Verizon data breach report reveals phishing, ransomware issues jumped in 2016

According to Verizon (NYSE: VZ), cybercriminals are becoming more crafty in their ways. The telco's 2016 Data Breach Investigations Report shows a rise in phishing and ransomware, where data is encrypted and a ransom is demanded.

Phishing, which involves a user receiving an e-mail from a fraudulent source, continues to be a key rising concern for businesses and consumers.

According to the report, 30 percent of phishing messages were opened, up from 23 percent in the 2015 report. Verizon said 13 percent of those clicked to open the malicious attachment or nefarious link.

Initially phishing was used as an attack pattern for cyber-espionage, but it has now spread to seven of the nine incident patterns in Verizon's 2016 report. Hackers have stepped up their phishing activities because it is a technique that offers them a number of advantages such as a very quick time to compromise and the ability to target specific individuals and organizations.     

What's helping hackers make successful cyberattacks on businesses are human errors caused by company employees. Some of the common mistakes could include improper disposal of company information, misconfiguration of IT systems, and lost and stolen assets such as laptops and smartphones. Interestingly, 26 percent of these errors involve people mistakenly sending sensitive information to the wrong person.

Verizon said that businesses are falling prey to what it calls a three-pronged attack: phishing e-mails with a link pointing to the malicious website, or a malicious attachment; malware downloaded onto a user's PC that can be used to steal a company's internal secrets or encrypt files for ransom; and the use of the credentials for further attacks such as logging into third-party websites like banking or retail sites.

While attacks vary from company to company, Verizon said that the common thread is that many businesses have known vulnerabilities that have never been patched despite patches being available for months, or even years. It said that the top 10 known vulnerabilities accounted for 85 percent of successful exploits.

Some of these issues are caused by simple issues like passwords. The report said that 63 percent of confirmed data breaches involve using weak, default or stolen passwords, for example.

Verizon said the goal of the report is to help organizations get a handle on how to protect themselves from attacks.

"The goal is to understand how the cybercriminals operate," Bryan Sartin, executive director of global security services for Verizon Enterprise Solutions, said in a release. "By knowing their patterns, we can best prevent, detect and respond to attacks."

For more:
- see the release

Related articles:
Verizon adds 98,000 new FiOS internet customers, 60% of new subs opt for 100 Mbps and above
Verizon takes proactive approach to data breaches with new DBIR app