Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019Analysts Predict Attacks in the Cloud Will Continue to Surge This Year
Attacks targeting cloud-based data nearly doubled in 2019 compared to the year before as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report released Tuesday.
Web application attacks on cloud-based data accounted for 43% of all breaches in 2019, according to Verizon. And such attacks likely will become even more common this year as a result of the work-from-home shift during the COVID-19 pandemic, which has led to a shift of applications and data to the cloud, some security observers predict.
"The current state of security is dramatically different today than it was two months ago," says Rick Holland, CISO at the security firm Digital Shadows "I'm very interested to see how the new remote working paradigm impacts next year's report."
Highlights of Report
The 2020 Verizon report analyzed over 32,000 security incidents in 2019, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analyzed in 2018. These incidents reports from 81 countries and 16 business sectors.
Among the report's findings:
- 86% of data breaches were launched for financial gain - up from 71% in 2019;
- Over 80% of hacking incidents involve brute force or the use of lost or stolen credentials;
- 67% of breaches were caused by credential theft, errors and social attacks;
- Less than one in 20 breaches exploit unpatched vulnerabilities.
The report makes clear that the shift to cloud infrastructure and services in 2019 created new areas for attackers to target, with companies still trying to devise better strategies to protect the data that is moving off-premises.
"Cloud breaches involved an email or web application server 73% of the time," the report notes. "Additionally, 77% of those cloud breaches also involved breached credentials. This is not so much an indictment of cloud security as it is an illustration of the trend of cybercriminals finding the quickest and easiest route to their victims."
Jayant Shukla, CTO and co-founder of K2 Cyber Security, believes that misconfiguration errors in cloud services will be a growing cause of breaches in the months to come due to the greater use of the cloud by the remote workforce. He points out that last year's breach of Capital One's computer network involved a zero-day server-side request forgery vulnerability combined with a "configuration error" in its application software (see: Capital One's Breach May Be a Server Side Request Forgery).
"Financial organizations also need to do a better job protecting their web applications," Shukla says. "Patterns in breaches showed that injection vulnerabilities were the most commonly exploited. What's troubling here is, SQL injection and XSS have been commonly listed on the OWASP Top 10 of security risks for web applications, yet organizations still don't have a handle on protection of these vulnerabilities."
With most attacks being conducted as money-making ventures, it's no surprise the report found organized crime accounted for 55% of all 2019 breaches, with nation-state actors accounting for 10%.
Password dumpers were the most common type of malware used in breaches, followed by malware that captures data off apps and ransomware (see: Ransomware: Distraction and Destruction).
On the Horizon
Chris Morales, head of security analytics at security firm Vectra, expects new breach trends to emerge in 2020 as a result of the pandemic's impact.
The threat landscape has "dramatically shifted over the last few months," Morales says. For example, broader use of Zoom and SaaS offerings has opened the door to new threats, he adds.