Espionage Motivated Cyberattacks on the Rise in the Asia-Pacific Region

The 2024 Data Breach Investigations Report released by Verizon Business this week found that 25% of cyberattacks in the Asia-Pacific region are motivated by espionage, and vulnerability exploitation has grown by 180%.
These are two key findings in the May 1, 2024, report, which analyzed a record-high 30,458 security incidents and 10,626 confirmed breaches in 2023.
Other important findings from the report include:
  • On average, it took organizations about 55 days to patch 50% of their critical vulnerabilities;
  • More than two-thirds of breaches involve a non-malicious human element;
  • 32% of all breaches involved some extortion technique, including ransomware;
  • Over the past two years, between 24% and 25% of financially motivated incidents involved pretexting; and
  • Over the past ten years, the use of stolen credentials has appeared in 31% of all breaches.
Of the 2,130 security incidents and 523 confirmed breaches in the Asia-Pacific region, system intrusion, social engineering, and basic web application attacks represent 95% of breaches. The most common types of data compromised are credentials (69%), internal (37%), and secrets (24%).
Globally, the exploitation of vulnerabilities as an initial point of entry almost tripled since last year, now accounting for 14% of all breaches. This spike was driven primarily by the scope and increasing frequency of zero-day exploits by ransomware actors, most notably the MOVEit breach, one of the most widespread exploitations of a zero-day vulnerability in history.
“The persistence of the human element in breaches shows that there is still plenty of room for improvement with regard to cybersecurity training, but the increase in self-reporting indicates a culture change that destigmatizes human error and may serve to shine a light on the importance of cybersecurity awareness among the general workforce,” said Robert Le Busque, Verizon Business Asia-Pacific Regional Vice President.
Analysis of the Cybersecurity Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalogue revealed that, on average, it takes organizations 55 days to remediate 50% of critical vulnerabilities following the availability of patches.
Meanwhile, the median time for detecting the mass exploitations of the CISA KEV on the internet is five days. Last year, 15% of breaches involved a third party, including data custodians, third-party software vulnerabilities, and other direct or indirect supply chain issues. This metric shows a 68% increase from the previous period described in the 2023 DBIR.
Most breaches (68%), whether they include a third party or not, involve a non-malicious human element. This percentage is about the same as last year. One potential countervailing force is the improvement of reporting practices: 20% of users identified and reported phishing in simulation engagements, and 11% of users who clicked the email also reported it.
You can read the full report here.