Author: Chase Snyder, Sr. PMM, Xage Security
The Verizon Data Breach Investigations Report is an annual publication pulling together data from thousands of security incidents worldwide to deliver a detailed picture of the global state of cyber threats, and cybersecurity. The 2024 DBIR clocks in at a whopping 99 pages. We combed through it to find the most salient and compelling stats and put together a video about it. Here’s the video, the shortlist of stats, and a few related resources to learn more about key topics covered in the report. Dig in!
Here are a few of our takeaways, but you’ll have to watch the actual video if you want to find out how Dragon Ball Z and Tom Cruise fit into the 2024 DBIR report. The document includes tons of silly pop culture references. When you write a 99 page PDF about global cyberattacks, you have to make your own fun somehow.
Let’s get into the stats.
Supply Chain Attacks: Your Vendors Are Your Attack Surface
There was a 68% year over year increase in supply chain interconnection influence on cyberattacks. In short, your software supply chain and your vendors and surface providers are increasingly providing the path for cyberattackers to get into your environment. Doing due diligence on any software you bring in is only the beginning. Zero trust security, robust access controls, multi factor authentication (MFA), and internal segmentation are all vital for preventing a supply chain intrusion from giving an attacker the keys to your whole enterprise. (P.S. Xage recently hosted a panel with Cassie Crossley, the author of the O’Reilly book on Software Supply Chain Attacks. Check out the replay of the session if you want some expert guidance in this area.)
Vulnerabilities Exploitation is up 180%
Usernames and passwords bought on the darkweb are still a huge attack vector, but vulnerability exploits are having a moment. The past year has seen disclosures of high-severity vulnerabilities in some of the biggest enterprise software categories, even cybersecurity products. From Cisco Firewalls to Ivanti VPN and Citrix remote access software, enterprises are finding that the software they thought would protect them or empower their business is actually exposing them to attacks.
Patching Known Exploited Vulnerabilities Still Isn’t Really A Thing
50% of known exploited vulnerabilities remain unpatched after 55 days. Surely this is unrelated to the 180% increase in vulnerability exploitation as a means of initial access. Must be something else going on entirely.
1000 New (?) Credentials Per Day for Sale at 10$ A Pop
Usernames and passwords are cheaper than a medium-sized theater popcorn. No wonder they’re still a popular way for adversaries to break in. Verizon admitted that the research they did for this stat was to watch one dark web forum for a couple of days. If anything, this seems like a low estimate of the number of credentials being made available each day, and a high estimate of the unit price. As long as enterprises are not automatically rotating credentials, decommissioning accounts for departed employees, and requiring MFA for remote access, there will be a booming market for password dumps on the dark web.
25% of Attacks on Manufacturers Used Stolen Credentials
Manufacturers are a juicy target for cyberattackers. They tend to have a mix of legacy and new technologies, and a huge incentive to get their systems back online. If the production line isn’t running, the company is losing money. A Forbes article estimated the cost at up to $22,000 per minute for automotive manufacturers. This stat is a great reason for Manufacturers to prioritize identity-based security measures, especially MFA, automated credential rotation, and distributed password vaulting.
What Does It All Mean?
The Verizon DBIR is a window into the long term changes seen both in the cybersecurity industry and in cyberattacker behavior. By keeping an eye on what attackers are doing, businesses that consider cybersecurity an important part of their continuity plan (which should be every enterprise) can inform their decisions on how to evolve their cybersecurity programs over time.
For a deeper dive on cybersecurity specifically in critical infrastructure and heavy industry, with an emphasis on zero trust security, check out our own recent research on the State of Zero Trust in the Industrial Enterprise.