The Verizon Data Breach Investigations Report (DBIR), available at DBIR, is a yearly document offering an examination of information security incidents, particularly emphasizing data breaches. Verizon has consistently released this report each year since 2008. In its 16th annual release, the DBIR scrutinized 16,312 security incidents, of which 5,199 were verified data breaches. It’s important to note that the data reflects real-world breaches and incidents investigated by the Verizon Threat Research Center.
According to the most recent Data Breach Investigation Report 2023 that describes incidents between 1 November 2021 to 31 October 2022, financial incentives continue to serve as the primary driving force behind a significant portion of data breaches, “showing growth in relation to last year with a whopping 94.6%”. Considering the action that led to incidents, web applications takes the first position. DBIR classifies Basic web application attacks as “attacks that are against a Web application, and after the initial compromise, they do not have a large number of additional Actions”.
Before getting any further in the insights, is good a grasp of some terms that will be used in this blog:
- Threat Actor: Person/group responsible of the event. E.g external bad guy, or internal employee
- Threat Action: Tactics what were used to disrupt an asset. Acoording to DBIR, “primary categories of threat actions: Malware, Hacking, Social, Misuse,Physical, Error and Environmental”.
- Incident: A security event that affects the Confidentiality, Availability and Integrity of an asset.
- Breach: A security event that ends with a confirmed data disclosure
Now, that the wording is in place we can continue to see what happen for the past year regarding web applications.
The attacks on Web Application account for almost 25% of the Verizon database on incidents, being consistent over the years in the fact that “poorly picked and protected passwords continue to be one of the major sources of breaches within this pattern”. When attackers get a hold of the stolen credentials they turn to stealing key information or taking code from repositories.
Let’s explore further what are the key takeways from the report concerning web-applications:
- Entry Point – Nearly 86% of the security breaches were attributed to the Unauthorized Use of Stolen Credentials, leading to compromises in web server integrity. Another noteworthy trend involved exploiting vulnerabilities in web applications, accounting for 10% of the data sets. Despite comprising a smaller portion, these attacks remain significant in the arsenal of malicious actors, especially when considering that more than 50% of organizations faced over 39 web application attacks this year.
- Escalation of a security breach: While the initial point of compromise has been identified as leaked credentials, these are commonly utilized as an initial entry point. Subsequently, malware is introduced to either establish a persistent presence or initiate the Command and Control service.
Stolen credentials can originate from diverse channels, including services that sell them, password stealers employing social engineering techniques, or employing brute force attacks. Before getting to panic, it’s crucial to note that there are solutions available to minimize risks, such as Multifactor Authentication (MFA).
However, recent attacks have underscored the limitations of MFA, as cybercriminals have discovered methods to circumvent this security measure, allowing them to steal session cookies and impersonate the identities of their victims.
Codesealer has the capability to counteract social engineering tactics by thwarting a diverse range of tools used to circumvent MFA. This is accomplished by guaranteeing that only requests adhering to the encryption protocol and format are authorized to reach the backend.
Understanding the motives, threat actors, and consequences is crucial for a comprehensive perspective on web application attacks. Financial incentives account for 95% of the motives, with espionage or recreational reasons making up the remainder. External actors play a significant role as the primary facilitators, compromising data that includes credentials, personally identifiable information, and internal details.
Enhancing access controls for external-facing services and implementing effective vulnerability management programs can empower organizations to bolster their defenses. Meanwhile, users can contribute by exercising greater diligence in managing their passwords and adhering to best practices for safeguarding their information.
A useful tip for creating passwords is to think in sentences that are easy to remember. From these sentences, extract individual characters to form your password. This approach enhances both the memorability and security of passwords.