Cloud misconfigurations, business email compromise (BEC) and intellectual property theft are all up in the Verizon DBIR 2019 from last year. From a Threat Post article:
“Financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealing funds still represented 12 percent of data-breach incidents, and most cyber-attacks overall were motivated by financial gain.
That’s according to Verizon’s 2019 Data Breach Investigations Report (DBIR), released Wednesday, which analyzed more than 41,000 cyber-security incidents and over 2,000 data breaches from 86 countries. It also found that, unfortunately, half of organizations are taking months or longer to discover breaches – a “dwell time” average that improves the chances of adversaries making off with key intellectual property or credentials, or siphoning funds. “The time from the attacker’s first action in an event chain to the initial compromise of an asset is typically measured in minutes. Conversely, the time to discovery is more likely to be months,” according to the report.
Verizon also noted that discovery time is very dependent on the type of attack in question. For instance, with payment-card compromises, discovery is usually based upon the fraudulent use of the stolen cards (typically weeks or months), while a stolen laptop will usually be discovered much more quickly.”
“This year’s report shows cybercriminals are choosing to take a subtler approach [than in the past],” Fraser Kyne, EMEA CTO at Bromium, said in an emailed statement. “Hackers don’t want to announce their presence anymore – as they would with noisy ransomware attacks. Instead, they silently gain access to conduct reconnaissance, insert backdoors, escalate privileges and exfiltrate data. The longer…the time a hacker has unauthorized access to systems – the more dangerous the attack can be.”