Vulnerability Exploitation Surges to 31%, Overtaking Stolen Credentials as Leading Cybersecurity Breach Method
Vulnerability exploitation has emerged as the predominant cause of cybersecurity breaches for the first time in nearly two decades, according to the latest Data Breach Investigations Report (DBIR) from Verizon. This shift underscores a significant transformation in the threat landscape, where attackers are increasingly leveraging artificial intelligence to exploit software vulnerabilities faster than security teams can respond.
The 19th edition of the DBIR reveals that 31% of all recorded breaches now initiate through vulnerability exploitation, surpassing stolen credentials as the most common entry point for cyberattacks. Researchers caution that AI-driven automation is drastically shortening the time between vulnerability disclosure and active exploitation, compressing defensive response windows from months to mere hours.
Vulnerability Exploitation Surpasses Stolen Credentials
Historically, stolen usernames and passwords have been the primary method employed by cybercriminals to infiltrate corporate systems. However, the latest findings indicate a marked shift in attacker behavior. Researchers have identified that threat actors are increasingly favoring vulnerability exploitation due to the capabilities of AI tools, which can rapidly identify weak systems, automate reconnaissance, and expedite exploit development.
The report highlights that attackers are now acting with unprecedented speed following the public disclosure of vulnerabilities. Organizations that previously had weeks or months to implement security patches are now facing exploitation attempts within hours of such disclosures. This trend places immense pressure on security operations teams, which are already grappling with the complexities of managing patching priorities in multifaceted environments.
Daniel Lawson, Senior Vice President of Global Solutions at Verizon Business, emphasized the critical need for robust cybersecurity fundamentals in light of these evolving threats. He stated that while the velocity of cyber threats is increasing, the foundational principles of security and effective risk management remain the most reliable defense.
AI Reshaping the Cyber Threat Landscape
The report consistently underscores the growing impact of artificial intelligence on cybercrime operations. AI is not only assisting defenders in identifying vulnerabilities more efficiently but is also enabling attackers to automate exploitation at an unprecedented scale and speed. The DBIR warns that AI-assisted attack workflows are creating what researchers describe as a “capacity crisis” for many security teams, compelling organizations to manage an increasing number of vulnerabilities while contending with shorter remediation timelines.
To address these challenges, the report recommends that enterprises:
- Strengthen patch management programs
- Reduce overall attack surface exposure
- Integrate AI into secure-by-design frameworks
- Expand defense-in-depth strategies
- Improve visibility into internet-facing assets
Additionally, researchers noted a significant rise in AI bot activity across the internet. AI bot crawler traffic is reportedly increasing by 21% month over month, while human-driven traffic growth has stagnated at just 0.3%.
Mobile Social Engineering Attacks Rising
Beyond vulnerability exploitation, the DBIR highlights notable changes in social engineering tactics. As users become more vigilant regarding traditional phishing emails, attackers are increasingly pivoting towards mobile-based scams that utilize text messages and voice calls. The report indicates that conversational and interactive mobile attacks now achieve success rates approximately 40% higher than traditional email phishing campaigns.
Attackers are employing various methods, including:
- Fake SMS messages
- Voice phishing calls
- Messaging app impersonation
- Mobile account verification scams
Cybersecurity analysts have warned that mobile devices represent a significant blind spot for many organizations, as security monitoring on smartphones often lags behind that of corporate desktops and servers.
Shadow AI Creates New Data Leakage Risks
Another pressing concern highlighted in the DBIR is the rapid rise of “shadow AI” usage within organizations. This term refers to employees utilizing unapproved artificial intelligence tools without formal oversight from security or compliance teams. According to Verizon’s findings, the frequency of AI platform usage among employees surged from 15% to 45% within a single year.
Researchers have identified that shadow AI has become the third most common cause of non-malicious data leakage incidents. Security experts caution that employees may inadvertently expose:
- Confidential corporate data
- Customer information
- Source code
- Internal business documents
- Sensitive communications
The report stresses the necessity for organizations to establish clearer governance policies surrounding AI usage as adoption continues to accelerate across workplaces.
Supply Chain Breaches Continue to Grow
The DBIR also documents a significant increase in third-party and supply chain compromises. Researchers found that breaches involving external vendors rose by 60% compared to previous reporting periods, with third-party involvement now accounting for 48% of all recorded breaches. As organizations increasingly rely on cloud providers, software vendors, and outsourced services, attackers are targeting weaker links within interconnected supply chains.
The report concludes that the cybersecurity industry is entering a phase where resilience, rapid response capabilities, and basic security hygiene are paramount, despite the rapid advancements in AI-powered attack techniques. While artificial intelligence is reshaping the speed and scale of cyber threats, organizations must continue to prioritize foundational cybersecurity practices to defend against the growing wave of vulnerability exploitation and AI-driven attacks.
Source: thecyberexpress.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
