Threat Actors Target Cloud Data Doubling Web Application Attacks

The Verizon Data Breach Investigations Report for 2020 indicates that malware attacks are dropping because threat actors target data stored in the cloud. Verizon has been producing a report for 13 years. This year’s report includes an analysis of 32,002 security cases and 3,950 validated data breaches from 81 contributors located in 81 countries around the world.

The report explains that the primary motivating factor for running attacks is financial gain. Here are some relevant statistics:

  • 86% of all security breaches were financially inspired
  • 70% were because of external actors
  • 55% were performed by cybercriminals
  • 22% were caused by human error
  • 25% were caused by phishing and other social engineering attacks
  • 37% were caused by brute-forcing of weak credentials
  • 67% were caused by credential theft

Only 20% of breaches were because of the exploitation of vulnerabilities. It is worth noting that it is a lot easier to perform attacks by means of stolen credentials instead of exploiting vulnerabilities. This is the reason for the fairly low number of vulnerability-related attacks and it’s not due to the fact that organizations are patching vulnerabilities quickly.

The simplicity of performing attacks utilizing stolen passwords or brute-forced credentials made malware attacks less widely used. That said, ransomware is showing to be an appealing choice, with increasing malware-related attacks from 24% to 27% of all breaches.

There was a considerable rise in web application attacks in the last 12 months, which increased twofold to 43% of all breaches. 80% of those breaches were associated with credential theft. With many more organizations transmitting their information from established domain controllers and internal infrastructure, it is not surprising that there was a big increase in attacks online.

The information gathered for the report does not cover the period of the COVID-19 public health emergency, when a lot of organizations sped up their cloud migration plans to enable more workers to work from home. It is very likely that the report next year will see a greater percentage of attacks on cloud data.

Tami Erwin, CEO of Verizon Business, states that with the increase of remote working during the global pandemic, end-to-end security covering the web up to employee PC becomes very important. In addition to safeguarding their systems from attack, all organizations should continue employee education as phishing schemes are increasingly sophisticated and malicious.

Cyberattacks and Insider Breaches in the Field of Healthcare

Financially inspired cyber attacks accounted for 88% of all healthcare breaches, the majority of which involved ransomware. 4% of healthcare cyberattacks were performed for pleasure and 3% were done due to convenience.

Verizon reports a substantial number of healthcare data breaches in the last 12 months. The report last year listed 304 healthcare data breaches, however, this year’s report covered 521 breaches. The most common type of attack on healthcare providers is crimeware, which includes ransomware and malware. Just as in other industry sectors, the attacks on cloud applications are growing.

The healthcare industry generally has a higher than the average number of cases of privilege misuse. Such involves insiders that have access to sensitive and abuse their access rights to commit theft or misuse of data. With so many employees with authorized access to patient records and its big value on the black market, this is expected.

This year’s report has some wonderful news though. It’s the first time that privilege misuse is not among the top three causes of healthcare data breaches. This is part of a pattern that can be seen across all fields of industry, which indicates that employees are more mindful about accessing data without permission and healthcare organizations are better able to protect data.

Another good news is a lower number of breaches involving multiple actors, which typically refer to a third-party, for instance, an identity thief partnering with an insider who gives the data. In the 2019 report, multiple actors were involved in 4% of breaches whereas in 2020 the percentage slipped to 1%. The percentage of breaches due to internal actors vs external actors likewise changed considerably. In the 2019 report, internal actors caused 59% of healthcare breaches and external attackers caused 42% of breaches. This year’s report finds that internal actors are to blame for 48% of breaches with external actors account for 51% of breaches.

This year, the top reason behind healthcare breaches were miscellaneous errors and web application breaches. Miscellaneous breaches were brought about by misdirection, or the sending of emails not to the correct recipients and mass mailings that deliver the letters to the wrong patients, like when a mail merge error happens.