The Verizon 2024 Data Breach Investigations Report (DBIR) reveals that vulnerability exploits surged by 180% from 2022 to 2023, making it the third most utilized method for unauthorized access. This increase is attributed to vulnerabilities like MOVEit and zero-day exploits. Despite patches being available, organizations take around 55 days to remediate critical vulnerabilities, leading to a dangerous lag
The National Vulnerability Database (NVD) faced challenges due to resource constraints, impacting the mitigation of reported CVEs. Verizon also noted a 68% rise in software supply chain attacks in 2023. Stolen credentials are the top initial access method, accounting for 38% of all breaches, followed by phishing at 15%. More emphasis is placed on the human factor as 68% of breaches involve non-malicious human errors like falling victim to social engineering or mistakes. The rise of 'Ramstortion,' a blend of ransomware and extortion techniques, was a significant trend in breaches, with ransomware incidents declining slightly in 2023 but extortion increasing. Financially motivated incidents involving ransomware or extortion had a median loss of $46,000 in 2023. Overall, the DBIR analyzed a record-high 30,458 security incidents, doubling the number of confirmed data breaches from the previous year, with victims in 94 countries. https://www.infosecurity-magazine.com/news/dbir-vulnerability-exploits-triple/