Verizon's DBIR Exposes Greatest Threats Organizations Faced in 2021

Verizon's DBIR Exposes Greatest Threats Organizations Faced in 2021

By Special Guest
Reece Loftus, Senior Research Analyst at Artin Arts

While there are many reports published about annual cyber security trends, one of the most anticipated reports each year comes from Verizon, with their very detailed Data Breach Investigation Report. The headline in their most recent edition makes it very clear that the number one cause of breaches was credential theft or misuse (nearly 50%), with phishing (at 19%), vulnerability exploitation (at 10%) followed by botnets (at a scant 1%).

The number one action type in their dataset for very small businesses was identified as ransomware attacks, a type of malicious software that encrypts data so it cannot be viewed or utilized, and once the ransomware is triggered the threat actor demands a (frequently large) payment to unencrypt it.

So advanced have cyber attackers become that they “often run their enterprise just like a legitimate business and may even take advantage of criminal call centers (yes, these exist) to help lend credence to their ploy.”

Pretexting (for example, often quite convincing looking invoices that look like it comes from a known supplier but has a different payment account or an email from a business partner saying they’re in a pinch and need a quick payment made on their behalf) became pervasive in 2021, with many schemes including email, phone, and text messaging.

Often called “social engineering,” criminals try “to fool you into doing something you should not, such as providing them with your username and password or clicking on a malicious link.” The DBIR shared examples including “click here to reset your password” or download an invoice, view the pdf attachment, verify your bank account number, etc. These attacks can be extremely realistic and are often very hard to identify.

The goal of these “campaign” attacks is usually the automated transfer of funds from your organization to the criminal’s bank account, according to Verizon.

Much of the 2022 DBIR is focused on Small and Medium Businesses (SMBs), and by way of advice, the authors provided this list of what those organizations should do to avoid becoming a target:

  1. Use two-factor authentication
  2. Do not reuse or share passwords
  3. Use a password keeper/generator app
  4. Be sure to change the default credentials of the Point of Sale (PoS) controller or other hardware/software
  5. Ensure that you install software updates promptly so that vulnerabilities can be patched
  6. Work with your vendors to be sure that you are as secure as you can be, and that they are following these same basic guidelines
  7. Keep a consistent schedule with regard to backups and be sure to maintain offline backups—meaning that they are not on a device connected to a computer
  8. Ensure that the built-in firewall is switched on for user devices such as laptops and desktops (“on” may not be the default)
  9. Use antivirus software, for all your devices. Smartphones, tablets, and credit card swipers are just as important as laptops and computers. It won’t catch everything, but it will help
  10. Do not click on anything in an unsolicited email or text message
  11. Set up an out-of-band method for verifying unusual requests for data or payments
  12. Make sure the computer used for financial transactions is not used for other purposes such as social media or email
  13. Use email services that incorporate phishing and pretexting defenses and use a web browser that warns you when a website may be spoofed

“The Web browser has become a very popular way in for sophisticated bad actors,” said Osman Erkan, CEO of DefensX, a cloud-native platform to which businesses subscribe on a per-user basis to eliminate web-borne threats. “Almost all successful attacks originate from the public Internet, and Web-browser-based attacks are the leading source of attacks on users. Information security architects can't stop attacks but can contain the damage by isolating end-user Internet browsing sessions from enterprise endpoints and networks. By isolating the browsing function, malware is kept off the end user's system and the enterprise has significantly reduced the surface area for attack by shifting the risk of attack to the server sessions, which can be reset to a known good state on every new browsing session, or URL accessed.”

The DBIR report listed several browser-related incidents in 2022 including:

  • In February, Google issued Chrome browser updates to mitigate one zero-day.
  • In June, Apple patched two zero-days in iPadOS and iOS and Google patched one in Chrome browser.
  • In September, Google patched five vulnerabilities being exploited in zero-day attacks on Chrome browser.
  • In October, zero-day attacks also struck Microsoft, Apple, and the Chrome browser.
  • In December, zero-day attacks impacted one Windows and one Chrome browser vulnerability respectively.

