81% of hacking-related breaches leveraged either stolen and/or weak passwords
Use of stolen credentials and backdoor/C2 were the most prominent hacking varieties (represented in over half of the breaches), with brute force attacks reporting just under a third. Many of these attacks involved actors using valid partner credentials and backdoors, while a third of them represented desktop sharing as the hacking vector.
7.3% of users across multiple data contributors were successfully phished—whether via a link or an opened attachment. That begged the question, “How many users fell victim more than once over the course of a year?” The answer is, in a typical company (with 30 or more employees), about 15% of all unique users who fell victim once, also took the bait a second time. 3% of all unique users clicked more than twice, and finally, less than 1% clicked more than three times.