Written by: Stephen K. Ryan, CCSFP
Verizon recently released their 2020 Data Breach Investigation Report (DBIR) detailing crucial statistics of security threats faced by industries globally. This report analyzed more than 157,000 cybersecurity incidents and just under 4,000 data breaches from 81 countries. The information detailed in this report is designed to inform businesses of the latest malicious trends and methods attackers are using—allowing organizations to stay one step ahead of hackers, risks, and hazards they may face in the future.
We’ve looked at this in-depth report and summarized some if its key points that can lead to a better understanding of your infrastructure and help develop an improved security posture.
How are Breaches Happening?
Verizon found that the main source of breaches involved hacking (45%), miscellaneous errors (22%), social engineering attacks (22%), and malware installation (17%).
45% of all breaches this year involved hacking. Hacking itself is driven by attackers trying to steal credentials. The use of compromised credentials has been growing exponentially among hackers, in particular, SSH (port 22) and Telnet (port 23) connection attempts. In these attacks, hackers utilize brute force, credential stuffing, or password spraying. In the majority of these instances, attackers are either guessing simple passwords (and succeeding at an alarming rate), or are more commonly purchasing stolen credentials via the black market.
In addition to these ports being targeted, attackers are using the same methods on organization-owned, publicly facing web applications. Weak passwords are becoming larger vulnerabilities for attackers to exploit, as it’s a relatively simple and quick method to gain access to the network.
There’s one area that continues to grow year after year: errors. People can and will make mistakes. Most of the time these mistakes seem minor and frequently go unnoticed, but they can have major consequences.
Misconfiguration, misdelivery, publishing, and disposal errors are just a few examples of the mistakes found. The increase in these incidents could be attributed to an increase in honesty among businesses admitting their errors. It could also be attributed to the heightened abilities of security researchers and third parties discovering these incidents.
The combination of social engineering and hacking has resulted in attackers being able to steal user credentials and gain access to sensitive network systems.
Social engineering came in two major forms this year—phishing (over 80%) and pretexting (just under 10%). Credential theft is the most common driver of social attacks. However, the click rate on phishing and pretexting attacks is the lowest it’s ever been, clocking in at only 3.4%.
Malware attacks have decreased rapidly over the past few years in favor of easier methods like hacking and social engineering. Hacking and social breaches benefit from the theft of credentials (password dumpers and phishing), which makes it no longer necessary to add malware in order to gain access.
Findings Across All Industries
Of the breaches found in all industries globally:
- 86% were financially motivated
- 43% involved web application attacks
- 37% stole or used credentials
- 27% involved ransomware
- 22% involved phishing
Who are the Victims?
Cyberattacks are targeting every industry. Financial services, public sector, professional services, healthcare, and technology companies remain the most targeted, but every industry had its own risks and threats.
Financial Industry Concerns
- Web application attacks that leverage the use of stolen credentials continued to affect this industry
- Internal-actor-caused breaches shifted from malicious actions to benign errors
- The two main forms of errors that lead to breaches were misdelivery and misconfigurations
- Social engineering remains a top threat, with phishing emails to executives being the most common
- This industry saw phishing attacks in 28% of breaches and hacking via stolen credentials in 23% of breaches
- Ransomware accounted for approximately 80% of malware infections in this vertical
- These institutions performed poorly in terms of reporting phishing attacks, which correlated to them losing critical response time to remediate the situations
- Financially motivated criminal groups continued to target this industry via ransomware attacks
- Lost and stolen assets remained a problem in the incident dataset
- Basic human error is alive and well in this vertical
- Misdelivery grabbed the top spot among error action types
- Web application attacks via vulnerability exploits and the use of stolen credentials were prevalent in this industry
- Errors continued to be a significant factor and were primarily made up of the misconfiguration of cloud databases
- Growth in Denial of Service attacks also remains a problem for the Information sector
Scientific & Technology Concerns
- Financially motivated attackers continued to steal credentials and leverage them against web application infrastructure
- Social engineering in the form of phishing and pretexting was a common tactic used to gain access
- This industry also suffered from Denial of Service attacks regularly
How Can I Protect my Business?
These staggering statistics understandably cause some panic and anxiety—wondering when you’ll be attacked, how you’ll be affected, and how you’ll recover. However, there are proven methods to proactively address these cyber risks.
In our latest whitepaper, we dive into the nuances of the 2020 DBIR report, break down the hazards affecting each individual industry, and take a look at how you can implement preventive procedures to secure your infrastructure before you become another statistic for Verizon’s 2021 report.