Ransomware and BEC Remain Strong, Social Engineering a Growing Threat in 2023 Verizon DBIR

by | Jun 16, 2023

The Verizon DBIR for 2023 is out, and it shows an increase in social engineering as an entry point for threat actors. This ties in with a very strong preference for the use of stolen credentials, to such a degree that attackers may be consciously letting major software vulnerabilities slip by.

That doesn’t mean that the endless toil of patching is about to get any easier, as any shift in focus by attackers would likely be due to a general improvement in response to the announcement of major vulnerabilities. Credential discovery in mass data breaches and employees being tricked are elements that are always going to be available to criminals, and business email compromise (BEC) usually requires social engineering in at least some portion of the approach.

Social engineering “pretexting” growing in frequency

Social engineering “pretexting” approaches have become more commonly integrated into highly targeted phishing (“spearphishing”) and BEC schemes. The Verizon DBIR data finds that organizations are now more likely to experience a social engineering attack than to see someone attempt to exploit a known software vulnerability.

There are also certain patterns to these attacks. Nearly all of them begin with an email. Companies in certain industries, such as finance and retail, see them much more often than others. And when a company is targeted, the attackers most frequently go straight after employees working in payroll or finance departments.

BEC is still not as frequent as ransomware, and is not netting attackers nearly as much money on average, but it remains much more popular than other attack categories. These schemes have an average take of just $50,000 USD, but do not require the victims to consent to ransom or insurance payments once breached. And this increase in social engineering approaches comes from data collected between late 2021 and late 2022, prior to ChatGPT and other advanced AI tools becoming available to the general public; these new capabilities will likely contribute directly to both the quantity and quality of BEC attempts.

Verizon DBIR finds strong focus on acquisition, use of stolen credentials

The Verizon DBIR indicates that attackers would prefer to do as little hacking as possible, and that the availability of stolen credentials is making that a realistic business plan. Out of a total of 16,312 recorded security incidents, over 5,000 of which were full-blown breaches, nearly half involved stolen login information. Phishing took place in only 15%, and the use of software vulnerabilities in 5%.

Overall, BEC attacks doubled during the current Verizon DBIR period. Ransomware remained steady, deployed in 24% of the breach incidents, but has grown substantially in total cost to organizations. The cost doubled in the space of just a year, ballooning to an expected bill of about $1 to $2 million for most organizations. Whatever the approach, almost 95% of attacks are for financial gain, and 70% come from an organized cyber crime group.

Recent Posts

How can we help?

8 + 5 =

× How can I help you?