Join us for the Human Behavior Conference on Oct. 30th

2017 Verizon DBIR Social Engineering Breakdown

Share This Post

2017 Verizon DBIR Social Engineering Breakdown

The much anticipated 2017 Verizon DBIR was recently released and has some interesting data for social engineering attacks in 2016.  Social-Engineer is proud to have been a contributor to this year’s report. Below are highlights from the report, and some tips at the end on how to stay safe.

picture2

Verizon studied 42,068 security incidents that resulted in 1,935 breaches. Overall, 43% of the documented breaches involved social engineering attacks!  That’s almost half, and these are the only representative of the reported/documented breaches.

picture3
Figure 1: Overall breaches using Social Attacks

Not surprisingly, 66% of malware came from malicious email attachments.  These could have been emails from phishing attacks or may have come from a trusted account that had been previously hacked.  Either way, the majority of the malware infections started from a rotten email.

picture4
Figure 2: Malware and phishing are close friends

The Education sector saw another rise in social engineering attacks.  Over half of the breaches involved the theft of Personally Identifiable Information (PII) of students and teachers, and just over 25% resulted in the loss of intellectual property.   Social engineering attacks (mostly phishing) were used in almost 44% of these breaches and were combined with another attack vector in many cases.

picture6
Figure 3: Social attacks against the Education sector

The Information sector (social media, telecommunications, software) saw phishing involved in most attacks.  Once clicked, the malicious emails often installed malware to collect credentials and carry out further hacking against the target.

picture7
Figure 4: Phishing took place in most attacks against the Information sector

The Manufacturing sector was hit particularly hard last year, with the majority of breaches managing to snag proprietary data from the target.  Similar to the Information sector, phishy emails were the gateway for malware to be installed in 73% of these incidents!

picture8
Figure 5: Phishing was involved in 73% of these breaches

Espionage attacks driven by state-affiliated actors preferred phishing as their main source of starting an attack.  Manufacturing again was at the top of the attacked industry list.

picture9
Figure 6: The spy who phished me

picture10
Figure 7: Industries targeted by state-affiliated actors

Looking at simulated phishing exercises, no industry was immune from clicking on malicious links.  Manufacturing seemed to be the most vulnerable, but other industries from Healthcare to Education were also susceptible.  This goes to show that continual training on spotting and reporting phishing emails is critical to your business.

picture11
Figure 8: Simulated phishing results across the industry

Staying Safe From Social Engineering Attacks

  • Remember to always manually navigate to known, good sites; don’t click on suspicious links in emails.
  • Think before clicking or responding to emails. Was the email expected?  Has this company/person ever emailed you at that address before?  Does the email seem scary or too good to be true?  These are all flags that can help you spot a phish.
  • Verify the identity of a caller asking for information. If you are unsure what to do, discontinue the call and check with the business or your company directly.
  • Make sure the privacy settings on your social media accounts are locked down. Information gathered from them can become the basis for a very convincing social engineering attack.
  • If you own a business, train your employees continually so they are always vigilant. Regular phishing and vishing training exercises will help greatly.
  • Spread these tips to non-technical friends and family, so they can stay safe online too.

Per Verizon: Our data is non-exclusively multinomial meaning a single feature, such as “Action”, can have multiple values (i.e., “social”, “malware” and “hacking”). This means that percentages do not necessarily add up to 100%. For example, if there are five botnet breaches, the sample size is five. However, since each botnet used phishing, installed keyloggers and used stolen credentials, there would be five social actions, five hacking actions, and five malware actions—adding up to 300%. This is normal, expected and handled correctly in our analysis and tooling.”

Sources:  https://enterprise.verizon.com/resources/reports/2017_dbir.pdf

More To Explore

Social Engineering

Keeping it Simple in Cybersecurity 

Today, the cybersecurity industry focuses a lot more on complicated solutions and tools. Companies are always looking to improve their security measures with the latest technologies. However, attackers often choose