A new report on the exploitation of vulnerabilities has highlighted the scant image of cyber security. The report found that the process of finding and exploiting digital system flaws has grown significantly.
A triple jump in vulnerability exploitation is a wake-up call for everyone
Cybercrime and almost all other nefarious activities online require a weakness that can be exploited. Finding such holes in online defenses and breaching security networks is collectively known as exploiting vulnerabilities.
Verizon Business released the findings of its 17th Annual Data Breach Investigations Report (DBIR). The report drew insights from a record 30,458 security incidents and 10,626 confirmed breaches in 2023. This is twice as much as in 2022.
According to a recent report published this week, attempts to use vulnerabilities as an initial entry point increased 3 times compared to the previous year. This type of use accounted for a total of 14% of all infringement types. This is quite serious for the average internet user as well as businesses.
The new report reiterates the importance of regularly updating operating systems and other software. Exploits rely heavily on users avoiding or delaying the installation of updates.
The increase in exploitation of the vulnerability was mainly driven by cybercriminals targeting vulnerable systems and devices. However, ransomware actors mostly chose “zero-day vulnerabilities” that do not have a patch ready and deployed, making intervention difficult.
One relevant indicator included in this year’s DBIR pointed to an increase in “third-party exploitation.” A whopping 68% of breaches involving a third party were observed. This means that data custodians, third-party software vulnerabilities and other direct or indirect supply chain issues proved to be the main loopholes exploited by hackers.
Humans, not AI, remain the most worrisome weakness
There has been a rapid increase in the use of generative artificial intelligence. Therefore, several security experts were worried that hackers will increasingly use Gen AI to breach security.
Surprisingly, the rise of artificial intelligence was less of a culprit in managing large-scale vulnerabilities, said Chris Novak, senior director of cybersecurity consulting at Verizon Business.
“Exploitation of zero-day vulnerabilities by ransomware actors remains a constant threat to enterprise protection. While the use of artificial intelligence to gain access to valuable corporate assets is a concern, the failure to patch underlying vulnerabilities poses a threat to actors who do not need to develop their own approach.
However, what remains a major concern is the inevitable human element, Chris pointed out.
“The persistence of the human element in breaches shows that there is still much room for improvement in cybersecurity training, but the increase in self-reporting signals a cultural shift that destigmatizes human error and can help illuminate the importance of cybersecurity. general workforce awareness.
Data theft and stolen credentials are some of the most prominent problems facing internet users today. They account for nearly one-third of all violations recorded in the past decade, the report said.
The report concluded with the need for increased vigilance. In other words, users should not reply to messages from unknown people and never give confidential data like PIN, OTP and other data. This single precaution alone would greatly reduce the opportunities for exploiting the vulnerability, the report said.
Tags: vulnerability exploit report mentions increase human targets
-
