Ransomware Attacks Increased by 13% in 2021

Ransomware attacks are increasing at an alarming rate. Attacks increased by 13% in 2021, which is a bigger increase than in all of the previous 5 years combined. Supply chain attacks were also a major issue and were behind 62% of system intrusion events, and human error continues to be a leading factor in data breaches. In 2021, 82% of data breaches involved the human element, and were the result of misconfigurations, misuse, and social engineering attacks.

The data comes from the recently published 2022 Verizon Data Breach Investigations Report which includes analyses of 23,896 security incidents, of which 5,212 were confirmed data breaches. 87 organizations partnered with Verizon for the report, including cybersecurity firms, law enforcement agencies, law firms, CERTs, and ISACs.

The majority of cyberattacks are conducted for financial gain, followed by espionage. In terms of financial gain, ransomware has proven to be extremely successful. Ransomware is simply a way of exploiting and monetizing illegal access to systems and private information. Large ransom demands can be issued, and since there is now the threat of the exposure of data stolen in the attacks as well as file encryption, many organizations are opting to pay the ransom.

Supply chain attacks are often the work of nation-state actors that conduct attacks for espionage purposes and try to gain persistent access to victims’ systems. Many organizations were forced to accelerate cloud migrations due to the pandemic and are now much more reliant on third parties, which has given threat actors new targets for conducting supply chain attacks. One attack on a link supply chain can allow threat actors to access the systems of many companies.

Verizon identified four main pathways that lead to data breaches: unauthorized credentials, phishing, vulnerability exploitation, and botnets. The use of stolen credentials is the most common, often for remote desktop protocol. This was the leading vector for initial access in ransomware attacks, followed by phishing. Of concern is the increasing trend for cyberattacks to be conducted quickly and involve fewer steps, yet the speed of detection has remained fairly constant, and for more than 50% of data breaches, detection was due to the attacker disclosing the attack, such as dropping a ransom note or publishing stolen data.

Cyber threat actors commonly target the human element of security because it is often the weakest link in the security chain and social engineering is one of the main ways that humans are targeted. According to the report, 20% of all data breaches were attributed to social engineering. While technical measures can be implemented to block the majority of attacks, threat actors often target employees because they can easily be reached. Threats will be encountered in inboxes and on the Internet, so it is vital for organizations to educate their employees, and teach them security best practices and how to identify phishing emails and other threats.

In healthcare, the majority of attacks (61%) are caused by external threat actors, with the most common causes of data breaches being basic web application attacks, miscellaneous errors, and system intrusions, which account for 76% of all healthcare data breaches. 39% of data breaches in healthcare are caused by insiders, which is more than twice the number in other industry sectors (18%). In the majority of cases, these were not malicious insiders but inadvertent breaches, with the majority due to emailing data to the wrong person or the loss of data or devices, with little difference in numbers between the two.  In healthcare, employees are 2.5 times more likely to make an error than to maliciously misuse their access.