Transportation and Warehousing

Resumen 

Financially motivated organized criminals utilizing attacks against web applications have their sights set on this industry. But employee errors such as standing up large databases without controls are also a recurring problem. These, combined with social engineering in the forms of phishing and pretexting attacks, are responsible for the majority of breaches in this industry.

Frecuencia

112 incidents, 67 with confirmed data disclosure

Top Patterns 

Everything Else, Web Applications and Miscellaneous Errors represent 69% of breaches.

Threat Actors

External (68%), Internal (32%) (breaches)

Actor Motives

Financial (74%—98%), Espionage (1%—21%), Convenience (0%—15%) (breaches)

Data Compromised 

Personal (64%), Credentials (34%), Other (23%) (breaches)

Top Controls 

Boundary Defense (CSC 12), Implement a Security Awareness and Training Program (CSC 17), Secure Configurations (CSC 5, CSC 11)

Data Analysis Notes

Actor motives are represented by percentage ranges, as only 26 breaches had a known motive. Some charts also do not have enough observations to have their expected value shown.

All roads lead to pwnd

What is causing breaches in this sector? Our data shows us that Web Application attacks and Miscellaneous Errors are quite common, and the Everything Else pattern is also prevalent, but more on that later (Figure 106). Web applications are a common attack across the dataset, and a fact of life in this era is that if you have an internet-facing application, someone out there will eventually get around to testing your controls for you. The Hacking, Social and Malware actions were the most common in this industry, which supports the Web Applications pattern’s prominence.

Keep your eyes on the road

Miscellaneous Errors are simply a byproduct of being human—we make mistakes. The most common error in this industry was Misconfiguration, as shown in Figure 107. A typical misconfiguration error scenario is this: An internal actor (frequently a system admin or DBA) stands up a database on a cloud service without any of those inconvenient access controls one would expect to see on sensitive data. Then, an enterprising security researcher finds this instance using a search engine that is made to spot these unprotected datastores and poof, you have a breach.

That “Everything Else” pattern mentioned earlier—it is a place we store odds and ends for attacks that don’t fit into the other attack patterns, and within this pattern lives the business email compromise (BEC). These usually come in as a phishing email, although they can also be done over the phone. The goal of the attacker is either to get data or facilitate a wire transfer to their conveniently provided bank account. These attacks are perpetrated largely by organized criminal actors with a financial motive.

You can see in Figure 108 the most common motive of the external actors in this sector. While there are some espionage-motivated actors, they are few and far between when compared to financially motivated attackers. The data type of choice in this vertical appears to be Personal, which is being closely tailgated by Credentials.