Verizon DBIR 2022: Which Attack Vectors Lead to Most Incidents?

Verizon has conducted its annual Data Breach Investigations Report (DBIR) every year since 2008. What they found this year was that nearly every breach could be traced back to human error or supply-chain compromises. These breaches cost companies an average of $4.24 million, which means it’s worth knowing the most common attack vectors. Below we look at which ones are the go-to’s for hackers and how to mitigate the risks.

What Is an Attack Vector?

In the cybersecurity world, vector refers to the method of attack. These attacks allow criminals to exploit vulnerabilities to extract valuable information after a breach.

The Countdown: Least to Most Dangerous

We’ll look at the different vector examples from the Verizon DBIR, building from bad to catastrophic.

Trojan-Downloader Malware
Trojan-downloader malware is a type of trojan that can wait until the right connection opens up (e.g., remote server, website, etc.). Only then will it download malware onto the infected computer. One of the most famous kinds of malware is known as NotPetya, which made headlines in 2016 and 2017. Petya and NotPetya both encrypt the hard drives of infected computers, though NotPetya is more versatile in its spread and likely to be government-sponsored in Russia.

Direct Action
Direct action viruses (sometimes known as direct install) hide in otherwise legitimate programs. As soon as that program is launched, the virus is installed. The code of the virus can actually be positioned between the hard disk and diskettes, making it possible to affect multiple devices. There is some evidence that this is a common methodology for government-sponsored Chinese hackers. They largely target VPNs and public-facing apps.

Remote Injection
Remote Desktop Protocol (RDP) hacks are an attempt for criminals to access the passwords and system information on workplace networks. The US Office of Personnel Management was hacked in 2015 and went through an ordeal when a hacker was able to gain permission to the agency’s servers. Now that more people are working from home, this kind of attack is becoming more popular by the day and why organizations need to implement methodologies like zero trust to better protect their data and systems.

Carelessness
Link clicks, downloads, forgotten updates, misconfigurations: plenty of hackers use plain old human error to their advantage. Twitter employees famously fell victim to a spear-phishing hacking where criminals collected information about employees working from home and then posed as Twitter execs to gain access to their credentials. They were then able to reset accounts for some of the most famous Twitter users on the platform.

Backdoor
A backdoor refers to any method that allows someone to bypass the standard security metrics of a system. Back doors aren’t solely used by hackers, though the term is often used in this context. Hackers will distribute backdoor apps through something like fake crypto wallets, such as one famous breach story that originated from China. Once they’d distributed the backdoor app, they then used the technology to access funds.

Software Update
If a hacker gets hold of a distributor’s key, they can use it to sign a malicious update and then send it to a target. This is a stealthy one as other users will see just the regular update channel. Android made headlines in 2021 when a hacker group designed malware that successfully posed as an update.

Partner Breach
In 2021, 61% of breaches were a supply-chain partner issue, meaning criminals are targeting companies upstream. Doing so gives them access to more organizations at once. When the government IT firm SolarWinds was hacked, 80% of those affected were non-government agencies.

Email Hack
Email is still a great way for hackers to exploit businesses and individuals by gaining access. Commonly known as spoofing, this attack vector typically involves a hacker pretending to be someone else. The chairman of Hillary Clinton’s campaign famously found himself a victim of Russian hackers who pretended to be Google. It meant that they could release all of his emails before the election.

Web Application
Cybercriminals are always looking for opportunities with software and servers. If they can exploit a vulnerability and keep it hidden until they launch the attack, this is known as a zero-day attack. Sony Picture Entertainment was famously breached last year thanks to an undisclosed vulnerability — one that gave hackers the ability to attack multiple parts of the studio’s network.

The takeaway here is that no one is immune from these attack vectors, regardless of how many resources they have at their disposal. (If Sony’s having trouble with security, small businesses aren’t going to have it any easier.)

It’s critical for IT employees to be aware of these threats, and to diversify their protections and security visibility whenever and wherever possible. The DBIR suggests that even a few policy changes, such as more frequent password updates or training employees to spot fake emails, could make a big difference in whether they’re targeted for or vulnerable to an attack.

DBIR Over the Years

Now that we covered 2022, we thought it would also be interesting to take a walk down memory lane and include our review of the top 5 cyber security takeaways from the 2017 DBIR as many of the items are still relevant today.

The 2017 Verizon Data Breach Investigations Report (DBIR) contained almost 2,000 confirmed data breaches and more than 42,000 security incidents, which jumped up to 5,199 confirmed breaches in the 2023 report. Here are the top trends:

• Your employees are your biggest risk, but can also be your best defense. Accidental or purposeful internal actions can put your organization at risk. The most popular cause of cyberattacks is still employees clicking on links or downloading malicious content. Businesses would benefit from focusing on investing in employee education to build up the strength of their human firewall and bring down their risk factors.

• Password management is critical. Hacking attempts through weak passwords have increased from 63% to 80% in the past year. Your IT team would benefit from requiring all users to change their passwords every 30, 60, or 90 days, and implementing two-factor authentication for access to critical data. Ensure your IT department or MSP is following best practices when it comes to security with a security gap assessment, which looks at password policies and enforcement as well as 122 other areas of your business and provides recommendations.  

• Phishing attempts are becoming more sophisticated. The GoogleDocs cybercrime was one of the first attacks to hit so many users at so many different times in a coordinated strike. However, phishing attacks will only get smarter over time, as they rarely make the same attempt twice. A security team would benefit from being able to react in real-time to prevent users from opening malicious downloads.

• Ransomware incidents increase by 50%. Jumping from the 22^nd most popular choice of malware to the 5^th, this change implies that hackers are shifting more towards organized attacks on vulnerable organizations rather than random individual users. The targets of these attacks are typically not prepared for a ransomware hit and choose instead to pay the price of releasing their data rather than implementing a protective system, such as remote managed backups, to render the hacker powerless. WannaCry and the ransomware attacks that follow are not listed in this report– evidence that these attempts will continue to become more sophisticated. 

• The healthcare industry is currently one of the most targeted industry. This year’s security breach report marked the first year where attacks were sorted by industry. The data reflects that healthcare businesses, from major hospitals to six-person dental offices, accounted for 15% of the reported data breaches. No matter your industry, it is imperative that your client information cannot be breached; the amount of trust that will be lost in your business might cost more than paying a ransom to get it back, but there are steps you can take now to prevent anything from happening.

The only difference between an inconvenience and a disaster is how quickly an organization can detect and respond to an incident. Give your business the advantage to respond in real-time with IT Support Services that include 24×7 data protection.