85% of Data Breaches Involve Human Interaction: Verizon DBIR

  /     /     /  
Publicated : 23/11/2024   Category : security


85% of Data Breaches Involve Human Interaction: Verizon DBIR


Ransomware, phishing, and Web application attacks all increased during a year in which the majority of attacks involved a human element.



Web application attacks, phishing, and ransomware increased over the past year, emphasizing a shift as attackers took advantage of people working from home and spending more time online amid the COVID-19 pandemic. Most (85%) attacks seen in 2020 involved human interaction.
This is a key takeaway from Verizons 2021 Data Breach Investigations Report, published today with nearly 120 pages of data, trends, and analysis about a year in which cybercrime accelerated as many other aspects of life slowed down. The latest DBIR analyzes 29,207 quality incidents, of which 5,258 were confirmed breaches – one-third more compared with last years report.
The median financial impact of a breach last year was $21,659, with 95% of incidents falling between $826 and $653,587. While many breaches did not lead to losses, those that did had a wide range: Ninety-five percent of computer data breaches that led to losses fell between $148 and $1.6 million, with a median loss of $30,000. The median amount lost to ransomware was $11,150, and the range of losses in 95% of attacks that cost victims ranged from $70 to $1.2 million.
Phishing attacks and ransomware attacks increased by 11% and 6%, respectively, researchers report. 
Any double-digit increase in the report is big, says Gabe Bassett, senior information security data scientist for the Verizon Security Research team and co-author of this years Verizon DBIR. Its a percentage increase, so it has to steal from somewhere else.
Phishing was seen in 25% of breaches in last years report; this year, it was 36%. Data shows attacks with negative changes in 2020 include misdelivery (-6%), password dumper (-6%), privilege abuse (-5%), misconfiguration (-2%), theft (-2%), vulnerability exploits (-2%), and data mishandling (-2%). While there isnt an exact one-for-one in terms of gains for losses, this helps to explain where phishing and ransomware stole from, he notes.
Theres definitely a continued shift for the attackers toward the most efficient attacks and methods of monetization, Bassett continues. Breaches are moving away from complexity, toward simplicity.
Most attackers are external and financially motivated, and organized crime is the top attacker category, the report states. Even as awareness of supply chain attacks has increased, the overall percentage of attacks with a secondary motive – in which the ultimate goal is to leverage the victims access, infrastructure, or assets to launch more attacks – has decreased from last year.
Phishing attacks go hand-in-hand with the use of stolen credentials. More than 60% of breaches involved credential data, and 95% of organizations experiencing credential stuffing attacks had between 637 and 3.3 billion malicious login attempts throughout the past year. The use of stolen credentials didnt increase much, he notes, but it was already a large part of breaches.
Credentials are the skeleton key, Bassett says. Most know stolen credentials are a problem, but what they may not think about is how they spread across attack patterns and enable the start of many different types of data breaches, from phishing campaigns, to stealing the contents of a target mailbox, to a ransomware campaign in which an attacker encrypts then steals data.
The trend toward simplicity is evident in the continued increase of business email compromise (BEC), which followed phishing as the second most common form of social engineering, reflecting a 15x spike in misrepresentation, a type of integrity breach. BEC doubled last year and again this year. Of the 58% of BEC attacks that successfully stole money, the median loss was $30,000, with 95% of BECs costing between $250 and $984,855, researchers learned.
Of the breaches analyzed, 85% had a human element. This is a broad term that encompasses any attack that involves a social action: phishing, BEC, lost or stolen credentials, using insecure credentials, human error, misuse, and even malware that has to be clicked then downloaded.
I think its very easy in security to forget that what were securing is not the computer. What were securing is the organization, Bassett explains. The organization is the people as well.
A Target on Web Applications
Attacks on Web applications made up 39% of all breaches, underscoring the challenges that business face as they move more business functions to the cloud.
Basic Web application attacks, a new attack pattern in this years DBIR, are those with a small number of steps or additional actions after the initial Web application compromise. These attacks typically target open Web and Web-adjacent interfaces.
They are very focused on direct objectives, which range from getting access to email and web application data to repurposing the web app for malware distribution, defacement or future DDoS attacks,
researchers state in the report
.
While most of these attacks involved hacking servers, the report states, there are sub-patterns, such as the use of stolen credentials and brute forcing a Web application to compromise either actual Web apps or Mail servers. Nearly all (96%) Mail servers compromised in these attacks were cloud-based, leading to the compromise of personal, internal, or medical information.
There are two ways to look at the challenges of businesses moving to the cloud, Basset says. The first is, organizations must be careful because theres a new threat model, but the other is that attackers are following me to the cloud because thats where Ill be. Transitioning to the cloud changes the security mentality: Traditionally businesses have been focused on securing the computer. When they move to the cloud, that computer is no longer theirs.
Moving to the cloud refocuses more clearly on the human element, he continues. Now organizations are more focused on protecting the people, their credentials, and how they access resources from outside the organization.
Basset emphasizes the importance of security operations for organizations large and small. One key takeaway from this DBIR and previous reports has been the spikiness of security data. There may be a long time between a few short distribution denial-of-source (DDoS) attacks, and then there will be a massive one. Or there could be several small instances of credential stuffing, following by a large one.
Researchers know theres no way to predict the big, one-off security events that are an exception to the norm. They can engineer for the main types of attacks, such as phishing, and those will stop more of the small and unique attacks that happen. However, they cant prepare for the next major cyberattack. Thats where operations come into play. Operations its people – its flexible, he says. They are the ones who can help address those exceptional threats.
You can engineer for the expected, but you need to have ops for the exceptional, Basset says. Youre not going to be able to predict when that big thing happens, so you need to be able to operationally adapt to it.
Alex Pinto, co-author of the DBIR, will further discuss trends from this years report, and what they mean for organizations, in an interview with Dark Reading editor-in-chief Tim Wilson at the upcoming RSA Conference. A link to the interview is
here
.

Last News

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
85% of Data Breaches Involve Human Interaction: Verizon DBIR