Cybercrime , Events , Fraud Management & Cybercrime
Not Just MOVEit: 2023 Was a Banner Year for Zero-Days
Verizon Data Breach Investigations Report Author Details Online Criminal TrendsIf there's one data breach trend that stands out, it's hackers' vigorous focus on finding zero-day vulnerabilities or recently patched flaws and exploiting them through automated scanning.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
Exhibit A, of course, is last year's mass hack attack on MOVEit servers instigated by the Clop ransomware group - an attack with a known victim list of almost 2,800 organizations worldwide (see: Known MOVEit Attack Victim Count Reaches 2,618 Organizations).
But even without the MOVEit incident, 2023 still would have been a year of sharp growth in hacker exploitation of vulnerabilities, said Alex Pinto, senior manager, Verizon Threat Research Advisory Center. "There are people scanning the whole wide internet and just seeing which doors are open," he said.
In this video interview with Information Security Media Group at RSA Conference 2024, Pinto also discussed:
- Why "patching harder" isn't the answer to resolving security vulnerabilities;
- The gap between patch availability and patch uptake;
- How online criminal gangs are shifting to pure play extortion.
Pinto has more than 20 years of experience in building security solutions that focus on the application of data science to cybersecurity. His teams at Verizon are responsible for the Verizon DBIR and support security research and thought leadership in the organization. Pinto joined Verizon in 2018 after it acquired his machine learning-based network detection company, Niddel.