itb-nz logo
Story image

Cybercriminals after money more than anything else - Verizon report

27 May 2020

Of all the things cybercriminals aim to accomplish in their illicit activities, money still takes centre stage.

Out of more than 32,000 incidents analysed in the Verizon Business 2020 Data Breach Investigations Report, 3950 were confirmed breaches across 81 countries. Furthermore, a whopping 86% of breaches were found to be financially motivated. 

On a regional level, 91% of breaches in North America were financially motivated, followed by 70% in Europe, Middle East & Africa; and 63% in Asia pacific.

The report’s lead author Alex Pinto says that headlines often talk about spying or grudge attacks, but the reality from data is that financial gain is driving crime, regardless of whether criminals are using humans or systems to conduct their exploits.

But there is some good news – most organisations are taking actions such as ongoing patch management. The report says that fewer than one in 20 breaches exploit these kinds of vulnerabilities.

Pinto says that more organisations are tracking common patterns within cyber attack journeys, which could be a ‘security game changer’ for cyber defense. Organisations can determine the threat actor’s destination while an attack is in progress and predict the eventual breach target, stopping attacks dead in their tracks. The report calls this a ‘defender’s advantage’.

Other common cyber attacks include web application attacks, as threat actors go after cloud-based data. According to the report, more than 20% of attacks were against web application and used stolen credentials in some way. The report notes that the trend is worrying as more organisations shift business-critical workloads to the cloud.

Credential theft, phishing, business email compromise and other social engineering attacks caused more than 67% of breaches. Specifically, 37% of credential theft breaches used stolen or weak credentials, 25% involved phishing, and 22% involved human error.

Amongst malware incidents, ransomware was involved in 27% of cases, and 18% of organisations blocked at least one piece of ransomware in the last year.

"As remote working surges in the face of the global pandemic, end-to-end security from the cloud to employee laptop becomes paramount," says Verizon Business CEO Tami Erwin. 

"In addition to protecting their systems from attack, we urge all businesses to continue employee education as phishing schemes become increasingly sophisticated and malicious."
Other regional findings:

Europe, Middle East and Africa (EMEA): Denial of Service (DoS) attacks accounted for over 80% of malware incidents; 40% of breaches targeted web applications, using a combination of hacking techniques that leverage either stolen credentials or known vulnerabilities. 14% of breaches were associated with cyber-espionage.

Asia Pacific (APAC): 63% of breaches were financially motivated, and phishing attacks are also high, at over 28%.

 Northern America: Stolen credentials were the most commonly involved in cybercrime techniques, accounting for over 79% of hacking breaches; 33% of breaches were associated with either phishing or pretexting.

Story image
Why better API monitoring is critical for achieving quality customer service
To optimise the complete service delivery and maintain an excellent digital experience, it’s essential to consider how the APIs perform, writes ThousandEyes principal solutions analyst ANZ Mike Hicks.More
Story image
Developing digital skills in the hybrid workplace
47% of Australians miss feeling empathy from and for others because of the increase in digital interactions, with a similar proportion longing for small talk, humour, physical interactions and the ability to be honest.More
Story image
NVIDIA opens up AI to the enterprise with DGX SuperPOD supercomputer
“AI is the most powerful technology the world has ever known,” declares NVIDIA DGX systems VP.More
Story image
Why business continuity must adapt to secure the new way of working
It’s now clear that unplanned digital transformation undertaken at the outset of lockdowns, no matter how justified, could have consequences that will be felt for the next few years.More
Story image
Dynatrace introduces Session Replay, revamping mobile UX
The enhancements open the door for digmance feature adoptions ital teams to further optimise the user experience, performance feature adoptions and conversions of their mobile apps.More
Story image
Commerce Commission outlines competition issues regarding HP NZ's recent submission
In its statement, the Commerce Commission outlined key competition issues that the watchdog considers vital to the decision of whether to grant HP NZ’s proposed resale price maintenance arrangements.More