blog

2025 Verizon Report Show Ransomware Attacks up 37%

Written by Randy Cooper | May 17, 2025 12:20:21 PM
The Verizon 2025 Data Breach Investigations Report (DBIR), released in April 2025, provides a comprehensive analysis of over 22,000 security incidents, including 12,195 confirmed data breaches across 139 countries. The report highlights a sharp escalation in cyber threats, driven by sophisticated tactics, supply chain vulnerabilities, and human error. Below, I’ll dive into the key findings on rising cyber threats, their implications, and actionable insights from the report, connecting it to broader cybersecurity trends, including the Coinbase breach discussed earlier.
 

Key Findings on Rising Cyber Threats

  1. Surge in Vulnerability Exploitation (34% Increase): The report notes a 34% rise in attacks exploiting software vulnerabilities, with a focus on zero-day exploits targeting edge devices like firewalls, VPNs, and routers (e.g., Ivanti, Palo Alto Networks, Cisco). These devices are prime entry points due to their exposure and slow patching—organizations take a median of 32 days to remediate edge device vulnerabilities, while attackers scan for exploits within five days. This trend aligns with the Coinbase breach, where attackers leveraged insider access to bypass technical defenses, highlighting how unpatched or human-related vulnerabilities amplify risks.
  2. Ransomware Surge (37% Increase, 44% of Breaches): Ransomware attacks grew by 37% year-over-year, appearing in 44% of breaches, with small and medium-sized businesses (SMBs) hit hardest (88% of their breaches involve ransomware). Despite a drop in median ransom payments (from $150,000 in 2023 to $115,000 in 2024), the prevalence of ransomware remains a critical threat, often combined with data extortion. The Coinbase incident indirectly ties to this, as stolen customer data could fuel ransomware or phishing campaigns. The report notes 64% of victims avoided paying ransoms (up from 50% two years ago), reflecting growing resilience but also the persistent threat to less mature organizations.
  3. Third-Party Breaches Double (30% of Breaches): Third-party involvement in breaches doubled to 30%, underscoring supply chain risks. Attackers target partners or vendors with weaker security to access larger networks, a tactic seen in recent retail attacks like those on Marks & Spencer. The Coinbase breach, involving bribed overseas support staff, exemplifies how third-party insiders can be exploited. The DBIR emphasizes that supply chain attacks maximize impact with minimal effort, necessitating robust vendor security assessments and zero-trust models.
  4. Human Element and Social Engineering: Human error or manipulation remains a factor in most breaches, with 60% involving social engineering, misdelivery, or credential abuse. Phishing, a key tactic, saw users falling for emails in under 60 seconds, though reporting rates improved (20% of users report phishing in simulations). The Coinbase attack relied on social engineering to trick customers into transferring funds, illustrating how stolen data fuels such schemes. The report also highlights a 442% spike in voice phishing (vishing) in late 2024, often using AI-generated deepfakes, a growing concern for all sectors.
  5. Espionage and Industry-Specific Threats: Espionage-motivated attacks rose to 17%, particularly in manufacturing and healthcare, where vulnerabilities are exploited 70% of the time for initial access. Retail saw a 15% increase in incidents, with attackers shifting from payment card data to credentials and business plans. In the Asia-Pacific (APAC) region, system intrusions account for 80% of breaches, with malware (83%) and ransomware (51%) dominant. These trends suggest state-sponsored actors and financially motivated hackers are adapting to exploit sector-specific weaknesses.

Implications and Broader Context

The Verizon DBIR paints a complex threat landscape where attackers are faster, more adaptive, and increasingly focused on supply chains and unpatched systems. The Coinbase breach, costing $180M-$400M, reflects these trends: insider threats (bribed staff), social engineering (customer scams), and the potential for stolen data to fuel further attacks like ransomware. The report’s findings align with other 2025 incidents, such as the SAP NetWeaver zero-day exploits by China-linked APTs and North Korean IT worker scams, which generated $17M through insider access. These cases highlight how financial motives (87% of breaches) and espionage (20%) drive cybercrime, with SMBs and critical infrastructure like energy and government sectors particularly vulnerable.
 
The doubling of third-party breaches signals a dissolving traditional security perimeter, as seen in the Coinbase case and retail attacks. Slow patching (55 days for critical vulnerabilities per CISA’s KEV catalog) and human error (68% of breaches in 2024) exacerbate risks, while AI-driven attacks, like deepfake vishing, add complexity. The report’s emphasis on SMBs facing disproportionate ransomware impacts (88% of breaches) underscores the resource gap, as smaller organizations lack the IT maturity of larger firms.
 

Actionable Insights from the Verizon DBIR

The DBIR recommends a multi-layered defense strategy to counter these threats:
  • Swift Patching and Vulnerability Management: Prioritize patching edge devices and use CISA’s KEV catalog for real-time risk analytics. Automated monitoring and predictive frameworks can shift organizations from reactive to proactive stances.
  • Third-Party Risk Management: Implement vendor assessments, continuous monitoring, and zero-trust models to secure supply chains. The Coinbase breach shows the need for stricter oversight of third-party staff.
  • Employee Training and Phishing Defenses: Regular phishing simulations and security awareness training reduce human error. The 20% reporting rate for phishing is progress but insufficient against AI-driven vishing.
  • Immutable Backups for Ransomware: Immutable backups ensure rapid recovery without reintroducing malware, critical for SMBs facing high ransomware rates.
  • Multi-Factor Authentication (MFA) and Strong Credentials: Enforce MFA and monitor leaked credentials, which take 94 days to remediate on public repositories. This could have mitigated risks in the Coinbase social engineering attacks.

Connecting to Coinbase and Beyond

The Coinbase breach illustrates the DBIR’s findings in action: third-party insiders (bribed support staff) and social engineering (customer scams) mirror the report’s warnings about supply chain risks and human manipulation. The $20M ransom demand Coinbase refused aligns with the 64% of organizations avoiding payments, but the stolen data could still fuel ransomware or phishing, as seen in the 44% of breaches involving ransomware. This incident, alongside others like the $1.5B Bybit hack, shows crypto exchanges as high-value targets due to their financial assets and sensitive data, reinforcing the DBIR’s call for layered defenses and vendor scrutiny.
 

Conclusion

The Verizon 2025 DBIR reveals a cyber threat landscape marked by rising vulnerability exploitation, ransomware, and third-party breaches, with human error and supply chain weaknesses as key enablers. The Coinbase breach exemplifies these risks, highlighting the need for robust insider threat detection, observing cybersecurity best practices, adherence to compliance regulations, and third-party oversight. Organizations must adopt proactive measures—real-time threat detection, secure email gateway, immutable backups, zero-trust models, and ongoing training—to stay ahead of adaptive attackers. 
 
Source: https://www.verizon.com/business/resources/reports/dbir/
View full post