recorded 602 miscellaneous errors that include misconfigurations often committed by system administrators and developers. The study reported that 99% of these errors were internal, with 89% of compromises involving personal data.<\/p>\n<h2 id=\"insiders\">Insiders, yes, but mostly external actors<\/h2>\n<p>Attackers on the outside were responsible for 83% of breaches, while internal actors (deliberately or inadvertently) accounted for 19% of breaches, according to Verizon. The report\u2019s authors said 62% of all incidents were committed by organized crime.<\/p>\n<h2 id=\"stolen\">Stolen credentials: The most common action<\/h2>\n<p>Nearly half of breaches in the study period involved theft of credentials, with delivery of ransomware being the central action in just over 20% of breaches. Phishing was the action attackers took in 12% of external attacks, followed by breaches, in which the actions attackers focused on were:<\/p>\n<ul>\n<li>Pretexting<\/li>\n<li>Exploiting vulnerabilities<\/li>\n<li>Creating misdeliveries<\/li>\n<li>Abusing privilege<\/li>\n<li>Installing a backdoor<\/li>\n<li>Exfiltrating data<\/li>\n<li>Scanning networks<\/li>\n<\/ul>\n<h2 id=\"attacked\">Attacked assets led by web servers<\/h2>\n<p>The vast majority of attacks tracked by Verizon (83%) affected servers. Only 20% of attacks affected people directly. A decreasingly small percentage of attacks impacted media, kiosks and terminals, networks and embedded systems.<\/p>\n<p> <!-- default newsletter at the end --> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>In Verizon\u2019s just-released 2023 Data Breach Investigations Report, money is king, and denial of service and social engineering still hold sway. Image: Ar_TH \/Adobe Stock Verizon\u2019s just-released 2023 Data Breach Investigations Report shows the continued effectiveness of business email compromises. The study, which tracked incidents occurring between November 1, 2021 and October 31, 2022, found [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92416,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39,40,783,56,491,113,287],"tags":[],"class_list":["post-92415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-big-data","category-cloud","category-cloudsync","category-cybersecurity","category-data-breaches","category-phishing","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92415"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92415\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92416"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}