Verizon report notes rise in nation-state attackers, on C-suite, cloud servers, payment web apps
Social engineering attacks against C-level executives, hacks of cloud-based email servers, and compromises of payment card web apps were all notably up last year, according to the newly released 2019 Verizon Data Breach Investigations Report (DBIR).
Other key takeaways from the past year included a marked decrease in successful attacks against physical point-of-sale terminals and a sharp drop in reported W-2 scams. And despite being in an ongoing battle for popularity among cyber-criminals, ransomware beat out cryptomining programs by a wide margin in terms of the number of incidents in which they were involved.
For its report, Verizon recorded 41,686 security incidents in 86 countries during the period of 1 November, 2017 to 21 October, 2018 – nearly 12,000 fewer events than the previous annual period. Verizon also registered 2,013 data breaches versus 2,216 in the previous year. (By Verizon’s definition an incident is when data is exposed to possible harm, while a breach is when an unauthorised party is confirmed to have accessed data.)
Compared to previous years covered by the report, C-level executives last year were 12 times more likely to be the target of a social engineering incident and nine times more likely to be the target in a breach caused by social engineering.
Sam Curry, chief security officer at Cybereason, said "Much as notorious bank robber Willie Sutton was often cited as saying, you rob banks because that’s where the money is, going after the C suite makes sense. Not only does the C suite have the best business intel, insight and access, they often negotiate exceptions to security or bypass them confidently and arrogantly. They make great targets for attackers, along with privileged business super-users, admins and those who have accumulated too many rights in a career."
Brian Higgins, security specialist at Comparitech.com agrees: "I’m not at all surprised to see C-Suite attacks featuring strongly as cyber-criminal methodologies have evolved and matured over the past decade."
In emailed comments he adds: "Whereas before, a global phishing email might elicit a worthwhile haul of bank details and other criminally commoditised data, the modern cyber-crime organisation recognises the value in more targeted, high level attack."
Meanwhile, as companies continued to migrate important data and processes to the cloud, cyber-criminals naturally began seeing this trend as an opportunity. Consequently, Verizon researchers reported an increase in hacks against cloud-based email servers using stolen credentials. In fact, they found that unauthorised access of cloud-based email servers were involved in over 50 percent of breaches that involved a web application as an attack vector.
"As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed," said Bryan Sartin, executive director of security professional services at Verizon said in a company press release. That’s why "Security needs to be seen as a flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line," he continued.
"As more and more information and data, the ‘crown jewels’ of any business, migrates to SaaS and IaaS based solutions, organisations just do not have visibility and control that they had with their traditional enterprise security capabilities," added Pravin Kothari, founder and CEO of CipherCloud, in emailed comments. "Criminals are also finding it far easier to target the cloud to utilise stolen passwords, API vulnerabilities or misconfiguration to take over accounts and access all information like an authorised user, thus bypassing all security controls."
Verizon further reported that compromises of payment card web applications are poised to soon surpass successful attacks on physical payment terminals, which have decreased in frequency potentially due to the effectiveness of chip and PIN technology, the report suggests.
The researchers also noted a major decrease in reported W-2 tax form scams, which they said almost entirely disappeared from the DBIR data set. In its report, Verizon guesses this trend could be "due to improved awareness within organisations, noting a correlation between this development and a 6x year-over-year decrease in breaches affecting human resource personnel.
Ransomware made another strong showing in this year’s report, accounting for almost 24 percent of incidents in which a malware program was used – second only to C2 communications malware. Meanwhile cryptominers didn’t even crack the top ten, only appearing in two percent of incidents.
"The numbers in this year’s data set do not support the hype" around cryptominers, the report states.
Among 21 industry categories listed in the report (including an "unknown" category), the public sector experienced the most breaches with a total of 330, followed by health care (304), "unknown" (289) and finance (207). The public sector also suffered through the highest number of incidents (23,399), followed by "unknown" (7,350) and the entertainment industry (6,299).
Other notable statistics from the report:
Perpetrators: 69 percent of breaches were executed by outsiders, including cyber-criminal groups (39 percent) and nation-state or state-affiliated actors (23 percent). Just over a third, 34 percent, involved an insider threat. (Some breaches could have involved both external and internal actors.)
Tactics: 52 percent of breaches involved hacking, 33 percent included social engineering as a component, 32 percent involved phishing, 29 percent were made possible through stolen credentials and 28 percent were malware-enabled.
Motive: 71 percent of breaches were financially motivated, while 25 percent were conducted as part of an espionage operation designed to gain a strategic advantage.
Bob Huber, CSO of Tenable noted, "While many reports will talk about nation-state hacking or advanced threats, what this year’s DBIR shows, as it has for many years now, is that the attacks that are most successful are not new or even particularly clever – they’re just effective."
"Business email compromise attacks, malware infections and… tried-and-tested credential abuse make up the report’s key findings. Translating this simply: it’s a lack of basic cyber-hygiene that is still to blame for nearly all 41,686 security incidents and 2,013 confirmed breaches."
