Ransomware attacks have increased by 13% from 2020 to 2021, according to Verizon Business' 2022 Data Breach Investigations Report.

The 13% jump in a single year is greater than the past five years combined. Verizon says ransomware continues to "prove particularly successful in exploiting and monetizing illegal access to private information."

In Verizon's 15^th DBIR, the service provider analyzed 23,896 security incidents between Nov. 01, 2020 to Oct. 31, 2021. Of those incidents, 5,212 were confirmed breaches.

Verizon notes that the time between October 2021 and the summertime publication of the report is spent acquiring data from 80 global contributors, analyzing the data and creating the report.

In addition, Verizon discovered that ransomware attacks doubled from 12% of security breaches in 2020 to 25% in 2021. Taking a closer look at incidents of ransomware, 597 out of 4,799 malware-type breaches were ransomware in 2020. In 2021, there were 740 ransomware cases out of 2,908 malware breaches.*

Figure 1: Ransomware's upward trend Image source: Verizon Business.

Ransomware shows no signs of slowing down

In 2008, when Verizon began the DBIR, hackers were more focused on targeting payment data, but with the onset of PCI DSS standards and improvements to financial security capabilities, this method became less lucrative, Alex Pinto, one of the lead authors of the DBIR, told Light Reading. Payment Card Industry Data Security Standard (PCI DSS) is a data security standard financial organizations and retailers handling credit cards must adhere to as a means to prevent card scams.

Ransomware, on the other hand, has become more popular among hackers because it's "data agnostic," said Pinto.

"You have an almost guarantee that the [victims of ransomware] would be at least very seriously thinking about paying," said Pinto. Ransomware provides bad actors with the means to cast a much wider net than just the financial market and target any vertical by holding their data hostage for payment.

"Ransomware operators have no need to look for data of specific value, e.g., credit cards or banking information," according to the report. "They only need to interrupt the organizations' critical functions by encrypting their data."

Subversive system intrusions

Pinto adds that the bulk of cybercrime falls under the category of "system intrusions," which are "computer-oriented breaches where there was some hacking, vulnerabilities were exploited and malware was installed."

Figure 2: The four main types of system intrusions Image source: Verizon Business.

The four main ways bad actors target organizations and execute system intrusions is via credentials, phishing, exploiting vulnerabilities and botnets, according to the report. Ransomware and supply chain breaches also fall under the category of system intrusions.

Increasing geopolitical tensions are also contributing to the rise in "sophistication, visibility and awareness around nation-state affiliated cyber-attacks," said Verizon.

External threats exceed internal

Organizations also face more threats from external than internal sources, according to Verizon. Nearly four in five breaches were organized crime-related, and external actors are four times as likely as internal actors to cause organizational breaches.

While internal attacks garner more press, they're "not as frequent as folks would like you to believe," said Pinto.

These "external actors" aren't just hackers and criminals. Verizon notes that 62% of system intrusion incidents came through an organization's partner, which puts a spotlight on the challenges organizations face in securing their supply chain.

Even with the best security tools in place, human error remains a big concern. Over the past year, 82% of breaches had a human element. Plus, 25% of total breaches in 2021 resulted from social engineering attacks, which is when a bad actor misleads someone into divulging personal data or credentials, such as a phishing attempt.

The authors of the DBIR seem to understand that divulging the many ways bad actors can target organization's data might lead to sleepless nights on the part of CISOs. With that in mind, the DBIR closes with advice for organizations on how to mitigate security threats, as well as a measuredly optimistic outlook: "Be well, be prosperous, and be prepared for anything."

*Editor's note: Gabriel Bassett, one of the DBIR authors, notes that the percentages are a better indicator of the rate of increase in ransomware. The total number of malware breaches reviewed changes year-to-year in the DBIR report, based on the data acquired from the 80 global contributors. This impacts the total number of malware-type breaches Verizon can review when analyzing changes in rates of ransomware, but the sample size remains statistically significant, explained Bassett.

Related posts:

— Kelsey Kusterer Ziser, Senior Editor, Light Reading