Verizon’s annual security report points to a double-digit rise in ransomware attacks

Ransomware attacks were up 13% in the last 12 months, representing a greater increase than the last five years combined, according to the latest edition of Verizon’s Data Breach Investigations Report (DBIR).

Published today (May 24) the 2022 edition of DBIR involved an analysis of nearly 24,000 security incidents, of which 5,212 were confirmed data breaches.

Ransomware attacks continue to grow their cybercrime market share because they offer an effective means for assailants to exploit and monetize illegal access to private information, according to Verizon’s study.

Sobering stats

Approximately four in five of the breaches covered by the report are attributed to organized crime. Meanwhile, heightened geopolitical tensions such as the war in Ukraine are driving nation-state affiliated cyber-attacks.

Looking into a different metric, the Verizon study found that more than 60% of system intrusion incidents came through an organization’s partner – a so-called ‘third-party data breach’.


Catch up on the latest data breach news and analysis


“Compromising the right partner is a force multiplier for cybercriminals, and highlights the difficulties that many organizations face in securing their supply chain,” according to the authors of the report.

Exploiting frailties in people’s cybersecurity awareness remains a key vector of successful cyber-attacks. A quarter of total breaches in the 2022 report were the result of social engineering attacks, such as phishing.

“When you add human errors and misuse of privilege, the human element accounts for 82% of analyzed breaches over the past year,” Verizon concluded.

Running the numbers

Now on its 15th edition, the 2022 DBIR involved the analysis of data from 87 contributors, both US-based and international, ranging from law enforcement agencies to forensic and law firms to CERTs and government agencies.

In response to the growing scourge of ransomware, and in particular incidents like the Colonial Pipeline attack that affected the real economy, the US is developing several multi-agency initiatives.

The Cybersecurity and Infrastructure Security Agency (CISA) plans to convene a Joint Ransomware Task Force, while the Department of Justice announced it is launching two international initiatives aimed at tracking illegal cryptocurrency transfers and disrupting ‘top tier’ cyber threat actors.

Switching tactics

During a plenary session at the recent CyberUK conference, senior NSA advisor Rob Joyce said that banking sanctions imposed in the wake of Russia’s invasion of Ukraine have stymied the ability of Russian-based cybercriminals to buy or rent internet infrastructure, as well as to cash out the proceeds of ransomware scams.

Other experts have disputed, or at least declined to confirm, this point. Recent ransomware-focused indictments have focused on Russia, Ukraine, and Moldova. Some experts suspect the war led many perpetrators of ransomware scams in this region to temporarily suspend operations and relocate rather than shut-up shop.

Ransomware groups – hit by law enforcement actions and difficulties in paying initial access brokers, crypters, and bulletproof hosting providers – might well switch from ‘big game hunting’ to smaller targets, a UK National Crime Agency representative told the conference during a panel session on ransomware.

A BAE Systems representative added that attackers are still using the same methods to infect systems – network vulnerabilities (open RDP ports) and phishing – but have switched from Bitcoin to Monero for payment because the latter cryptocurrency is harder to trace.


RELATED European Council extends sanction regime to deter future cyber-attacks