Security News > 2021 > May > Verizon DBIR 2021: Ransomware, Web App and Phishing Attacks Dominate
The annual bible of security breaches landed on Thursday with confirmation of more bad news: ransomware attacks continue to explode as organizations struggle with securing web apps, cloud deployments and employees victimized by social engineering.
The data, contained in the new Verizon 2021 Data Breach Investigations Report, shows that data-encrypting ransomware attacks appear in about 10 percent of breaches, more than double the frequency from last year.
After crunching the data, the DBIR found that the ransomware spike was influenced by new tactics, where some ransomware actors are stealing the data and naming-and-shaming victims during extortion negotiations.
The report also calls out a spike in attacks against web applications, noting that web-app hacks are the main attack vector in the "Hacking actions" category, accounting for more than 80 percent of all documented data breaches.
The 2021 DBIR is based on the analysis of nearly 30,000 incidents and more than 5,200 confirmed data breaches.
More than 5,000 of the incidents and nearly 1,500 of the confirmed data breaches covered by the latest DBIR impacted organizations in the APAC region, where the most common type of attack involved financially-motivated hackers phishing employee credentials and using them to access email accounts and web application servers.
News URL
Related news
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- JetBrains is still mad at Rapid7 for the ransomware attacks on its customers (source)
- Stanford: Data of 27,000 people stolen in September ransomware attack (source)
- Nissan confirms ransomware attack exposed data of 100,000 people (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- TeamCity Flaw Leads to Surge in Ransomware, Cryptomining, and RAT Attacks (source)
- What the Latest Ransomware Attacks Teach About Defending Networks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)