Verizon has released its Data Breach Investigations Report (DBIR) for 2019. The twelfth iteration of the DBIR compiles data from almost 42,000 security incidents and more than 2,000 data breaches across 86 countries. This summary provides some key takeaways from the report, which covers tactics, techniques and procedures (TTPs); metrics and trends across the current security landscape broken down by industry in excellent detail.
Financially motivated attacks continue to dominate the security landscape, comprising about 70 percent of attacks.
- Espionage-related attacks make up most of the remainder.
Mobile users are more vulnerable than desktop users.
- Whether it’s phishing, social media, email, etc., mobile users tend to click through to compromised resources more than desktop users, likely partially because of UI design.
C-level executives are being targeted much more than in previous years:
- Executives were 12x more likely to be targeted in social incidents.
- Executives were 9x more likely to be the target of social breaches.
- Security incidents and data breaches compromising executives rose by an order of magnitude.
As services (and valuable/sensitive data) move to the cloud, attackers are following.
- Increases in compromise of cloud-based servers using stolen credentials have increased as more target data resides on those servers.
HR is less of a target than in prior years.
- Attacks on HR personnel dropped by about 80 percent from last year.
- W-2 tax form scams almost entirely disappeared from the landscape this year.
Nation state-affiliated incidents and breaches are on the rise.
- Nation state-affiliated actors are cutting into the market share previously occupied by organized crime actors.
- Nation state-affiliated actors were identified as being involved in 23% of breaches this year.
Email is still the main delivery vector for malware in almost every industry demographic.
- In every industry—except education, which is dominated by web-based attacks—more than 90 percent of malware delivery involved email.
- Web-based delivery for all non-education industries was found in less than 21 percent of cases.
Office docs are still the most common file vector. However, this is much more industry-specific.
- Office docs were used in 75 percent of financial industry attacks but only 38 percent of manufacturing industry attacks.
Attack vectors when breaching servers versus desktop environments vary both by device type and function.
- Server hacks tend to use stolen credentials and tend to focus on mail servers.
- These stolen credentials are usually obtained via phishing.
- Among non-mail server attacks, the most common breaches occur on database systems and are accomplished via privilege abuse.
- Desktop attacks are more likely to use social engineering + malware.
- The malware usually comes with backdoor and/or command-and-control (C2) ability, as well as keyloggers and spyware.
- Phishing remains the most utilized attack vector for malware delivery.
*** This is a Security Bloggers Network syndicated blog from Swimlane authored by Nick Tausek. Read the original post at: https://swimlane.com/blog/verizon-dbir-2019-highlights/