Verizon DBIR: If it’s not about cash, it’s about spying
Stolen payment card info now represents a smaller portion of breaches involving confidential data. Image: Verizon
Joe Warminsky May 24, 2022

Verizon DBIR: If it’s not about cash, it’s about spying

Verizon DBIR: If it’s not about cash, it’s about spying

The 15th edition of Verizon’s annual Data Breach Investigations Report (DBIR) arrived Tuesday with a tinge of nostalgia woven into its characteristically evocative insights about the previous year in cyberattacks — a 12-month stretch that the authors call “overwhelming” and “extraordinary.”

“From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months,” the report says.

The authors don’t mention big cases like Colonial Pipeline, Kaseya or JBS by name at that point in the report. The document also doesn’t include any data directly influenced by Russia’s invasion of Ukraine.

For the DBIR, the overall numbers are the point.

And the 2022 report reaffirms what the cyber pros already know intuitively about the past few years: There’s one dominant motivation for attackers (financial gain), as well as a less common motivation that is still on everyone’s mind (espionage). Everything else, for now, is history.

“Bottom line: most data thieves are professional criminals deliberately trying to steal information they can turn into cash,” the report says. About 93 percent of all breaches were financially motivated, and about 6 percent were clearly for espionage purposes, according to the DBIR. A motivation that had its heyday in the early 2010s — hacktivism —  “is, for the most part, simply an afterthought,” the report says.

The “R” word is unavoidable, of course. “This year ransomware has continued its upward trend with an almost 13% rise — an increase as big as the last five years combined,” the report says. “It’s important to remember that while ubiquitous and potentially devastating, ransomware by itself is, at its core, simply a model of monetizing an organization’s access.”

The recent upward trend in the number of ransomware cases. Image: Verizon

The DBIR notes that in the early days, the report exclusively analyzed data generated through Verizon, but now the project has 87 partners (including The Record’s parent company, Recorded Future).

One thing definitely hasn’t changed much since 2008, according to the DBIR: Online servers — as opposed to networks and individual devices — is still the primary target for cybercriminals, at 83 percent of the total.

“It seems that servers in data breaches, like JNCO jeans and spiked tipped hair in haute couture, are timeless,” the DBIR says.

Joe Warminsky is the news editor for The Record. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.