Exploring the 2024 Verizon Data Breach Investigations Report

The 2024 Verizon Data Breach Investigations Report (DBIR) marks a significant milestone, analyzing over 10,000 breaches, a far cry from its humble beginnings in 2008. This year's report provides valuable insights into the evolving threat landscape, offering CISOs a roadmap for bolstering their security posture.

### A Blast from the Past: 2008 vs. 2024

The inaugural DBIR in 2008, though modest in scale, highlighted crucial security concerns that remain relevant today. The report emphasized that breaches often stemmed from a combination of errors and deliberate actions. Hacking and malicious code were the preferred weapons of cybercriminals, often targeting application vulnerabilities.

Fast forward to 2024, and while the methods have evolved, certain fundamental weaknesses persist. The 2024 report reveals that basic security hygiene, such as timely patching and strong authentication, remains a significant challenge for organizations.

### Top Attack Vectors in 2024

The 2024 DBIR reveals seven primary attack vectors employed by malicious actors. (Figure 7 from https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf)

These are outlined below, starting with the least common and culminating with the most prevalent:

• Exploiting VPN Vulnerabilities: Unpatched VPNs provide easy access to internal networks due to their flat architecture. Attackers often target known vulnerabilities in VPN concentrators, as seen with the widespread exploitation of Ivanti Connect Secure and Ivanti Policy Secure gateways.

• Exploiting Desktop Sharing Software Vulnerabilities: RDP and VNC, if not properly secured and updated, become easy targets. Attackers exploit vulnerabilities to gain remote access, especially when employees use unsecured Wi-Fi networks.

• Stealing VPN Credentials: Passwords compromised in public breaches often resurface on the dark web. Reusing these credentials without multi-factor authentication (MFA) makes it trivial for attackers to infiltrate corporate VPNs.

• Stealing Credentials for Desktop Sharing Software: Similar to VPNs, attackers target desktop sharing software credentials using methods like password spraying and social engineering. MFA is crucial to mitigate this risk.

• Exploiting Web Application Vulnerabilities: Public-facing websites, often laden with vulnerabilities and misconfigurations, are prime targets. The report highlights that 25% of vulnerabilities are exploited on the day of disclosure, and 75% within 19 days. Timely patching, web application firewalls (WAFs), and runtime application self-protection (RASP) are critical defenses.

• Phishing: Leveraging the pervasiveness of communication tools like email, attackers deploy malicious links to trick users into divulging sensitive information. The rise of generative AI like ChatGPT enables even non-native speakers to create highly convincing phishing emails, further amplifying this threat.

• Credentials for Web Applications: Topping the list, attackers employ various tactics like credential stuffing and exploiting forgotten password mechanisms to gain unauthorized access. Enforcing unique passwords, MFA, and password managers is paramount.

### Beyond the Top 7: DDoS and the Rise of Deepfakes

While the seven attack vectors are prominent, the DBIR also sheds light on other notable trends. Denial of Service (DoS) continues to dominate, accounting for over 50% of incidents. The rise of deepfakes presents a new frontier in social engineering, enabling attackers to manipulate individuals into divulging sensitive information or damaging brand reputation.

### Takeaways for CISOs

The 2024 DBIR provides a stark reminder of the ever-evolving threat landscape. CISOs must prioritize:

• Robust Authentication: MFA is no longer a best practice but an absolute necessity. Explore passwordless authentication methods and physical tokens like YubiKeys for enhanced security.

• Timely Patching: With vulnerabilities exploited at an alarming pace, adhering to a strict patching schedule is critical. Compensating controls like WAFs and RASP provide additional layers of protection.

• Security Awareness Training: Equip employees to recognize and respond to phishing attempts and social engineering tactics.

• Defense in Depth: Employ a multi-layered security approach, encompassing network security, endpoint protection, conditional access controls that prevent non-approved corporate devices from joining the corporate network, and robust application security tooling.

The 2024 DBIR is a valuable resource for any CISO looking to gain insight into the current threat landscape and enhance their organization's security posture. By understanding the tactics employed by malicious actors, CISOs can implement appropriate defenses and mitigate the risk of a breach.

To learn more check to the full episode on Youtube: