Verizon DBIR 2022: Ransomware Continues Its Destruction Path

Verizon recently released its much anticipated annual DBIR report for 2022.


Key findings from the report include:

  • This year Ransomware has continued its upward trend with an almost 13% increase–a rise as big as the last five years combined (for a total of 25% this year).

  • 2021 illustrated how one key supply chain breach can lead to wide ranging consequences. Supply chain was responsible for 62% of System Intrusion incidents this year. Unlike a Financially motivated actor, Nation-state threat actors may skip the breach and keep the access.

  • Error continues to be a dominant trend and is responsible for 13% of breaches. This finding is heavily influenced by misconfigured cloud storage. While this is the second year in a row that we have seen a slight leveling out for this pattern, the fallibility of employees should not be discounted.

  • The human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike.


Artur Kane, VP of Product, GoodAccess, shared a reaction to the report's findings and insights on the threat of ransomware.


"Ransomware attacks are no longer limited to the large or the vulnerable. We are seeing government entities, healthcare institutions, or critical infrastructure operators fall victim to ransomware. But that is not all --- small private enterprises and even individuals are finding themselves targeted. Size doesn’t matter; if you curate sensitive data, you are a candidate.

Organizations must realize that conservative cybersecurity approaches are no longer enough to keep them protected. They cannot rely on a secure perimeter to repel cyberattacks any more, because the perimeter is disappearing and move to the internet.


Many users now connect remotely, often from unsecured networks, and companies migrate their infrastructure to the cloud, which is removing critical assets outside of the trusted safe-zone and spreading them beyond the reach of legacy security solutions. Companies often do not have control over the devices that users are connecting with, nor the infrastructure they are on.


The threat surface is simply enormous, and cybercriminals like to exploit it to gain unlawful access to internal systems and user data, often targeting unwitting users with phishing scams, spoofing attacks, or other methods to steal access credentials and infiltrate internal systems.


Once inside, there is little to stop them from doing damage or stealing sensitive data. Organizations must therefore implement security measures to tackle these threats.

Besides regular hardware and firmware updates and software patches, it is important to reduce the attack surface to minimize chances of initial intrusion. Organizations can do this by insisting on strong authentication of both users and devices, supported by multi-factor user authentication, and granting user privileges on a strictly need-to basis and allowing access only to a pool of strictly necessary systems and no further.


This makes it more difficult for attackers to actually use the stolen credentials, and if they do succeed in penetrating the network, they do not get free access to the entire network, but only a segment, which makes it difficult for them to move laterally and escalate the attack.

In addition, strong encryption should be employed on all connections, whether this is users, remote branches, or clouds. It is vital to conceal all company traffic from the eyes of potential attacker --- they can’t steal what they can’t see.


But even with all these measures in place, compromises will happen, often through simple human error. Besides the aforementioned network segmentation by access privileges, it is also vital to have a real-time threat detection capability to expose threats in their infancy. Security administrators also need to have solid response and recovery plans in place for these occurrences, and should conduct regular trainings and drills.


Keeping continuous access logs can be an invaluable source of intelligence for tracing the journey of a cybercriminal through layers of security, which is vital for preventing similar attacks in the future. Also, regular backups are an absolute must, as post-breach data recovery can be very costly.


Last but not least, user training can greatly contribute to improving the overall company security posture. As a large part of ransomware attacks opens with a phishing lure, training employees in how to spot them can save millions of dollars in later breach recovery.

Ransomware attacks can only be expected to rise in both intensity and severity, as both profit-oriented and nation-sponsored hacker groups intensify their activities amid the increase in global tensions. All organizations, both private and public, must adapt to this threat both in their own interest and in the interest of the society as a whole."


###