Verizon’s 2024 DBIR Unpacked: From Ransomware Evolution to Supply Chain Vulnerabilities

As we delve into cybersecurity’s complex and evolving landscape, the Verizon 2024 Data Breach Investigations Report (DBIR) offers crucial insights into the mechanisms and motives behind the latest wave of cyberattacks. Qualys is once again proud to contribute to the report, helping to dissect these patterns and equip all with the knowledge to fortify the defenses and anticipate future threats.

This year’s report highlights a significant surge in vulnerability exploitation, a trend that shines a spotlight on the escalating daily challenges that organizations face. This post seeks to unpack the exploitation trend, provide a few of the significant and insightful findings in the report, and provide our perspective on what the reader should take away from this year’s findings.

Significant Increase in Exploitation of Vulnerabilities 

The Verizon 2024 DBIR notes, “This 180% increase in the exploitation of vulnerabilities as the critical path action to initiate a breach will be of no surprise to anyone who has been following the MOVEit vulnerability and other zero-day exploits that were leveraged by Ransomware and Extortion-related threat actors.”

Organizations must prioritize timely patching and adopt a zero-trust framework to mitigate the escalating risks associated with ransomware and extortion schemes. By fortifying our defenses with advanced detection tools and prioritizing the swift application of patches, organizations can better shield themselves from the expanding scope of these cyber threats. Qualys is proud to swiftly detect zero-day vulnerabilities within four hours, greatly surpassing industry benchmarks. Our average median time for addressing critical zero-day issues is 16 hours.

The need to manage and remediate a growing number of vulnerabilities is a continual challenge for organizations. This brings us to an essential insight: “If we can’t patch the vulnerabilities faster, it seems like the only logical conclusion is to have fewer of them to patch. We realize this is the stuff of our wildest dreams, but at the very least, organizations should be holding their software vendors accountable for the security outcomes of their product, even if there is no regulatory pressure on those vendors to do better.”

In addition to holding software vendors accountable, Qualys offers a streamlined and comprehensive approach to addressing this challenge. Our methodology, using QIDs, efficiently manages vulnerabilities by consolidating similar CVEs under a single QID based on required remediation actions. This enhances the efficiency of the remediation process and ensures more focused and effective vulnerability resolution by providing a concise, actionable list of vulnerabilities and reducing redundancy in patching efforts without inflating findings.

Qualys VMDR offers comprehensive coverage and visibility into vulnerabilities, empowering organizations to rapidly respond, prioritize, and mitigate the associated risks.

The Escalation of Ransomware and Extortion Techniques

This report brings to light some alarming trends in cyber extortion, particularly concerning the rise of ransomware attacks. According to the Verizon 2024 DBIR, “Roughly one-third of all breaches involved Ransomware or some other Extortion technique. Pure Extortion attacks have risen over the past year and are now a component of 9% of all breaches. The shift of traditional ransomware actors toward these newer techniques resulted in a bit of a decline in Ransomware to 23%. However, when combined, given that they share threat actors, they represent a strong growth to 32% of breaches.”

This finding stresses the need for enhanced vulnerability detection and rapid patch management. This data points towards the necessity of a multi-layered defense strategy that integrates proactive threat hunting and immediate remediation efforts.

Credential Theft and Web Application Vulnerabilities 

The Verizon 2024 DBIR emphasizes the continuous risk of credential theft and vulnerabilities in web applications. It states, “The presence of Credentials in the graphic should not be surprising as it carries a large share of the guilt for our Basic Web Application Attacks pattern.” Organizations need to prioritize robust authentication mechanisms and continuous vulnerability management to mitigate these prevalent risks effectively.

Supply Chain and Third-Party Risk

The report introduces a new focus on third-party and supply-chain vulnerabilities. As the Verizon 2024 DBIR noted, “For a breach to be a part of the supply chain interconnection metric, it will have taken place because either a business partner was the vector of entry for the breach… or if the data compromise happened in a third-party data processor or custodian site.” This highlights the growing importance of securing the supply chain against breaches.

Gateway to Compromise

The report offers valuable insights into prevalent vulnerabilities and attack vectors used by threat actors. A significant takeaway from the report is the variety of methods attackers employ to install malware, such as ransomware or backdoors. As detailed, “Direct install” is a common method where threat actors utilize existing system access for malware installation. Web applications continue to be a preferred target due to their vulnerabilities. Additionally, email and desktop-sharing software remain critical vectors for initiating attacks. The Verizon 2024 DBIR also mentions that while these are primary vectors, numerous other methods, including VPNs and software updates, play a substantial role, thus stressing the importance of a comprehensive approach to cybersecurity, including attention to malware infections, stolen credentials, and unpatched systems.

