Cybercrime , Fraud Management & Cybercrime , RSA Conference

Not Just MOVEit: 2023 Was a Banner Year for Zero-Days

Verizon Data Breach Investigations Report Author Details Online Criminal Trends
Alex Pinto, senior manager, Verizon Threat Research Advisory Center

If there's one data breach trend that stands out, it's hackers' vigorous focus on finding zero-day vulnerabilities or recently patched flaws and exploiting them through automated scanning.

See Also: Detecting and Mitigating Fraud Through Trust Building

Exhibit A, of course, is last year's mass hack attack on MOVEit servers instigated by the Clop ransomware group - an attack with a known victim list of almost 2,800 organizations worldwide (see: Known MOVEit Attack Victim Count Reaches 2,618 Organizations).

But even without the MOVEit incident, 2023 still would have been a year of sharp growth in hacker exploitation of vulnerabilities, said Alex Pinto, senior manager, Verizon Threat Research Advisory Center. "There are people scanning the whole wide internet and just seeing which doors are open," he said.

In this video interview with Information Security Media Group at RSA Conference 2024, Pinto also discussed:

  • Why "patching harder" isn't the answer to resolving security vulnerabilities;
  • The gap between patch availability and patch uptake;
  • How online criminal gangs are shifting to pure play extortion.

Pinto has more than 20 years of experience in building security solutions that focus on the application of data science to cybersecurity. His teams at Verizon are responsible for the Verizon DBIR and support security research and thought leadership in the organization. Pinto joined Verizon in 2018 after it acquired his machine learning-based network detection company, Niddel.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.