Corporate espionage is on the rise as a motivation for cyberattacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months.
However, financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealing funds still represented 12 percent of data-breach incidents, and most cyberattacks overall were motivated by financial gain.
That’s according to Verizon’s 2019 Data Breach Investigations Report (DBIR), released Wednesday, which analyzed more than 41,000 cybersecurity incidents and over 2,000 data breaches from 86 countries. It also found that, unfortunately, half of organizations are taking months or longer to discover breaches – a “dwell time” average that improves the chances of adversaries making off with key intellectual property or credentials, or siphoning funds.
“The time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes. Conversely, the time to discovery is more likely to be months,” according to the report.
Verizon also noted that discovery time is very dependent on the type of attack in question. For instance, with payment-card compromises, discovery is usually based upon the fraudulent use of the stolen cards (typically weeks or months), while a stolen laptop will usually be discovered much more quickly.
“This year’s report shows cybercriminals are choosing to take a subtler approach [than in the past],” Fraser Kyne, EMEA CTO at Bromium, said in an emailed statement. “Hackers don’t want to announce their presence anymore – as they would with noisy ransomware attacks. Instead, they silently gain access to conduct reconnaissance, insert backdoors, escalate privileges and exfiltrate data. The longer…the time a hacker has unauthorized access to systems – the more dangerous the attack can be.”
The way cyberattackers infect the network is also changing; executives are six times more likely to be a target of social engineering than they were only a year ago, the report found; and, C-level executives are 12 times more likely to be the target. This is proving successful for the bad guys, especially when it comes to business email compromises (BEC represented 370 incidents or 248 confirmed breaches of those analyzed).
This can be linked to the unhealthy combination of a stressful business environment combined with a lack of focused education on the risks of cybercrime, Verizon noted.
“A successful pretexting attack on senior executives can reap large dividends as a result of their – often unchallenged – approval authority, and privileged access into critical systems,” according to the report. “Typically time-starved and under pressure to deliver, senior executives quickly review and click on emails prior to moving on to the next (or have assistants managing email on their behalf), making suspicious emails more likely to get through.”
At the same time, attacks on HR personnel have decreased from last year, with six times fewer HR employees being targeted; this correlates with W-2 tax form scams almost disappearing from the DBIR dataset, the report pointed out.
Overall, while outsider threats remain dominant, leading 69 percent of breaches, insider-initiated incidents account for 34 percent. Many of these are inadvertent accidents rather than malicious; publishing errors in the cloud for instance are increasing year-over-year, with misconfiguration of cloud-based file storage accounting for 21 percent of data exposures that were caused by errors. Cloud storage mishaps exposed a whopping 60 million records in the DBIR dataset.
Also notable in the report is the fact that the last year has seen a substantial shift towards compromise of cloud-based email accounts via the use of stolen credentials (with compromises almost doubling, by 98 percent). In fact, stolen credentials were seen in 60 percent of attacks involving hacking a web application. That in turn has created a significant conduit for exposing personal data, the report said.
“Enterprises are increasingly using edge-based applications to deliver credible insights and experience. Supply chain data, video and other critical – often personal – data WILL be assembled and analyzed at eye-blink speed, changing how applications utilize secure network capabilities,” said George Fischer, president of Verizon Global Enterprise, in a media statement. “Security must remain front and center when implementing these new applications and architectures.
Meanwhile on the malware front, the report found that ransomware attacks are still going strong, accounting for nearly 24 percent of incidents where malware was used. On the other hand, cryptomining attacks barely registered in the findings, accounting for only 2 percent of incidents.
Outside of the overall findings, different verticals face different challenges, according to the report. For instance, in the education space, there was a noticeable shift towards financially motivated crime, which represented 80 percent of the incidents. Meanwhile, 35 percent of all breaches were due to human error, and approximately a quarter of breaches arose from web application attacks, most of which were attributable to the use of stolen credentials used to access cloud-based email.
Meanwhile, healthcare is the only sector where insider threats cause more incidents than external attacks (60 versus 42 percent respectively). Unsurprisingly, medical data is 18 times more likely to be compromised in this industry, and when an internal actor is involved, is it 14 percent more likely to be a medical professional such as a doctor or nurse.
In manufacturing, financially motivated attacks outnumber cyberespionage as the main reason for breaches, and this year by a more significant percentage (68 percent); in the public sector, where APTs thrive, cyberespionage was unsurprisingly on the rise; to boot, nearly half of all breaches (47 percent) were discovered years after the initial attack. And finally, in retail, point-of-sale (PoS) compromises have decreased by a factor of 10, while web application incidents are now 13 percent more likely to happen in this vertical.
“Every year we analyze data and alert companies as to the latest cybercriminal trends in order for them to refocus their security strategies and proactively protect their businesses from cyber threats,” said Bryan Sartin, executive director of security professional services at Verizon, in a media statement. “However, even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime.”