Verizon, an American wireless network operator, popularly known in the information security industry for publishing the Data Breach Investigations Report (DBIR) has suffered a security breach.
The Verizon employee database was recently compromised with the hacker holding it for a $250,000 ransom.
Verizon spokesperson says it doesn’t believe it contains “any sensitive information” and stopped communication with the hacker. However, the list of details including employee email addresses, phone numbers, and more could present a risk for future attacks.
It’s uncertain how current the information is, but Motherboard called multiple people on the list and confirmed that four they got in touch with are still working at Verizon. “Around a dozen other numbers returned voicemails that included the names in the database, suggesting those are also accurate.”
The anonymous hacker told Motherboard they “obtained the data by convincing a Verizon employee to give them remote access to their corporate computer.”
In other recent news, SpiceJet passengers were stranded as the Indian airline was hit by a ransomware attack. The airline confirmed it faced a ransomware attack on Tuesday evening.
In the 15th annual Verizon Data Breach Investigations Report (DBIR), Verizon’s DBIR team analyzed 23,896 security incidents, of which 5,212 were confirmed data breaches.
From well-publicized critical infrastructure attacks to massive supply chain breaches, the DBIR found five key trends related to the security incidents analyzed:
- There are four key paths leading to your estate: Credentials, Phishing, Exploiting vulnerabilities, and Botnets. All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each of them.
- This year ransomware has continued its upward trend with an almost 13% rise – an increase as big as the last five years combined. It’s important to remember that while ubiquitous and potentially devastating, ransomware by itself is, at its core, simply a model of monetizing an organization’s access. Blocking the four key paths mentioned above helps to block the common routes ransomware uses to invade your network.
- 2021 illustrated how one key supply chain incident could lead to wide-ranging consequences. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether and opt to simply keep the access to leverage at a later time.
- Error continues to be a dominant trend and is heavily influenced by misconfigured cloud storage. While this is the second year in a row that we have seen a slight levelling out for this pattern, the fallibility of employees should not be discounted.
- The human element continues to drive breaches. This year, 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse or simply an Error, people continue to play a very large role in incidents and breaches alike.