Información

Since 2019, Web Application attacks have increased significantly, both in terms of percentage and raw number of incidents. This is one that organizations in this industry should keep an eye out for, as adversaries are dividing their effort equally between utilizing web exploits and stolen credentials to gain access to your web applications. Considering this vertical has a high dependence on external services and the internet, one shouldn’t be too shocked to learn that this industry has a higher percentage of web application exploitations than other industries. However, based on our non-incident data, Information also has one of the highest percentages of vulnerability patching completed on time (Figure 73).

An anthem to errors

Errors are everywhere and the technical wizards that run our information infrastructure are not immune. This is why Errors are the second most common type of breach, maintaining relatively similar levels to previous years (this is not an area where consistency is a good thing). Misconfigurations are by far the most common type of errors, and largely relate to databases or file storages not being secured and directly exposed on a cloud service. These are the types of incidents that you hear security researchers discovering through simple trawling of the internet to see what’s exposed. The optimist in us hopes that as these new technologies become more commonly used, people will stop (or at least slow down) making these types of mistakes. On the other hand, the realist in us wouldn’t put any money on it.
 

You, sir, are a phish

Technical issues are not the only thing impacting this technology-based sector. Organizations in this vertical have fallen prey to the same type of social engineering attacks that affect everyone else. Most of these attacks fall into our Everything Else pattern and account for 16% of the breaches we saw in 2019. In terms of social attacks, there is a relatively even split between phishing and pretexting (the bad guy just asks for information via email or uses some existing conversation in order to make a more convincing request). One of the common techniques we’ve seen is the use of typo-squatted domains of partners that are used to send existing email threads or request an update to a bank account.
 

Fast speeds and full bandwidths

Big interweb pipes are a key part of this industry since consumers demand that videos load fast and website content gets updated at the speed of an unladen European swallow. Unfortunately, cybercriminals know how important that is, and have been persistently targeting this industry with DoS attacks to disrupt their services and capabilities. The 2019 data showed continued growth in terms of the percentage of DDoS incidents (Figure 74). Not only does this industry get targeted more than a red barrel in a first-person shooter, they’re also facing attacks with the second highest median BPS—meaning these attacks tend to pack a punch. Unfortunately for many companies, these attacks often need a helping hand to mitigate, so it helps to have a Player 2 in your corner.