- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
- Elden Ring, 2022's Game of the Year, hits a record low price of $20 on Amazon for Black Friday
- This is the best car diagnostic tool I've ever used, and it's only $54 in this Black Friday deal
BEC Volumes and Ransomware Costs Double in a Year
The number of recorded business email compromise (BEC) attacks doubled over the past year, with the threat comprising nearly 60% of social engineering incidents studied by Verizon for its 2023 Data Breach Investigations Report.
The much-anticipated annual report was this year based on analysis of 16,312 security incidents and 5199 breaches over the past year.
The category of “pretexting,” or BEC, is now more common than phishing in social engineering incidents, although the latter is still more prevalent in breaches, the report noted. The median amount stolen in pretexting attacks now stands at $50,000.
Read more on BEC: BEC Attacks Surge 81% in 2022
The success of these social engineering tactics is also a big reason why the human element is now present in 74% of breaches, according to the report.
Chris Novak, managing director of cybersecurity consulting at Verizon Business, argued that senior leadership is especially exposed to social engineering.
“Not only do they possess an organization’s most sensitive information, they are often among the least protected, as many organizations make security protocol exceptions for them,” he added.
“With the growth and increasing sophistication of social engineering, organizations must enhance the protection of their senior leadership now to avoid expensive system intrusions.”
Elsewhere, Verizon revealed that ransomware is a factor in a quarter (24%) of breaches, only a slight increase on last year’s report. However, median cost per incident doubled from last year to this, with 95% of ransomware incidents that experienced a loss costing between $1m and $2.25m.
Email, desktop sharing software and web applications remain the top vectors for ransomware attacks, while stolen credentials (49%), phishing (12%) and exploiting vulnerabilities (5%) are the main ways threat actors gain entry into organizations.
Regarding the latter, the Log4j bug had an immediate and major impact on the threat landscape, with a third (32%) of vulnerability scanning for the utility occurring in the first 30 days after it was made public.
Verizon argued that this highlights the speed with which threat actors can now move from proof of concept to mass exploitation.
The vast majority of attacks (97%) over the past year were motivated by financial gain rather than espionage, Verizon said.
Editorial image credit: JHVEPhoto / Shutterstock.com