Hackers increasingly tailor attacks for high-value people
C-Suite targeted in social engineering attacks, as misconfiguration dogs admins, find latest Verizon report
14 May 2019 | 0
Cyber criminals are increasingly targeting C-level executives with tailored attacks employing social engineering, according to the 2019 Verizon Data Breach Investigations Report (DBIR).
The report also found the compromise of Web-based e-mail accounts using stolen credentials has risen significantly and is now seen in almost two thirds of attacks involving hacking a web application.
One quarter of all breaches are still associated with espionage, the report states, while ransomware attacks are still strong, accounting for 24% of the malware incidents analysed, which ranks it as #2 in most-used malware varieties.
The twelfth annual DBIR report includes data from 73 contributors, the highest number since launch, with analyses 41,686 security incidents, and 2,013 confirmed breaches from 86 countries. It also features, for the first time, new analysis from the US Federal Bureau of Investigations (FBI) Internet Crime Complaint Centre (IC3), on the impact of Business Email Compromises (BECs) and Computer Data Breaches (CDBs).
“Financial gain is still the most common motive behind data breaches where a motive is known or applicable,” says the report. “This continued positioning of personal or financial gain at the top is not unexpected. In addition to the botnet breaches that were filtered out, there are other scalable breach types that allow for opportunistic criminals to attack and compromise numerous victims.”
“Breaches with a strategic advantage as the end goal are well represented,” the report finds, “with one-quarter of the breaches associated with espionage. The ebb and flow of the financial and espionage motives are indicative of changes in the data contributions and the multi-victim sprees.”
HR fall off
With the specific targeting of high value individuals, the report found that attacks on human resource (HR) personnel have decreased from the previous year. It found that six times fewer HR personnel being impacted compared to last year, correlating with certain tax form scams almost disappearing from the dataset.
Ransomware attacks are still going strong, the report says, and they account for nearly a quarter (24%) of incidents where malware was used. Ransomware has become so commonplace, it says, that it is less frequently mentioned in the specialised media unless there is a high-profile target.
By contrast, crypto-mining attacks were hardly existent, despite what the report refers to as ‘media hype’. These types of attacks were not listed in the top 10 malware varieties, and only accounted for roughly 2% of incidents.
Outsider threats remain dominant, as external threat actors are still the primary force behind attacks (69% of breaches) with insiders accounting for just over a third (34%).
Phishing has declined in both incidence and effectiveness, the report finds, with the number of effective clicks falling from double digits in previous years to 4% recently, and now down to 3%.
When combined with the increase in specifically targeted attacks, and the rise of social engineering as a component, Neal Maguire, investigations manager, Verizon, says it points in a specific direction.
“What you can get out of this is that the attackers are being a lot more targeted about who they go after and they are using more sophisticated tactics in terms of the social engineering to go after those,” said Maguire.
Social engineering swing
According to Maguire, another point of note was the changes over time in some of the major trends. He said that in previous years, from 2013 to 2018, trend swings were often of the order of 5% or so, whereas in the period, social engineering has swung a massive 18%.
“That’s clearly a marker of where the change is,” said Maguire, “a marker of the changing tactics. A marker that human beings are the hackable considerations that need to be factored in, and no matter all the technology and process you put in place, education and governance are still absolutely critical and fundamental.”
Administrative errors in systems administration also saw a spike, Maguire says.
Overall, errors were a casual factor in 21% of all breaches, up from 17% in the previous report.
Maguire argues that this is related to the growth in cloud security and securing workloads which run on public infrastructure. “How do you secure your workload in the cloud, how do you put governance around migrating thousands of workloads out to the cloud? Things like misconfiguration and error are notable in the course for a lot of these breaches – just people posting, by accident.”
An example is cited of an incident where some 60 million files were compromised “because people are inadvertently putting stuff out into cloud environments that they should not be doing,” said Maguire.
This may also be indicative of a deeper issue when organisations engage with such services, he argues. Many customers engaging in cloud-based security discussions have a limited understanding of exactly what of their company’s digital assets exist in which cloud platforms – which ones should be there and which should not.
“There are different things out there on the market place that you can imbed into your data or to your workload to check for the integrity of the data and changes to that,” Maguire advises.