Threat actors are opting for code exploitation at an increasing rate as credential theft is becoming less popular as a means of intrusion.Verizon’s latest Data Breach Investigation Report (DBIR) found that 1 in 5 breaches were the result of an exploit script against an exposed security vulnerability. By comparison, 22% of exploits were the result of stolen credentials and 16% were blamed on phishing campaigns.“The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%,” Verizon said in its report.“This value approaches that of credential abuse, which is still the most common vector.”The rise in exploits suggests that social engineering is waning as the most popular method for infiltrating networks. Rather, threat actors are opting to trick their marks into opening poisoned files or following malicious links in order to infect themselves with malware and give the attackers a foothold in the network.While the human element was still the top culprit in breaches — logging a 60% share of all recorded attacks — third-party software threats are on the rise, claiming a 30% stake in data breach incidents. By comparison, third-party exploits accounted for just 15% of recorded attacks on the 2023 calendar year.The surge in exploits was largely fueled by an increase in attacks on VPN services, which claimed a 22% share, up eight-fold from the previous year.Additionally the Verizon team noted an increase in the time from harvesting credentials to turning over an exploit by threat actors.“There were notable incidents this year involving credential reuse in a third-party environment — in which our research found the median time to remediate leaked secrets discovered in a GitHub repository was 94 days,” Verizon said.The trends show a marked change in a Verizon threat report that has become something of a bellwether indicator in the cybersecurity sector. As a primary service provider to enterprises, Verizon has a unique level of access to the organizational security landscape and the cybercrime outfits that prey on them.That said, the company was willing to admit that there were some shortcomings in its 15 years of reporting on cybersecurity incidents. In particular, Verizon said that it had not been fully accounting for espionage attacks, which accounted for 17% of incidents“This rise was, in part, due to changes in our contributor makeup. Those breaches leveraged the exploitation of vulnerabilities as an initial access vector 70% of the time, showcasing the risk of running unpatched services,” Verizon said.“However, we also found that espionage was not the only thing state-sponsored actors were interested in, approximately 28% of incidents involving those actors had a financial motive.”
