Press ReleaseCyber Crime & ForensicIdentity & AccessThreat Detection & Defense

Espionage Attacks Rampant in 2024 Data Breach Report

Verizon Business today released the findings of its 17th-annual Data Breach Investigations Report (DBIR), which analysed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023—a two-fold increase over 2022.

While the exploitation of vulnerabilities has become one of the fastest growing threats to cybersecurity, data from the Asia-Pacific region found that 25% of attacks are motivated by espionage – significantly greater than the 6% and 4% in Europe and North America, respectively.

“Since so much of cyber espionage can be defined as an advanced persistent threat, it’s especially important for organisations in APAC to continuously refresh their security protocols in order to thwart the long-term collection of sensitive data by threat actors,” said Chris Novak, Sr. Director of Cybersecurity Consulting, Verizon Business. “It’s equally important to review one’s third-party network since sensitive information with national security implications can sometimes be accessed via organisations with more lax cybersecurity practices, such as academic institutions and research facilities.”

Of the 2,130 security incidents and 523 confirmed breaches in the Asia-Pacific region, system intrusion, social engineering, and basic web application attacks represent 95% of breaches in APAC. The most common types of data compromised are credentials (69%), internal (37%), and secrets (24%).

Globally, the exploitation of vulnerabilities as an initial point of entry almost tripled since last year, now accounting for 14% of all breaches. This spike was driven primarily by the scope and increasing frequency of zero-day exploits by ransomware actors, most notably the MOVEit breach, one of the most widespread exploitations of a zero-day vulnerability in history.

Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue revealed that on average it takes organisations  55 days to remediate 50% of critical vulnerabilities following the availability of patches. Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days.

Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric—new for the 2024 DBIR— shows a 68% increase from the previous period described in the 2023 DBIR.

Most breaches (68%), whether they include a third party or not, involve a non-malicious human element, which refers to a person making an error or falling prey to a social engineering attack. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.

“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatises human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” said Robert Le Busque, Regional Vice President, Asia Pacific for Verizon Business.

Other key findings from this year’s report include:

  • 32% of all breaches involved some type of extortion technique, including ransomware.

  • Over the past two years, roughly one-fourth (between 24% and 25%) of financially motivated incidents involved pretexting.

  • Over the past 10 years, the use of stolen credentials has appeared in almost one-third (31%) of all breaches.

View the 2024 Data Breach Investigations Report here.

Click here for more information on ways to help defend against zero-day vulnerabilities and other cyber threats.

You can also read the Global Press Release here.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *