itb-au logo
Story image

Cybercriminals after money more than anything else - Verizon report

27 May 2020

Of all the things cybercriminals aim to accomplish in their illicit activities, money still takes centre stage.

Out of more than 32,000 incidents analysed in the Verizon Business 2020 Data Breach Investigations Report, 3950 were confirmed breaches across 81 countries. Furthermore, a whopping 86% of breaches were found to be financially motivated. 

On a regional level, 91% of breaches in North America were financially motivated, followed by 70% in Europe, Middle East & Africa; and 63% in Asia pacific.

The report’s lead author Alex Pinto says that headlines often talk about spying or grudge attacks, but the reality from data is that financial gain is driving crime, regardless of whether criminals are using humans or systems to conduct their exploits.

But there is some good news – most organisations are taking actions such as ongoing patch management. The report says that fewer than one in 20 breaches exploit these kinds of vulnerabilities.

Pinto says that more organisations are tracking common patterns within cyber attack journeys, which could be a ‘security game changer’ for cyber defense. Organisations can determine the threat actor’s destination while an attack is in progress and predict the eventual breach target, stopping attacks dead in their tracks. The report calls this a ‘defender’s advantage’.

Other common cyber attacks include web application attacks, as threat actors go after cloud-based data. According to the report, more than 20% of attacks were against web application and used stolen credentials in some way. The report notes that the trend is worrying as more organisations shift business-critical workloads to the cloud.

Credential theft, phishing, business email compromise and other social engineering attacks caused more than 67% of breaches. Specifically, 37% of credential theft breaches used stolen or weak credentials, 25% involved phishing, and 22% involved human error.

Amongst malware incidents, ransomware was involved in 27% of cases, and 18% of organisations blocked at least one piece of ransomware in the last year.

"As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount," says Verizon Business CEO Tami Erwin. 

"In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious."
Other regional findings:

Europe, Middle East and Africa (EMEA): Denial of Service (DoS) attacks accounted for over 80% of malware incidents; 40% of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. 14% of breaches were associated with cyber-espionage.

Asia Pacific (APAC): 63% of breaches were financially motivated, and phishing attacks are also high, at over 28%.

 Northern America: Stolen credentials were the most commonly involved in cybercrime techniques, accounting for over 79% of hacking breaches; 33% of breaches were associated with either phishing or pretexting.

Story image
BMD chooses Rubrik to make transition to digital data backup
“BMD is a perfect example of a company that has regained control of its data, at a time when its technology resources are needed more than ever. This will empower the company to focus on its core business."More
Story image
Skillsoft launches new leadership focused online learning resource
Skillsoft has launched a new series of online learning resources designed to help people with leadership development, with a particular focus on digital leadership skills required to be successful in today’s fast-changing world. More
Download image
SaaS shouldn't left exposed to the public internet - how hybrid IT can help
By leveraging hybrid IT, enterprises can turn to a new architecture that leverages specialties such as colocation from multi-tenant data centres, and interconnection.More
Story image
Fortinet’s Security Fabric: Optimised for a remote workforce
Cornelius Mare, Fortinet A/NZ Director Security Solutions, explains how a comprehensive security fabric can help protect and enable a mobile / remote workforce.More
Story image
Value of quantum computing uncertain for at least 10 years - research
"Quantum computing is not currently providing business value that could not be achieved with today's existing computers, and it is not clear when it will."More
Story image
Keysight buys AI testing specialist Eggplant for $300m
The move sees Keysight strengthen its presence in the automation space, with the aim to further establish itself in the automated software test market across both the physical and protocol layers and into the application layers.More