Armorblox is now part of Cisco

Articles & Thought Leadership | 8 min read

Verizon’s 2022 DBIR Findings: Plenty of Phish in the Sea


Paige Tester
Paige Tester

A compilation of the key findings from Verizon's 2022 Data Breach Investigations Report (BDIR), including The most substantial (and disturbing) findings within the report include a significant increase in ransomware attacks in 2021 and the continued exploitation of the human layer of organizations.

Server Room Hallway

On May 24th, 2022, Verizon released its annual Data Breach Investigations Report (BDIR), marking the 15th installment of the annual report. Each year, Verizon’s researchers compile data from breaches and incidents around the globe to shine a light on larger trends and developments. This year’s report collects data from 87 contributors from 82 countries with over 23k+ incidents and 5k+ data breaches.

The most substantial (and disturbing) findings within the report include a significant increase in ransomware attacks in 2021 and the continued exploitation of the human layer of organizations.

Let’s discuss some of the key findings from the 2022 report.


In 2021, cybercriminals used four significant paths to breach sensitive information: credentials, phishing, exploiting existing vulnerabilities, and botnets.

“These four pervade all areas of [the report] and no organization is safe without a plan to handle them all.” - Verizon DBIR, 2022

While these are the major ways in which breaches begin, the output of one breach is frequently the input for the next one. Through these paths, the most common attack vectors that resulted in breaches include web applications and email. The most common actions taken that resulted in breaches include the use of stolen credentials, ransomware, and phishing.


2. Small Businesses Are Also a Target for Ransomware

The report also highlighted the similarities between the types of attacks that bad actors carry out on small versus large businesses. To think that you’re not on a cybercriminal’s radar just because your business is small would be a mistake. Researchers found that many of the same threats that affect large organizations, such as ransomware and phishing, are just as common when targeting small businesses (1-10 employees).

Cybercriminals continue to use email for social engineering attacks, with the most frequent action varieties including phishing, use of stolen credentials, and pretexting.

“2.9% of employees actually click on phishing emails, a finding that has been relatively steady over time, that is still more than enough for criminals to continue to use it.” - Verizon DBIR, 2022


4. Mail Servers Are Under Attack

When looking at the top asset varieties in basic web application attacks, web application servers dominate; however, mail servers make up almost 20% of the total breaches, a sharp uptick from last year’s data.

“Of those mail servers, 80% were compromised with stolen credentials and 30% were compromised using some form of exploit... targeting of mail servers using exploits has increased dramatically since last year when it accounted for only 3% of the breaches.” - Verizon DBIR, 2022


5. Ransomware Increased by 13%

While the report’s researchers expected levels of ransomware attacks to level off in 2021, they witnessed quite the opposite. The report found that ransomware continues to gain popularity, with a 13% increase between 2020 and 2021.

Ransomware has gained popularity over the years due to the fact that it is a less time-consuming method for attackers. Holding data ransom means they can demand payment directly from their victim, as opposed to stealing it and needing to find a third party to purchase it on the darknet. The popular paths for ransomware attacks are phishing, exploiting vulnerabilities, and use of stolen credentials.

6. Supply Chains Act as Force Multipliers

Additionally, in 2021 we saw an increase in supply chain breaches. The report defines supply chain breaches as “a sequence of one or more breaches chained together.” These types of breaches can be particularly catastrophic because of the domino effect they have on the businesses and individuals they impact down the “chain”. Once the bad actor has infiltrated the primary victim, the threat can result in further casualties for the business partners, including secondary and tertiary victims. In fact, the report states that 62% of system intrusions came from a partner.

7. Social Engineering Used in Majority of Attacks

The report found that humans continue to be the most vulnerable point within organizations and that 82% of all breaches involved the human element. This is why so many cyber criminals start their multi-step attacks by first targeting an individual.

“Whether it is the use of stolen credentials, phishing, misuse or error, people continue to play a very large role in incidents and breaches…These attacks continue to be split between phishing attacks and the more convincing pretexting attacks, which are commonly associated with Business Email Compromise (BEC).” - Verizon DBIR, 2022

Social engineering remains a popular method of attack and was reported with the highest prevalence of use in the finance sector. It was also found that the human layer contributed to an organization’s rate of incidents and breaches through non-malicious privilege misuse, error, and misdelivery. The researchers found that in 2021, error or carelessness is something that has been heavily influenced by misconfigured cloud storage, or cloud storage that is deployed with very little additional security beyond basic controls.

The report also highlighted a rise in misdelivery data breaches, something that is 3 times higher in financial service breaches than in any other industry.

Improve Your Organization’s Security Posture

As Verizon’s report confirms, cybercriminals continue to infiltrate organizations by targeting the human layer through email, resulting in BEC, data loss, and financial fraud.

To learn more about email-based attacks, download your complimentary copy of Armorblox’s 2022 Email Security Threat Report. The report compiles trends by analyzing over 2.5 billion emails from January 2021 to March 2022 and highlights the use of language-based attacks that bypass existing email security controls.

The inaugural report uncovers how the continued increase in remote work has made critical business workflows even more vulnerable to new forms of email-based attacks, often resulting in financial fraud or credential theft. Armorblox protects your business from these sophisticated attacks through the use of Natural Language Understanding (NLU).

Download Armorblox's 2022 Email Security Threat Report below.

Download Report

Experience the Armorblox Difference

Get a Demo