Reports / Surveys
5,183 data breaches exposed almost 8B records in the first 9 months of 2019
In the first nine months of this year, at least 5,183 data breaches occurred, a 33% increase compared to the same period last year, a new report by Risk Based Security indicates. These incidents exposed nearly 8 billion (!) records in total, more than twice the amount of records exposed in the first 3 quarters of 2018 and a 13% increase over this period in 2017, which previously held the record. While more than 3 in 4 (76%) breaches involved threat actors obtaining unauthorized access to systems, the vast majority of exposed records (85%) were the result of data leaks related to misconfigurations affecting databases, backup systems, endpoints and other services. At least 87% of breaches were caused by people outside of the affected organization, while 11% resulted from the mistakes of employees (68%) or the actions of malicious insiders (14%).
DDoS attacks increased by 241% in Q3 2019
In the third quarter of this year, the number of distributed denial-of-service (DDoS) attacks surged by 241% year-over-year (YoY), according to a recent Neustar study. Small attacks generating up to 5 Gbps in malicious traffic accounted for 81% of attacks, compared to 69% last year. Because of this, the average attack size decreased by 28% from 10.5 Gbps in Q3 of 2018 to 7.6 Gbps in Q3 of this year. The rise of smaller attacks has to do with the fact that these are easier to carry out and less likely to get detected, enabling threat actors to disrupt targets for longer periods of time, which ultimately can do more damage than highly powerful yet short-lived attacks.
Organizations need nearly a full week to respond to cybersecurity threats
A new CrowdStrike report shows that companies need 162 hours on average (almost a full week) for detecting, triaging, investigating and containing a cybersecurity incident. The industry standards of 1 minute for detection, 10 minutes for investigation and 1 hour for containing the threat are achievable for a just 11%, 9% and 33% of organizations, respectively. A mere 5% of firms could meet all 3 standards. Moreover, these numbers may actually be inflated since they are based on the estimates of IT and security staff, rather than on recorded response times.
Ransomware accounts for 54% of email-based malware
In the first half of this year, ransomware was the most common payload in malicious emails, accounting for more than half of all attacks of this kind, recent research by Group-IB found. The breakdown of email-based malware in H1 2019 is:
- Ransomware (54%, up from 14% last year)
- Banking Trojans (22%, down from 33% last year)
- Backdoors (16%, down from 22% last year)
- Loaders (4%, down from 24% last year)
- Unwanted software (3%, down from 4% last year)
- Cryptomining malware (1%, down from 3% last year)
71% of email-based malware was distributed via attachments, more than 80% of which contained archive files. The remaining 29% of malicious messages urged users to click on URLs that led to malware.
1 in 3 SMBs ignorant of risks from staff using business devices for online shopping
82% of small to mid-sized business (SMB) executives in a recent AppRiver survey[pdf] expect many of their staff members to use their work computer or a business-use device for online shopping this holiday season. Shockingly, 32% of respondents did not realize that this represents a serious security risk to their firm, even though about half (49%) acknowledged that their employees are unlikely to be able to tell fraudulent e-commerce websites apart from legitimate ones.
Freaky Infosec Fact of the Week
Seemingly benign apps could control the camera of millions of Android devices even when they were locked.
Researchers with Checkmarx recently discovered a flaw in various highly popular Google and Samsung devices that could enable threat actors to distribute seemingly innocent apps capable of completely hijacking a device’s camera, even when the phone was locked.
What You Can Do
The statistics that compare today's data breaches with last year's indicate that organizations need increased visibility within their network environment. It should be safe to assume that many of organizations breached nowadays at one point thought they would never become a victim. When discussing cybersecurity with many organizations, especially smaller ones, one of the most common assumptions is that an attacker would never target them because they're too small and have nothing of value.
This can't be further from the truth.
In many cases (not all!), attackers may target whoever is vulnerable and just invest more time in those that may hold valuable data. That's not to say that you should be safe; just reordered on the data breach priority list.
Statistics also show that 11% of organizations believe that they are able to detect and contain a cybersecurity incident within one minute. Unless your organization has demonstrated attack simulations, there is no way to confirm such information. If an attacker targeted your organization tomorrow, would you be prepared? How long would it take? Consider performing a penetration test to see when and even if your organization would ever detect an active attack.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io