Satnam Narang, Staff Research Engineer, Tenable says, “The motivation of cybercriminals is primarily financial.”
Verizon recently released its 2020 Data Breach Investigations Report (DBIR). Satnam Narang, Staff Research Engineer at Tenable says, The findings in the Data Breach Investigations Report (DBIR) 2020 show that while attack vectors may fluctuate over time, cybercriminals often set their sights on low-hanging fruit. Zero-days may garner most of the attention, but foundational cyber hygiene issues enable most breaches. The motivation for cybercriminals is primarily financial.
As the Cybersecurity and Infrastructure Security Agency (CISA) recently underscored in a recent report about the top 10 routinely exploited vulnerabilities, cybercriminals focus their efforts on exploiting unpatched vulnerabilities. It’s a cost-effective measure that provides the most bang for the buck because they don’t have to spend the capital needed to acquire zero-day vulnerabilities when there are so many unpatched systems to take advantage of. As the DBIR notes, even if a newly-discovered vulnerability wasn’t patched in a network, those same systems would likely also be vulnerable to a plethora of other vulnerabilities, which signifies a lack of basic cyber hygiene.
Ransomware increased by 2.6% from last year, landing at number three in the most common malware breach variety, while also taking the number two spot for most common malware incident variety, according to the DBIR. What’s changed in that time is that ransomware isn’t solely devoted to encrypting files anymore.
Cybercriminals have escalated their attacks to another level, siphoning off sensitive information from organizations whose files they’ve encrypted. These cybercriminals threaten to publish this sensitive information, often publicly, sharing a teaser of files from organizations they’ve compromised. The belief is that naming and shaming these victims would encourage them to pay the ransom demand, and in many cases, that’s proven to be true.
Another notable finding is that Web Applications attacks came up top across both incidents and confirmed breaches in APAC. This is often fuelled by the exploitation of some of the most common vulnerabilities, such as SQL injection or PHP injection flaws. As more and more businesses have migrated to the cloud, their attack surface increases, especially with respect to web applications. The DBIR notes that, overall, web applications along with email application servers were involved in 73% of cloud breaches, while most of those were the result of breached credentials.
Also in the APAC segment, it’s interesting to see Miscellaneous Errors in third place primarily due to carelessness. It highlights the fact that not all threats are external. Some dangers come from within the organization and are typically more challenging to resolve because they come from what would normally be considered a trusted entity. While educating employees to monitor for malicious or anomalous activity is important, the onus is on the organizations to strengthen security.