Social Engineering, Ransomware Continue to Dominate Cyberattack Trends, Verizon Says

June 07, 2023 - Just like in years past threat actors are leveraging ransomware, social engineering, denial of service, and basic web application attacks to disrupt operations and compromise data with great success. Verizon’s newly released 2023 Data Breach Investigations Report (DBIR) provided significant evidence of these trends through its analysis of more than 16,300 security incidents that occurred between November 1, 2021, and October 31, 2022.

Of the 16,312 security incidents analyzed, 5,199 of them were confirmed data breaches. What’s more, 74 percent of all breaches involved a human element, such as social engineering, use of stolen credentials, or privilege misuse.

Last year’s Verizon DBIR observed a 13 percent increase in ransomware year-over-year. This year, ransomware attacks remained steady but did not grow in frequency. Meanwhile, social engineering continued to dominate cyberattacks. Half of all analyzed social engineering attacks were pretexting incidents, which involve attackers fabricating a scenario to steal information.

Across all industries, stolen credentials, phishing, and exploitation of vulnerabilities were the three primary ways in which attackers gained access to an organization.

For healthcare in particular, Verizon tracked 525 incidents during the reporting period, 436 of which resulted in confirmed data disclosure.

Verizon defines a “breach” as an incident that results in confirmed data disclosures to an unauthorized party, while an “incident” is a security event that compromises the integrity, availability, or confidentiality of information.

Top attack patterns in healthcare included system intrusions, basic web application attacks, and miscellaneous errors, which collectively accounted for 68 percent of all healthcare breaches.

“The [h]ealthcare vertical is highly targeted by ransomware gangs, which results in both the loss of use of their systems—potentially with life-threatening consequences—as well as data breaches,” the report stated.

“While the number of ransomware incidents peaked in this industry in 2021, the last three years have seen a jump in data breaches (where the data is confirmed to have been stolen as well as the encryption triggered) caused by ransomware. This combination of attacks by adversaries is resulting in more data being compromised in addition to the usual chaos of staff being forced to do their jobs without the systems they rely upon.”

Verizon stressed the importance of prevention and early detection in mitigating the risks of these attacks in healthcare.

The report also highlighted the continuing relevance of miscellaneous errors in healthcare that result in data breaches, whether in the form of “that spreadsheet with sensitive employee health information accidentally being sent to a much wider distribution than planned” or “a mailing error with paper documents that are placed in such a way that too much information is visible in the envelope’s clear window.”

Although external threats accounted for 66 percent of healthcare incidents, Verizon noted that internal threats should not be ignored, as they still accounted for 35 percent of healthcare incidents in this reporting period.

Overall, the Verizon DBIR reinforced that threat actors are not slowing down their efforts to infiltrate networks, access sensitive data, and disrupt operations across all sectors.