BlogNews5TH JUL 2024
AuthorSamir Yawar
3 min read
News

DBIR 2024: The Effect of VPNs on Zero-Day Exploits

Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image on effect of VPNs on zero-day exploits
BlogNews5TH JUL 2024
3 min read
News

DBIR 2024: The Effect of VPNs on Zero-Day Exploits

AuthorSamir Yawar
Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image on effect of VPNs on zero-day exploits

There has been a 180% increase in the exploitation of vulnerabilities this year for breaching cybersecurity defences. This development doesn’t come as a surprise to those who have been following the threat posed by the MOVEIt vulnerability and other zero-day exploits. Most ransomware and extortion-related threat actors know this. However, the effect of virtual private networks (VPNs) on zero-day exploits has minimized the risk behind these cyber attacks significantly.

We take a look at how victims without VPNs have fared vs those who had them.

How VPNs are becoming a popular attack vector

Verizon’s 2024 Data Breach Investigations Report analyzed more than 10,000 breaches. Here’s a look at how breaches involving credentials, phishing and exploits have fared over the past three years:

breaches over time DBIR 2024 report

Some key takeaways:

  • Phishing attacks are mostly carried out via an email vector.

  • Most credential theft and exploit vulnerabilities have occurred due to the web application vector.

  • As 2024 begins, VPN software is becoming the new attack vector for threat actors to exploit.

Analysts believe that the share of VPN vector will increase in the next year, reflective of the current trends being studied.

Because threat actors are constantly looking for any attack surface they can exploit, the popularity of VPN software to bypass censorship and access exclusive streaming channels has made it a popular target.  

Are VPNs effective against zero-day exploits?

Irrespective of the new-found interest of hackers using exploit vulnerabilities present in popular desktop VPN applications, the DBIR 2024 report recommends that having your web applications running under a virtual private network is better for cybersecurity. Even if VPN applications are not patched, they serve as a countermeasure against more security threats.

Here’s a look at how effective being behind a VPN can have against breach attempts using the most common attack surfaces:

A look at the use of VPNs to stop the most common data breach attempts

Nevertheless, using a VPN won’t completely mitigate the cybersecurity risks faced by an organization. But the prospect of using one tool (VPNs) on your network against several is too enticing to pass up. With numerous industries impacted by cyber attacks, bolstering your cybersecurity posture requires a balanced mix of security awareness training and tools to mitigate cyber threats.

Note: This post is part of our extensive coverage of Verizon's Data Breach Investigations Report 2024, detailing the top cybersecurity threats faced by governmental, non-profit and corporate organizations.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
FAQsFrequently Asked Questions
The Verizon Data Breach Investigations Report (DBIR) is an annual publication by Verizon that provides a comprehensive analysis of data breaches and cybersecurity incidents. The report is based on an extensive collection of data from real-world security incidents, including data breaches, contributed by a wide range of organizations and security partners.