Security News > 2021 > May > Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate
The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering.
The data, contained in the new Verizon 2021 Data Breach Investigations Report, shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.
After crunching the data, the DBIR found that the ransomware spike was influenced by new tactics, where some ransomware actors are stealing the data and naming-and-shaming victims during extortion negotiations.
The report also calls out a spike in attacks against web applications, noting that web-app hacks are the main attack vector in the "Hacking actions" category, accounting for more than 80 percent of all documented data breaches.
The 2021 DBIR is based on the analysis of nearly 30,000 incidents and more than 5,200 confirmed data breaches.
More than 5,000 of the incidents and nearly 1,500 of the confirmed data breaches covered by the latest DBIR impacted organizations in the APAC region, where the most common type of attack involved financially-motivated hackers phishing employee credentials and using them to access email accounts and web application servers.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Underground ransomware claims attack on Casio, leaks stolen data (source)
- Casio confirms customer data stolen in a ransomware attack (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)