Erkan explained that as social engineering – phishing – pretexting – and other criminal artforms grow in subtlety and sophistication that “addressing the human element has never been more important. “Technical Web browser vulnerabilities can be addressed with software updates, but until organizations of all sizes put tools in place for every team member that automatically protect them from clicking on a risky link and going to a risky website, these attacks will continue to take down systems and result in potentially fatal losses. This is especially true of highly regulated industries, which are required by law to ensure risk is being managed professionally and effectively with modern solutions.”

Scott Chasin, CTO at Pax8, which has developed one of the world’s largest and fastest growing cloud marketplaces for MSPs serving Small and Medium Enterprises (SMEs), said interest in and consumption of cloud-delivered cybersecurity solutions has been growing steadily as more and more applications are being delivered as-a-service from the cloud.

“People often take the Web browser for granted,” Chasin said, “until they realize that in this world of remote working, their teams are using Web browsers constantly, on their smartphones, tablets, and laptops. During busy times, workers are multitasking just to keep up with their responsibilities and can easily click on something dangerous because an email looks normal enough to be trusted. All it takes is a single action to set off any number of detrimental consequences. We recommend that MSPs bring automation to solve for these increasing web and browser threats, including software that alerts users to even the most subtle social engineering and phishing attacks, and stops them from engaging with a nefarious website or application.”

Browser Isolation (also known as Web Isolation) contains web browsing activity inside an isolated environment to protect computers from any malware the user may encounter, and Remote Browser Isolation (RBI) can occur locally on the computer or remotely on a server and provides malware protection while browsing by eliminating the opportunity for malware to access the end user’s device.

“Web browser isolation, which is one important element of a solid security posture for organizations small and large, essentially secures against web-based threats by executing all browsing activity in an isolated virtual environment,” Erkan explained. “Threats are contained and can’t infiltrate any part of any communications ecosystem, including an end-user’s computer or smartphone, or other devices on the network. There are a variety of solutions, but where DefensX has found success is in making the solution easy to implement and manage, with a highly intuitive experience for end-users that they truly appreciate – automated guidance and security based on policy that stops attacks before they happen.”

According to an Insight Partners’ market study on “Browser Isolation Software Market Forecast to 2027 – COVID-19 Impact and Global Analysis – by Deployment, Enterprise Size, and End-Use Industry,” the market was valued at $1,830.8 million in 2019 and is projected to reach $6,635.1 million by 2027; it is expected to grow at a CAGR of 18.2% from 2020 to 2027.




Edited by Greg Tavarez
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Shining a Light on the Dark Web: Searchlight Cyber Debuts Comprehensive Hub

By: Greg Tavarez    3/28/2024

The Dark Web Hub is a one-stop shop for crucial context and continuously updated information on dark web marketplaces, ransomware actors, hacking foru…

Read More

Stellar Cyber and Trellix Bridge the Gap in Security Operations

By: Greg Tavarez    3/28/2024

Stellar Cyber announced the integration with Trellix Endpoint Security HX to allow customers to deploy more robust security solutions and improve thei…

Read More

CyberSaint Raises $21M in Series A Funding to Continue Securing its CyberStrong Customers

By: Alex Passett    3/27/2024

CyberSaint announced that it succeeded in a huge $21 million Series A funding round. This was led by Riverside Acceleration Capital (RAC) with other i…

Read More

US Education Receives Security Upgrade with Free Browser Protection Offered by Conceal, Carahsoft

By: Greg Tavarez    3/27/2024

Conceal and Carahsoft recently unveiled an initiative to fortify the cybersecurity infrastructure of U.S. educational institutions.

Read More

Cato's AI Takes Control of Security and Incident Response

By: Greg Tavarez    3/27/2024

With Cato's recently announced Network Stories for Cato XDR, advanced AI algorithms instantly identify outages in customer networks and conduct root c…

Read More