Social engineering attacks, compromise of web-based email accounts using stolen credentials, denial of service (DoS) attacks and ransomware threats are all on the rise, according to the new Verizon 2019 Data Breach Investigations Report. The report, released today, is a comprehensive survey of the data breach landscape. This year, it analyzed 41,686 security incidents, and 2,013 confirmed breaches from 86 countries.
While some types of attacks have increased and others decreased, there are some general trends that emerged, according to Gabriel Bassett, an information data scientist at Verizon and one of the contributing authors of the DBI.
“Hackers want a quick and easy win, so they go for attacks like social engineering attacks and ransomware, where they literally just ask for money,” he said. Ransomware, the No. 2 ranked malware action variety for incidents this year, accounts for 24% of cases. The report notes that ransomware is an efficient and easy win for hackers, with relatively low risk.
Another area where hackers find they have to do relatively little for a big payoff is by using stolen credentials to compromise cloud-based email accounts. The report found that compromise of web-based email accounts using stolen credentials rose to 16% of all breaches this year, from just 3% last year.
“Credentials are easy to attack by using tactics like credential stuffing, where attackers use a botnet to systematically try logins and credentials they have stolen everywhere,” Bassett explained. “They try them against banks, cloud service providers, retail sites—everywhere. If those credentials work in your cloud-based email service, they will get it.”
The new report also found that:
- Users are more susceptible than ever to social attacks, email-based spear phishing and spoofing attacks they receive on mobile devices. The authors concluded that part of the reason is the design of mobile devices, along with how users interact with them.
- External threat actors are still the primary force behind attacks (69% of breaches), while insiders are responsible for 34%.
- Organized criminal groups are responsible for 39% of breaches.
- One quarter of all breaches are associated with espionage.
But the news wasn’t all bad. The report found that W2 scams have dropped dramatically, and six times fewer human resources personnel have experienced attacks. In addition, the use of chip and pin payment technology has begun to yield some promising results, including fewer physical terminal compromises in payment card-related breaches.
So what to do about the data breach vectors that continue to present big challenges, like ransomware, social engineering attacks, and compromise of cloud-based email accounts using stolen credentials?
While the methods for addressing these breaches differs, it comes down to making it more difficult and less financially lucrative for hackers.
“Start by thinking about breaches in a different way—by the number of steps attackers take. The fewer steps attackers have to take, the easier it is for them,” Bassett explains. “So it's about figuring out how to push attackers back to take more steps. That will lower their return on investment and price them out of the market.”
Protecting cloud-based email accounts, for example, would greatly benefit from two-factor authentication, which forces attackers to spend more time for less potential payoff. Bassett also recommends disabling the IMAP protocol and other legacy services.
“You don’t need IMAP anymore, but a lot of cloud servers provide these legacy services to help ensure backwards compatibility,” he said. “So even if a website requires two-factor authentication, it might waive that requirement if somebody was trying to log into your account using one of these older services built before two-factor authentication was important.”
To protect against social engineering attacks, IT professionals can block employees from clicking on macro-enabled Office documents, Windows executables and most links on the email gateway. Another important step is to encourage reporting. The Verizon report found that for the first hour after a user clicks on a phishing email, most of them report it, but reporting dies off, even as clicks still occur, as much as a week later. By encouraging and making it easy for employees to report phishing emails, organizations prevent others from being impacted by it up to a week later.
To help prevent ransomware, Bassett recommends requiring employees who deal with the outside world to use a sandbox platform. That way, even if they open an email with ransomware, it’s unlikely to infect that system or spread within the organization.