Verizon Provides an Overview of Cloud Cybercrime in a Data Breach Report
Today's computing landscape is characterized by increases in ransomware and phishing, as well as cloud and web application attacks. Events such as the Colonial Pipeline hack demonstrate the expanded role that threat actors play in reinventing themselves to leverage newly discovered weaknesses.
According to Verizon's Data Breach Investigations Report for 2021, the world's threat perpetrators have one trait. They are both desperate for cold hard cash and are rapidly digitally transforming themselves to obtain it. The digital transformation continues with cloud apps, phishing, and ransomware.
According to the Verizon report, most breaches today begin with social engineering strategies designed to gain buy-in from busy end-users. That is the first step in gaining access to privileged credentials, delivering ransomware, or finding other vulnerabilities on a network.
Threat actors understand that any cloud breach strategy relies on effective social engineering.
According to Verizon, 85% of breaches include a human element, which threat actors prefer by a margin of 24% over breaches containing credentials. Verizon has discovered a connection between the rise of social engineering breaches and the compromise of cloud-based email servers.
According to the report, emails are being mined for privileged credentials and used for mass mailings of phishing attempts and ransomware delivery.
According to Verizon's report, public administration agencies lead all sectors in breaches last year. To steal privileged access credentials, threat actors mainly use social engineering to generate credible-looking phishing emails. The entertainment industry had the most overall activity, with 7,065 incidents and 109 breaches, led by the government, with 3,326 incidents and 885 breaches.
Threat actors targeted the entertainment industry by committing ticket fraud, intercepting online payments, and combining phishing and ransomware to divert funds from companies in this industry.
According to Verizon's report, even as enterprises pursued new digital transformation techniques during a global pandemic, threat actors discovered their digital transformation strategies. The pivot point on which bad actors' digital transformation strategies depend is social engineering — convincing people to trust an email or text message, even though it is as easy as clicking on a link.
The Verizon report provides a sobering insight into how rapidly cybercrime is transforming to become more opportunistic, deceptive, and destructive to its victims.