Verizon 2025 DBIR Review

It’s here, the 18th annual Verizon 2025 Data Breach Investigations Report (DBIR) which contains a comprehensive look at the current state of cybercrime. Cybersecurity professionals around the world will soon be brewing some coffee and preparing to dig into the beautifully-written (and sometimes funny!) report, which weighs in this year at a svelte 117 pages. The Verizon DBIR team has access to a trove of data about incidents and breaches, making the report a truly useful window into the prevailing cybersecurity winds. Cequence Security is proud to be the only API security vendor contributing threat intelligence data to the report. Cequence’s data is unique and based on real threats and attacks against some of the largest organizations in the world.

Some key takeaways of this year’s report:

• Third-party involvement in breaches doubled from last year, increasing to 30% of all breaches.
• The exploitation of vulnerabilities was present in 20% of all breaches (a 34% increase from last year). Of these exploited vulnerabilities, 42% were via a web application.
• Use of stolen credentials was the main action in 88% of basic web application attacks.

Basic Web Application Attacks continue to be the one of the most prevalent types of attacks. Verizon describes these as attacks with a small number of additional steps or actions after the initial compromise – ‘get in, get the data, get out.’ Modern web applications are typically supported by APIs which attackers also often exploit, enabling data exfiltration without having to breach servers or the corporate network. Simply put, insecure APIs can provide attackers with “shortcuts” to sensitive corporate or customer data.

Cequence helps protect these APIs by discovering them with both outside-in and runtime discovery, ensuring a complete inventory of APIs. We then assess those APIs for risks such as misconfigured authentication and authorization parameters and provide guidance on remediation. Cequence also offers API security testing capabilities, which can help identify these types of issues prior to production.

Credential abuse was again the leading attack vector for breaches. The report stated that, “about 88% of the breaches involve the use of stolen credentials.” These can be specific credentials for specific web applications, but more commonly it’s a trove of stolen credentials that the attacker will try one after the other to try and gain access.

This type of attack is one that Cequence excels against. Not only do we provide rate limiting (among other mitigation methods, including blocking), but our network-based approach enables us to see inside transaction content and detect that an attacker is iterating through credentials, either at a high rate of speed, or low and slow as to avoid detection. Cequence can even detect these kinds of attacks and autonomously create a mitigation policy that can be applied automatically or after human review.

SIM Swapping got its own page this year. SIM swapping is a type of account takeover (ATO) attack affecting telecommunications companies that is becoming more and more common. It enables the attacker to receive 2 factor authentication (2FA) text messages, potentially giving them access to much more than just the phone, such as your bank account. The report suggests using Time-based One Time Password (TOTP) multi-factor authentication (such as Authy or Google Authenticator), but personally I think we’re a long way from getting regular folks to use those as much as they should.

Cequence helps prevent SIM swapping at some of the largest telecoms in the world. Our products map user journeys and detect deviations, potentially indicating malicious activity. Monitoring API traffic, fingerprinting behavior, and combining that with the user journey information enables us to accurately detect and mitigate SIM swapping.

Generative and Agentic AI

There was light information in the report about generative AI, likely due to the still nascent market, slow uptake in businesses, and lack of data. However, they did state, “A closer-to-home emerging threat from AI is the potential for corporate-sensitive data leakage to the GenAI platforms themselves,” meaning the potential for employees to either knowingly or accidentally upload sensitive corporate information to the LLMs to support a task the employee was trying to accomplish. For example, a developer asking ChatGPT for help with a coding problem may upload some existing code as part of the prompt. Situations like this are likely to be common and a serious potential problem, especially as API-based agentic AI takes off and local LLMs gather data from inside the corporate network.

Due to Cequence’s network-based approach, we can already see the API calls made to and from AI applications, and with our automatic sensitive data detection and optional masking, we can detect and prevent sensitive data exposure via APIs.

Wrapping Up

The report is large, and these are just some of the takeaways I thought were interesting. If you haven’t already, check out the Verizon 2025 Data Breach Investigations Report (DBIR) yourself. If you’d like to talk to us further about how Cequence API Security and Bot Management can help your business, please reach out and we’ll set up a call or arrange a demo.