Despite a global focus on cybersecurity, increased pressure from law enforcement on cybercrime groups and a software industry that continues to rapidly innovate to solve security issues, ransomware continues its upward trajectory, rising as much in one year as it has over the past five years combined, according to Verizon’s 2022 Data Breach Investigations Report.
According to Verizon, ransomware continues to be a financial lifeline for cybercriminals and organized groups, with the extortion method now present in nearly 70% of all malware breaches this year, with such attacks increasing by 13% in a single year.
The report also details how ransomware groups are gaining initial access in the first place, with credential stealing, phishing, exploiting vulnerabilities and botnets—in that order—continuing to provide hackers access to victim environments to deploy ransomware.
Verizon’s report also found that desktop sharing software was involved in 40% of ransomware incidents, suggesting that organizations need to do a much better job of securing those tools. Another 35% involved the use of email, which has long been known as a tool easily compromised by malicious threat actors.
“There are a variety of different tools the threat actor can use once they are inside your network, but locking down your external-facing infrastructure, especially RDP and Emails, can go a long way toward protecting your organization against ransomware,” the report says.
Those four paths pervade all areas of Verizon’s Data Breach Investigation Report, and every organization needs a plan to handle them all, the company urges.
Credential stealing and social engineering as initial access vectors are rampant, indicating that account compromise continues to be a massive target for cybercriminals and nation state actors.
Also highlighted in the report is the devastating effect a supply chain breach can have on the IT ecosystem. We only need to look at a few recent examples to see just how dangerous these compromises can be, with the SolarWinds breach, Kaseya ransomware deployment and Log4Shell still fresh in the minds of many IT professionals.
The report found that compromising the right partner is a force multiplier for threat actors, with many nation-state groups skipping the breach entirely and simply maintaining access to leverage it in the future.
The report found that supply chain partners accounted for the vector in 62% of system intrusion incidents, which Verizon defines as complex attacks that leverage malware and/or hacking to achieve objectives. This outranks software updates, desktop sharing software, email, web apps, backdoors, VPNs and all other action vectors.
Other notable findings include that about 80% of breaches are attributed to organized crime, with external network attackers about four times more likely to be the source of data breaches than internal actors.
Verizon Chairman and CEO Hans Vestberg said in a statement that the past few years have exposed a number of critical security issues, including the need to adapt to the rapidly changing cybersecurity climate.
“As we continue to accelerate toward an increasingly digitized world, effective technological solutions, strong security frameworks, and an increased focus on education will all play their part in ensuring that businesses remain secure, and customers protected,” Vestberg said.