Cloud Security , Cybercrime , Fraud Management & Cybercrime

Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019

Analysts Predict Attacks in the Cloud Will Continue to Surge This Year
Verizon: Breaches Targeting Cloud-Based Data Doubled in 2019

Attacks targeting cloud-based data nearly doubled in 2019 compared to the year before as companies shifted more of their valuable information off-premises and misconfigurations and other issues made it more vulnerable, according to the 2020 Verizon Data Breach Investigations Report released Tuesday.

See Also: The Cost of Underpreparedness to Your Business

Web application attacks on cloud-based data accounted for 43% of all breaches in 2019, according to Verizon. And such attacks likely will become even more common this year as a result of the work-from-home shift during the COVID-19 pandemic, which has led to a shift of applications and data to the cloud, some security observers predict.

"The current state of security is dramatically different today than it was two months ago,” says Rick Holland, CISO at the security firm Digital Shadows “I'm very interested to see how the new remote working paradigm impacts next year's report."

Highlights of Report

The 2020 Verizon report analyzed over 32,000 security incidents in 2019, of which 3,950 were confirmed breaches; almost double the 2,013 breaches analyzed in 2018. These incidents reports from 81 countries and 16 business sectors.

Among the report’s findings:

  • 86% of data breaches were launched for financial gain - up from 71% in 2019;
  • Over 80% of hacking incidents involve brute force or the use of lost or stolen credentials;
  • 67% of breaches were caused by credential theft, errors and social attacks;
  • Less than one in 20 breaches exploit unpatched vulnerabilities.

The report makes clear that the shift to cloud infrastructure and services in 2019 created new areas for attackers to target, with companies still trying to devise better strategies to protect the data that is moving off-premises.

"Cloud breaches involved an email or web application server 73% of the time," the report notes. "Additionally, 77% of those cloud breaches also involved breached credentials. This is not so much an indictment of cloud security as it is an illustration of the trend of cybercriminals finding the quickest and easiest route to their victims."

Misconfiguration Issues

Jayant Shukla, CTO and co-founder of K2 Cyber Security, believes that misconfiguration errors in cloud services will be a growing cause of breaches in the months to come due to the greater use of the cloud by the remote workforce. He points out that last year’s breach of Capital One’s computer network involved a zero-day server-side request forgery vulnerability combined with a "configuration error" in its application software (see: Capital One's Breach May Be a Server Side Request Forgery).

(Source: Verizon)

"Financial organizations also need to do a better job protecting their web applications," Shukla says. "Patterns in breaches showed that injection vulnerabilities were the most commonly exploited. What’s troubling here is, SQL injection and XSS have been commonly listed on the OWASP Top 10 of security risks for web applications, yet organizations still don't have a handle on protection of these vulnerabilities."

With most attacks being conducted as money-making ventures, it’s no surprise the report found organized crime accounted for 55% of all 2019 breaches, with nation-state actors accounting for 10%.

Password dumpers were the most common type of malware used in breaches, followed by malware that captures data off apps and ransomware (see: Ransomware: Distraction and Destruction).

On the Horizon

Chris Morales, head of security analytics at security firm Vectra, expects new breach trends to emerge in 2020 as a result of the pandemic’s impact.

The threat landscape has "dramatically shifted over the last few months," Morales says. For example, broader use of Zoom and SaaS offerings has opened the door to new threats, he adds.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.