State-sponsored attacks, cloud storage misconfiguration, ransomware and social threats targeting the C-suite all posed major risks to global organizations over the past 12 months, according to Verizon.
The vendor’s newly released Data Breach Investigations Report 2019 comprises analysis of over 40,000 security incidents and more than 2000 reported data breaches across 180 countries, including FBI data new to this year’s study.
It found that the vast majority (71%) of breaches are still financially motivated, although espionage accounted for a quarter (25%). Many of the latter cases will be down to nation state attacks (23%).
Senior executives were highlighted as a particular security risk in this year’s report, as 12-times more likely to be the victim of a “social incident” and nine-times more likely to be targeted by a social breach than in previous years.
According to Verizon, an incident is “any compromise of confidentiality, integrity, or availability of an information asset,” while a breach is “an incident that results in the confirmed disclosure of data to an unauthorized party.”
Senior leaders are a risk because they often have less time to scrutinize emails for tell-tale signs of a scam, or simply get their assistants to deal with electronic communications. Yet for the attacker, they represent a valuable target, given their privileged account access and approval authority over things like corporate money transfers.
The latter is linked to BEC attacks, which often involve compromising a C-level exec’s account first, before emailing a member of the finance team requesting a large wire transfer. According to the report, BEC accounted for 370 incidents or 248 confirmed breaches of those analyzed.
“A BEC can be an incident, as it compromises the integrity of people making decisions about transferring money, and also a breach, [if] it compromises the login and password to an organizational email account,” Verizon senior information security data scientist, Gabe Bassett, clarified to Infosecurity.
It’s not all about social threats: attackers are also increasingly using stolen credentials to hijack cloud email accounts. In fact, 29% of breaches involved stolen log-ins, reflecting the rise in credential stuffing activity.
Elsewhere, the report revealed that ransomware continues to be a major threat to organizations — accounting for a quarter (24%) of all malware incidents analyzed and ranking second in terms of most-used malware.
However, the threat from cryptojacking has significantly reduced, accounting for just 2% of incidents and not even making it in the top 10 for most-used malware.
Organizations are still doing badly at discovering attacks. In over half (56%) of breach incidents it took “months or longer” before IT teams spotted suspicious activity.
Cloud-based file storage ‘breaches’ exposed at least 60 million records analyzed, accounting for 21% of breaches caused by errors, according to the report.