Social-engineering and pretexting attacks targeting finance and HR departments racked up nearly 1,500 incidents and resulted in just below 400 confirmed data breaches being reported. Meanwhile, losses due to human error and data loss due to misdelivery ranked second and fourth respectively, with DDoS, phishing and ransomware coming top, third and last to round out the top five action varieties in incidents overall.
Laurance Dine, managing principal, investigative response at Verizon told SC Media UK that: “Ransomware is the big change here, we've seen it move into critical systems and shutdown whole enterprises.
“Pretexting has seen enormous growth over the period too, and we've seen that develop from spoofing the CEO's account through to gaining control of legitimate high-value email accounts and using those as leverage to trick accounts departments or HR departments into wiring funds to the scammers. They're getting really good at this. In the US there is a trend in targeting HR departments directly to obtain details to conduct other fraud - we suspect this will go global in due course.
“The best defence against this is awareness, and that is growing within enterprises too, via training and simple things like a support team to phone and check potentially dubious transactions with. I always recommend picking up the phone to check requests for transactions, a secondary check.”
The figures are published in the 11th Verizon DIBR report, which includes contributions from US Secret Service, UK legal services firm Mishcon de Reya, UK insurer Chubb and the Irish Reporting and Information Security Service (IRISS CERT) among others.
An interesting stat from the report is that more than 20 percent of people in enterprises still click on at least one phishing campaign during a year. “The bad actors are getting better - it's not the Nigerian prince scam anymore - they're much more sophisticated now. The barriers to entry are very low - the initial costs are minimal, maybe a botnet to send emails or some insider information to gain access, and then once they're in the damage can be considerable”, warned Dine.
The researchers also noted that organised criminal groups continue to be behind around half of all breaches, while state-affiliated groups were involved in more than one-in-ten - unsurprisingly, financial gain continues to be the top motivation for cyber-criminals across the board.