Plaintext: DBIR Day!

Welcome to Dark Reading in Plaintext, where each day we bring you insights around one topic important to cybersecurity professionals. Today, we talk about Verizon’s Data Breach Investigations Report (have you played with the interactive charts, yet? ).

Ransomware Keeps Hitting

Remember when ransomware wasn’t a big part of the DBIR? Those days are long gone : In 2021, 25% of all breaches contained a ransomware component. Things have changed since 2020, when ransomware attacks occurred in just 10% of breaches.

Part of the reason for its rise may be the change in how ransomware is classified. In years past, ransomware was treated as a type of malware attack. With tactics evolving to include extortion, data exfiltration, and exploitation, it’s natural that ransomware would be present in a larger number of breaches. The other reason is that ransomware-as-a-service and initial-access-brokers have made ransomware attacks easy to execute, says Alex Pinto, manager of the Verizon Security Research Team. Around 40% of data breaches are due to the installation of malware, and the rise in RaaS has led to 55% of those specific breach incidents involving ransomware.

“In 2008 when we started the DBIR, it was by and large payment-card data that was stolen,” Pinto says. “Now, that has fallen precipitously because they can just pay for access someone else established and install rented ransomware, and it's so much simpler to reach the same goal of getting money.”

Want More Alex Pinto? We expect more DBIR goodies at the Dark Reading Virtual Event on June 23, How Data Breaches Happen and What to Do When They Happen, as Alex Pinto is giving the keynote. Register to attend the full-day free virtual event .

Stolen credentials. Stolen credentials played a role in 38 percent of incidents in the 2010 DBIR, and 86% of all breached records were stolen because attackers gained access using stolen or intercepted credentials. Jump forward to the 2022 report, where the top two data types compromised in data breaches are now credentials and personal data. In the 2008 DBIR, payment card data was the primary type of data being compromised. The DBIR doesn’t come right out and say it’s time to finally and definitively kill the password, but there’s enough data to make the case for passwordless .

“There’s been an almost 30% increase in stolen credentials since 2017, cementing it as one of the most tried-and-true methods to gain access to an organization for the past four years.”

What Enterprise Teams Should Do. The beauty of DBIR is that it isn’t just a long litany of bad news. By focusing on actual investigations conducted by Verizon investigators and global partners, It provides insights in what actions attackers are actually taking so that enterprise security teams can figure out the necessary defenses .

Headlines on Tap

• Corporate compliance teams can add Connecticut’s newly enacted privacy law to the list of data requirements to manage.
• A new attack relies on sending malicious PDFs as an email attachment, HP Wolf Security says.
• Many passwords that may be considered strong by various regulations actually are not that good .

Subscribe to get the latest headlines delivered to you each morning with Dark Reading Daily .

On That Note

Instead of a chart or cartoon today, we close with what Dark Reading’s former editor-in-chief Tim Wilson said in 2013 regarding the DBIR: “For those of us who cover data breaches, the release of the annual Verizon Data Breach Investigations Report is sort of like the motion picture industry's Oscar awards or the annual release of the auto industry's Blue Book -- it doesn't provide all of the answers, but it helps define what the coming year's questions will be.”