To address these challenges, organizations must adopt a well-rounded vulnerability management strategy. Relying solely on agent-based solutions can leave critical vulnerabilities undetected, and many organizations lack scalable prioritization methodologies. Combining agent-based and agent-less methods is crucial. Qualys offers a comprehensive solution that includes network, external, and passive scans, providing a proactive approach to help businesses stay ahead in the evolving threat landscape.

Evolving Threats

The Verizon 2024 Data Breach Investigations Report sheds light on evolving cybercriminal tactics, notably illustrated by the MOVEit incident. This event highlighted the shift towards using zero-day vulnerabilities for extortion without the typical deployment of ransomware, which predominantly affects the education sector. The report states that this demonstrates “a remarkable ability to evolve their tactics,” with ransomware groups increasingly exploiting unknown vulnerabilities for broader extortion schemes. The lesson here underscores the necessity for proactive security measures. Organizations must prioritize rapid patch application and adapt their defense strategies to address these evolving threats, ensuring robust protections against cyber threats’ versatile and adaptive nature.

Qualys takes pride in its ability to rapidly identify and respond to zero-day vulnerabilities, setting a new industry standard. Our dedicated team ensures that critical zero-day issues are addressed with unparalleled speed and efficiency, providing customers with peace of mind in today’s evolving cyber threat landscape.

This report also reveals a concerning trend in cybersecurity: users typically click on a malicious phishing link within just 21 seconds of receiving it and often provide data a mere 28 seconds later. This means someone takes less than a minute to fall victim to phishing. This rapid response demonstrates the effectiveness of phishing tactics and highlights the urgent need for increased user education and robust preventative measures.

Our Perspective

The 2024 Verizon Data Breach Investigations Report (DBIR) highlights cyber threats that are evolving and increasingly complex in our interconnected world. These findings spotlight a crucial theme: today’s cyber threats’ dynamic and increasingly sophisticated nature. Here are our key takeaways:

Adaptive Threat Landscape: The report details a notable increase in ransomware, extortion techniques, and vulnerability exploitation, showing that cybercriminals are becoming more adaptive and opportunistic. They effectively utilize everything from zero-day vulnerabilities to social engineering tactics like phishing to penetrate systems.

Convergence of Threats: It also notes an evolution of ransomware into more complex forms of extortion, marking a convergence of threats where different attack methods merge into hybrid tactics. This convergence complicates organizations’ ability to predict and defend against attacks as the distinctions between attack types become increasingly blurred.

Human Element in Cybersecurity: This highlights the rapid rate at which individuals fall for phishing scams; the 2024 DBIR underscores the critical importance of human behavior in cybersecurity. It advocates for a dual approach that focuses on technological defenses and emphasizes the need for comprehensive user education and behavioral adjustments to bolster security.

Strategic Vulnerability Management and Holistic Defense Mechanisms: The 2024 Verizon DBIR emphasizes a critical increase in vulnerability exploitations, highlighting the need for urgent, strategic vulnerability management. We advise organizations to implement comprehensive, proactive strategies, including agent-based and agent-less security measures, to preempt potential breaches. Additionally, organizations require a multi-layered defense strategy, integrating advanced detection tools, zero-trust frameworks, and rapid patch management.

Given supply chains’ increasing complexity and interconnectedness, this holistic approach to cybersecurity is essential. These networks are often targeted by cyber threats, affecting not just individual organizations but also extending to third-party interactions and the broader supply chain.

AI, Machine Learning, and Quantum Computing Threats: The proliferation of AI and machine learning is expected to be leveraged by both defenders and attackers. AI can swiftly predict and counteract attacks but may also be used to develop more sophisticated cyber threats. Additionally, as quantum computing advances, it poses a potential risk to current cryptographic protocols. Organizations should prepare for this by developing quantum-resistant cryptography to safeguard data against future threats.

Conclusion

The Verizon 2024 Data Breach Investigations Report (DBIR) is an indispensable resource for understanding cybersecurity threats’ current and evolving landscape. This report is a must-read for all cybersecurity professionals and organizations looking to enhance their defensive capabilities against increasingly complex cyber threats.