Bengaluru, NFAPost: There is a spike in misconfiguration (i.e., forgetting to add proper data security controls to a new cloud storage bucket, etc.), misdelivery (sending an electronic file or printed document to an unauthorized or incorrect party) and publishing errors, states Verizon report.
The Verizon Business 2020 Data Breach Investigations Report (DBIR) came up with a three-month analysis on the possible impact of COVID-19 on the data breach landscape has shed light on an increasing number of threat actors worrying cyber-security specialists.
“As we stated ad nauseam in the DBIR this year, one action that occurs all too frequently is human error. We define error as encompassing anything done (or left undone) incorrectly or inadvertently. Errors can range from omissions and programming errors to trips and spills,” stats Verizon.
These error types are typically due to carelessness and/or hurry on the part of a system administrator or regular end user, depending on the error type.
Heavy workloads
Verizon report finds that 0ne result of COVID-19 is that many organisations are operating with a reduced number of staff due to illness or furlough and/or with staff who have limitations due to their remote status.
“At the same time, these organizations are often experiencing unusually heavy workloads with a much higher reliance on new and unfamiliar solutions that need to be deployed quickly. Add in the distraction of sheltering in place with family members, including children, and it would be remarkable if errors did not increase dramatically,” states the report.
The DBIR shows that over 80% of breaches within the hacking category are caused by stolen or brute-forced credentials. The majority of the time, these occur via web apps and/or the cloud. Since businesses are forced to lean on SaaS platforms more heavily now than at any time since the internet was invented by Al Gore, we expect this increased reliance to substantially widen the attack surface for bad actors looking for stolen and brute-forced creds. After all, there will be more places to use them than ever before.
The Verizon Business study reviewed 474 data breach incidents from March – June 2020 based on contributor data, publicly disclosed incidents and Verizon’s own observations drawn from its collective years of experience. It focuses on 36 confirmed data breaches which were identified as being related directly to the COVID-19 pandemic.
Cloud-based storage
Commenting on the report, Verizon Business Head of Solutions Prashant Gupta in view of the COVID19 pandemic, many large and small organisations have adopted new technologies such as software- as-a-service (SaaS) solutions, increased cloud-based storage and the use of third-party vendors in record time to continue to support their customers.
“While the SaaS solutions mentioned above, or the cloud itself, are not inherently less secure, however the concern arises from the fact that due to the conditions the pandemic has created, most organizations are adopting them in a hurried fashion, and they are often forced to do so while relying on fewer resources in terms of both personnel and revenue thereby multiplying the risk,” said Verizon Business Head of Solutions Prashant Gupta
Increasing number of commonly seen threat actors
Increase in Error — The Verizon Business 2020 Data Breach Investigations Report (DBIR) outlined that almost a quarter of all breaches were due to human error and this trend continues during the pandemic. This is due in part to organizations operating with a reduced number of staff due to illness, redundancies and/or with staff who have limitations due to their remote status. At the same time, these organizations are often experiencing unusually heavy workloads with a much higher reliance on new and unfamiliar solutions that need to be deployed quickly.
Stolen credential-related hacking — The DBIR shows that over 80 percent of breaches within the hacking category are caused by stolen or brute forced credentials. During the pandemic, this is now being exacerbated by the large number of employees working from home and the maintaining external workstations for remote access, leaning on SaaS platforms. Business IT departments are being challenged to secure company assets on the corporate network while the majority of the workforce is out of the office.
Phishing — In order to utilize stolen credentials, an attacker must first be able to obtain them and phishing remains one of the most commonly used methods. Prior to COVID-19 the 2020 DBIR flagged that credential theft and social attacks such as phishing and business email compromises were at the root of the majority of breaches (over 67 percent) and this trend has continued. Specific terms in combination with “COVID” or “CORONAVIRUS,” such as “masks,” “test,” “quarantine” and “vaccine” were found to be widely used within the time period. In March, a phishing simulation, conducted by a DBIR contributor, performed on approximately 16,000 people found that almost three times as many people not only clicked through a phishing link, but also provided their credentials to the simulated login page.
When it comes to creating a lure for the phishing attacks, one of the main methods an attacker can use to create an air of legitimacy (aside from sending email from a trusted person) is leveraging domains that resemble a trusted source. While we do find these types of substitutions in the regular threat intel data we analyzed, we did not find many instances of them in the COVID-19-specific data. What we did find was the gratuitous use of specific terms in combination with “COVID” or “CORONAVIRUS,” such as “masks,” “test,” “quarantine” and “vaccine,” as seen in Figure 1.
Hyderabad Security Cluster Founding Father Dr Zaki Qureshy said businesses need to start taking far greater responsibility in protecting their technology infrastructure.
“From deploying more robust security protocols to ensuring timely data breach disclosure policies. Once you lose public confidence, gaining that credibility back can often be an uphill task,” said Hyderabad Security Cluster Founding Father Dr Zaki Qureshy.
In the 2020 report, Verizon aligned its findings with the Center for Internet Security (CIS) Critical Security Controls. The report recommends that organisations take a closer look at the following CIS Controls:
- Critical Security Control 12: Boundary Defense
- Critical Security Control 9: Limitation and Control of Network Ports, Protocols and Services
- Critical Security Control 16: Account Monitoring
At the end of the day, the “we are all in this together” mantra that we have heard so often during this crisis is not only an effective marketing slogan, but it also happens to be true. In some ways, we are navigating uncharted waters, but we do feel strongly that we can set a more productive course for where we are going by looking at where we have been.
The Verizon Business 2020 Data Breach Investigations Report, analysed 32,002 security incidents, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analysed last year. These cases came from 81 global contributors from 81 countries including the Government of Telangana and the Hyderabad Security Cluster.
Verizon Communications Inc was formed on June 30, 2000 and is celebrating its 20th year as one of the world’s leading providers of technology, communications, information and entertainment products and services.
Headquartered in New York City and with a presence around the world, Verizon generated revenues of $131.9 billion in 2019. The company offers data, video and voice services and solutions on its award winning networks and platforms, delivering on customers’ demand for mobility, reliable network connectivity, security and control.
