Today's attackers are taking greater advantage of human factors, with more exploitation of errors such as misconfiguration and misdelivery, Verizon's "2020 Data Breach Investigation Report" (DBIR) finds. Errors, along with credential theft and social attacks, made up 67% of breaches.
Researchers analyzed a total of 32,002 security incidents to create this year's DBIR. Of these, 3,950 were confirmed breaches. The majority (72%) affected large enterprise victims; 28% involved small business victims. Seventy percent of breaches came from external attackers; 30% involved internal actors. Organized criminal groups were involved in more than half (55%).
Attackers continue to go where the money is: 86% of breaches were financially motivated, and only 10% were linked to espionage. Advanced threats made up only 4% of breaches overall.
While the "who" and "why" behind most breaches are clear, the "how" presents more variety. Hacking remains a top threat: 45% of breaches leveraged hacking; of these, more than 80% involved brute force or use of lost or stolen credentials. More than 20% involved malware, a category that saw password dumpers as the most common variety, followed by "capture app data" in second and ransomware in third. Most malware is still delivered via email, with some arriving via web services. Office docs and Windows applications remain attackers' malware filetype of choice.
Social attacks were included in 22% of breaches, which Bryan Sartin, Verizon's executive director for global security services, considers a "tectonic change" and reflects attackers' tendency to exploit human mistakes. About a year ago, Verizon experts anticipated a steady three-year increase in human-factor issues like social engineering and credential stuffing. And while malware has declined from 28% usage in last year's DBIR to 17% in this year's, the gro ..
Support the originator by clicking the read the rest link below.
