The 2024 Verizon Data Breach Investigations Report highlights an alarming increase in data breaches, with a significant surge in hackers exploiting both zero-day and known software vulnerabilities for initial network access, a trend underscored by the targeted MOVEit campaign. The report, analyzing 30,458 security incidents globally, notes that stolen credentials remain a dominant method in web application attacks, while ransomware accounts for a third of breaches, and human errors contribute to 28% of incidents. Moreover, the rise in pretexting suggests cybercriminals are refining their techniques to circumvent traditional phishing defenses. The report also stresses the challenges organizations face in timely applying security patches, a gap exploited by attackers, and the evolving role of AI in crafting phishing lures.

Tracking Data Breaches: Targeting of Vulnerabilities Surges BankInfoSecurity

The 17th annual 2024 Data Breach Investigations Report from Verizon underscores a significant increase in the exploitation of vulnerabilities, with occurrences tripling primarily through ransomware targeting zero-day vulnerabilities. The report, led by Alex Pinto from the Verizon Threat Research Advisory Center, points out the MOVEit vulnerability as a prime example of this trend and highlights a concerning disparity between the speed of exploitation and the pace of patching efforts by organizations. Pinto emphasizes the critical need for better vulnerability management, especially for perimeter and external-facing vulnerabilities, and the role of vendor management in improving security outcomes. Additionally, he touches upon the challenges posed by third-party and supply chain vulnerabilities, the evolving nature of ransomware and extortion attacks, and the vital importance of security training and awareness programs to mitigate human errors.

Verizon Breach Report: Vulnerability Hacks Tripled in 2023 BankInfoSecurity

This article outlines the process for submitting statements for inclusion in the hearing record of a full committee hearing. Individuals or organizations are instructed to submit a single-spaced Word document, not exceeding 10 pages, to a specified email address or physical mailing address. The submission must include the title and date of the hearing, along with the full name and address of the submitter, and be sent no later than two weeks after the conclusion of the hearing. Only submissions in the specified format and within the given timeframe will be considered for inclusion in the hearing record.

Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next Finance.senate.gov

During a congressional hearing on May 1, UnitedHealth Group CEO Andrew Witty faced intensive questioning regarding a significant cyberattack impacting Change Healthcare, a company they acquired in 2022. The cyberattack, deemed one of the most disruptive in U.S. healthcare history, involved data theft and ransomware facilitated by poor security measures, particularly the absence of multifactor authentication. Witty apologized for the incident and committed to improving security protocols, but faced criticism for the delay in implementing essential security features and for the magnitude of support extended to affected providers. In defense, Witty cited the rapid containment efforts post-attack and the financial assistance provided to healthcare providers. Additionally, he did not provide specific details about the total affected population during later House subcommittee hearings, citing the ongoing investigation.

'A crisis of your creating': UnitedHealth CEO grilled by Congress on cyberattack publication