According to the Verizon Data Breach Investigations Report, the use of ransomware to extort money increased by 13% in 2021 compared to 2020. The report examined 23,896 incidents that led to 5,212 confirmed data breaches.
For Alex Pinto, senior manager for security research at Verizon, the reason for the increase in the use of ransomware has to do with its profitability.
DDoS (denial-of-service) attacks remained the most common type of malicious attack with 46% of all incidents, followed by backdoors and command and control malware with 17%.
Human error remains the main strategy used by attackers to successfully carry out their attacks. 82% of breaches are due to the “human element,” as employees continue to fall victim to phishing emails.
Misconfiguration errors by IT administrators are another threat vector that is used by attackers. Attacks that exploit unpatched versions of Microsoft’s remote desktop protocol also enjoyed great popularity. This strategy accounted for 40% of successful ransomware attacks.
Web application (56%) and email servers (28%) are the two most common attack points for hackers. Software vulnerabilities accounted for 7% of breaches in 2021. 80% of web-facing server breaches involved stolen credentials.
“With regard to breaches, attackers are frequently exfiltrating personal data, including email addresses, since it is useful for financial fraud. There is also a large market for their resale, which means they are truly the ‘gift’ that keeps on giving,” the report says.