This blog had been published at www.keepnetlabs.com.
The data breaches continued with rapid pace in 2019, jumping to over 3,800 breaches in the first six months. This characterises a 50% or more upsurge over each of the prior four years.
According to a report published by Cyber Risk Analytics (2019), “The interest in user credentials is the key”. Phishing and other social engineering techniques have produced results for cybercriminals. “Troves of username and password combinations continue to become available on forums and file sharing sites while phishing for access credentials – a perennially popular method for gaining access to systems and services – has surged in recent months, proving once again that tried and true social engineering techniques still produce results for attackers. 1
Moreover, according to this report, the attackers have aimed to get different data types like order history or a customer’s interests instead of only targeting sensitive information like banking details or Social Security numbers. These data are especially useful for creating spear-phishing campaigns. “The breach at Bodybuilding.com is a prime example of this trend. In July of last year, malicious actors gained access to the company’s systems thanks to a successful phishing email. Hackers were able to move about the system for approximately eight months, potentially accessing data ranging from customers names and addresses to profile details and order history…. Incidents like the breach at Bodybuilding.com also explain why the Miscellaneous data type is growing. Should something like order history and customer’s interests be captured in the profile of a breach event? We think so. While not as sensitive as banking details or Social Security numbers, the data can be especially useful for creating targeted phishing campaigns – so much so that organizations are beginning to warn users of the risk. Bodybuilding.com did exactly this, stating in their FAQ’s to customers” .2
Furthermore, variation in the number of reported breaches was less than 200 incidents between 2015 and 2018; however, for the first six months of 2019, the number of breaches increased by 54% compared to the same time in 2018. “Over 1,300 data leaks, mostly exposing email addresses and passwords, were documented in the first half of 2019. Although these tend to be relatively small events, averaging fewer than 230 records exposed per incident, these leaks have contributed substantially to the number of access credentials freely available on the Internet.”3
The number of breaches added by Q2 in the past 8 years.
Unauthorized access of systems or services and skimmers and exposure of sensitive data on the Internet (Web) have been the top three breach types since January of 2018 – despite Tactics, Techniques and Procedures have changed over time but the end results have remained consistent. “Likewise, insider actions, both malicious and accidental, have driven the number of records exposed, with Web and Fraud accounting for over 6.7 billion records exposed over the last 18 months.”4
The number of breaches added for the top five breach types.
The number of records exposed (in millions) for the top five breach types.
The impact has changed according to the type of data exposed. In the report, we witness that most of the data exposed are email(70.5 per cent) and password (64.2 per cent).5
The percentage of breaches that exposed a particular data type.
According to the report, the majority of incidents are the result of the attacks of outsiders, however, “more and more sensitive data is exposed when insiders fail to properly handle or secure the information. Case in point misconfigured databases and services – 149 of the 3,813 incidents reported this year – exposed over 3.2 billion records”. 6
Distribution of the attack vector, broken down by the type/motivation of attack.
Not any business “safe” from a cyber attack or a breach, however, some industries are more proactive the than others when it comes to a data breach. As can be seen from the figure below, organisations on Retail and Technology business are more prone to a data loss the others. Also, the government organisations are have been “safer” the privately held organisations. 7
The number of breaches affecting each business type and sub-type.