Regarding state attack increases, Igor Baikalov, chief scientist at Securonix emailed SC Media UK to note the dramatic 74 percent increase in the number of breaches attributed to the nation-state or state-affiliated actors. "It might be explained by more aggressive attribution, since it's in line with the number of breaches associated with espionage and seems to come at the expense of a reduction in the number of breaches attributed to organised crime.
"Phishing awareness and cyber-hygiene training seem to be working, as the number of clicks on phishing emails in simulations continues its steady decline, but the concern is the three percent that still click on ANY phishing email. Internet access as well as access to sensitive data for this population has to be tightly controlled and even restricted for repeat offenders."
However, Bob Huber, CSO of Tenable noted in an email to SC Media UK: "While many reports will talk about nation-state hacking or advanced threats what this year’s DBIR shows, as it has for many years now, is that the attacks that are most successful are not new or even particularly clever - they're just effective. Business email compromise attacks; malware infections and the tried and tested credential abuse make up the reports key findings. Translating this simply - it’s a lack of basic cyber-hygiene that is still to blame for nearly all 41,686 security incidents and 2,013 confirmed breaches.
"If we're ever to see these figures decrease, organisations need to focus on doing the basics – understanding what they’ve got, what's important to the business and then making sure it's protected 24/7."
It was a view reiterated by Morey Haber, chief technology officer & chief information security officer at BeyondTrust who commented: "The results of the report make it exceedingly clear to us that organisations need to focus on security basics and be persistent with disciplines under their control."
- ISO27001/PCI Information Security Consultant
- Up to £65,000 Base
ISO27001/PCI Information Security Consultant with audit and advisory experience is needed for a client-facing opportunity with a Cyber Security company in London. Experience with ISO27001 is essential, PCI is highly desirable. Activities of the role will include, but not be limited to providing advice to clients, Gap analysis, Risk assessment, analysis, ISO27001 Audits. Experience taking a client through to iso 27001 certification is highly desirable and preferable. This Cybersecurity consultancy, who are dedicated to improving and investing in their client's businesses and employees careers, are looking for a security consultant due to expansion. All the training and development will be provided to helping them specialise into the PCI industry / Security advisory industry. Ideal certifications ISO27001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA. The ability to SC Clearance is essential. MUST be UK based and realistically able to commute to London. Structured career path, technical training, diverse and interesting clients available. ISO70001 Lead Auditor, ISO 27001 Lead implementer, PCI ISA. Aspiring PCI QSA Contact me on email@example.com or 07884666351 or 02086634030 Ref CH7584 (Information Security Jobs, Security Consultant Jobs, Information Security Consultant Jobs)
- Healthcare Business Development Manager
- Up to £60,000 Base + UNCAPPED Earnings
Healthcare Business Development Manager We are currently working with a multi-vendor IT solutions provider who are looking for a Business Development Manager who will be responsible for selling into the Healthcare Industry in a new business focussed position. The Healthcare Business Development Manager will have Current/Recent experience working for an IT managed services business/solutions provider. Experience delivering £150,000+ GP a year Current/Recent experience winning new healthcare accounts (all accounts won are kept) Flexible working is provided and also uncapped earnings. Apply for more information or call Peter Georgiou on 02086634030. Unfortunately, our client are unable to provide sponsorship so candidates must be UK based (commutable to London). Ref PG7577
- Cyber Incident Response specialist
- Up to £75,000 Base
Cyber Incident Response specialist is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response specialist role is client-facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Senior Incident Response MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and Ediscovery experience is a MUST. An individual must be London commutable and happy to travel, often internationally. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information or call Chris Holt on 07884666351 or 02086634030 or email firstname.lastname@example.org Unfortunately, our client are unable to provide sponsorship for this opportunity. Candidates must be UK based. Ref: CH7578
- Sales Engineer (Telecoms, Ethernet, SDH, MPLS, IP)
- Up to €75,000 + Commission
Sales Engineer / Presales Consultant is needed for this Global Tier 1 carrier. You will be working with Enterprise customers helping to design solutions that solve your their business needs. You will be responsible for working alongside sales providing presales technical consultancy around my client's solutions base. You will be responsible for providing support for new business opportunities in terms of responding to RFIs & RFPs, understanding customer network requirements, high-level network architecture & design (including supplier selection on a global basis) and technical handover to network implementation teams. This is a great opportunity to join a global player who are growing their France based teams. You will require a successful track record in the telecommunications arena ideally from a global tier 1 ISP or network provider, with a demonstrable track record in designing complex enterprise solutions. A Sales Engineer needs to be technically astute and has had experience in the design, presentation, and implementation of Wide Area Networks (WAN). They need to understand a range of Layer 1, 2, and 3 technologies (Ethernet, SDH, MPLS, IP, etc) and build a solution based on the best technology to meet a customer’s requirements. In addition, they should have an understanding and experience in supplementary telecommunications services such as VoIP, Video Conferencing, Cisco and Riverbed hardware, and Security If you have any questions about this role, give us a call on 0044208 663 4030 or contact/send your CV to email@example.com Ref: RA7275