Kevin Neely's Security Notes

MOVEit

The annual Verizon Data Breach Investigation Report is out, and along with it an accounting of the #cybersecurity compromise and data breach happenings for the past year. As always, it's filled with data analysis and some trending commentary from the previous DBIR report.

The following is a TL;DR summary generated using fabric by Daniel Miessler with some very minor editing.

SUMMARY:

This year, the 2024 DBIR reveals a significant rise in vulnerability exploitation and ransomware attacks, emphasizing the urgent need for enhanced cybersecurity measures.

  • Vulnerability exploitation tripled from last year, driven by zero-day vulnerabilities.
  • Ransomware and extortion-related breaches accounted for 32% of all breaches.
  • Human error remains a significant factor, involved in 68% of breaches.
  • Third-party breaches increased by 68%, highlighting supply chain vulnerabilities.
  • Financially motivated attacks dominate, with ransomware and extortion leading the charge.
  • The median loss from #ransomware and extortion attacks was $46,000.
  • Phishing remains a critical initial attack vector, with a notable increase in reporting rates.
  • The use of stolen credentials and exploitation of vulnerabilities are top methods for system intrusion.
  • The #MOVEit vulnerability significantly impacted the threat landscape, affecting numerous industries, continuing the trend of “secure file transfer” systems being a significant risk to both company and customer data.
  • MOVEit and remote access (e.g. VPN) compromises are the focus of successful system-compromise attacks.

STATISTICS:

  • 180% increase in attacks involving vulnerability exploitation.
  • Ransomware accounts for 23% of breaches, with pure extortion at 9%.
  • Human element involved in 68% of breaches.
  • 15% of breaches involved third-party vulnerabilities.
  • Errors contributed to 28% of breaches.
  • Financial motives behind 92% of industries targeted by ransomware.
  • Median loss from ransomware/extortion attacks is $46,000.
  • 20% of users reported phishing attempts in simulations.
  • Median time to click on a phishing email is 21 seconds.
  • Exploitation of vulnerabilities as the initial breach action doubled from last year.

QUOTES:

  • “Ransomware and extortion-related threats continue to evolve, posing significant risks across industries.”
  • “The human element remains a critical vulnerability in cybersecurity defenses.”
  • “Supply chain vulnerabilities are increasingly being exploited by attackers.”
  • “Misdelivery errors highlight the ongoing challenge of human error in data breaches.”
  • “Financially motivated attacks dominate the cyber threat landscape.”
  • “The MOVEit vulnerability has had a profound impact on the cybersecurity threat landscape.”
  • “Increased reporting rates for phishing attempts indicate growing awareness among users.”
  • “The rapid response to phishing emails underscores the need for continuous user education.”
  • “Stolen credentials and vulnerability exploitation remain preferred methods for attackers.”
  • “The rise in third-party breaches underscores the importance of vendor security assessments.”

RECOMMENDATIONS:

  • Implement multi-factor authentication to mitigate the risk of stolen credentials.
  • Regularly update and patch systems to protect against vulnerability exploitation.
  • Conduct continuous phishing awareness training for all employees.
  • Perform thorough security assessments of third-party vendors and suppliers.
  • Deploy endpoint detection and response solutions to identify and mitigate ransomware attacks.
  • Encourage the reporting of phishing attempts and provide clear reporting procedures.
  • Utilize web application firewalls to protect against basic web application attacks.
  • Establish robust data backup and recovery processes to minimize the impact of ransomware.
  • Monitor for unusual activity indicating the misuse of privileges by internal actors.