CODESEALER EXPERT BLOGS

2023 Data Breach Investigations Report

2023 Data Breach Investigations Report

The Verizon Data Breach Investigations Report (DBIR), available at DBIR, is a yearly document offering an examination of information security incidents, particularly emphasizing data breaches. Verizon has consistently released this report each year since 2008. In its 16th annual release, the DBIR scrutinized 16,312 security incidents, of which 5,199 were verified data breaches. It’s important to note that the data reflects real-world breaches and incidents investigated by the Verizon Threat Research Center.

According to the most recent Data Breach Investigation Report 2023 that describes incidents between 1 November 2021 to 31 October 2022, financial incentives continue to serve as the primary driving force behind a significant portion of data breaches, “showing growth in relation to last year with a whopping 94.6%”. Considering the action that led to incidents, web applications takes the first position. DBIR classifies Basic web application attacks as “attacks that are against a Web application, and after the initial compromise, they do not have a large number of additional Actions”.

Before getting any further in the insights, is good a grasp of some terms that will be used in this blog:

  • Threat Actor: Person/group responsible of the event. E.g external bad guy, or internal employee
  • Threat Action: Tactics what were used to disrupt an asset. Acoording to DBIR, “primary categories of threat actions: Malware, Hacking, Social, Misuse,Physical, Error and Environmental”.
  • Incident: A security event that affects the Confidentiality, Availability and Integrity of an asset.
  • Breach: A security event that ends with a confirmed data disclosure

Now, that the wording is in place we can continue to see what happen for the past year regarding web applications.

Magnifying lenses on Web Application Attacks

The attacks on Web Application account for almost 25% of the Verizon database on incidents, being consistent over the years in the fact that “poorly picked and protected passwords continue to be one of the major sources of breaches within this pattern”. When attackers get a hold of the stolen credentials they turn to stealing key information or taking code from repositories.

Let’s explore further what are the key takeways from the report concerning web-applications:

  1. Entry Point – Nearly 86% of the security breaches were attributed to the Unauthorized Use of Stolen Credentials, leading to compromises in web server integrity. Another noteworthy trend involved exploiting vulnerabilities in web applications, accounting for 10% of the data sets. Despite comprising a smaller portion, these attacks remain significant in the arsenal of malicious actors, especially when considering that more than 50% of organizations faced over 39 web application attacks this year.
  2. Escalation of a security breach: While the initial point of compromise has been identified as leaked credentials, these are commonly utilized as an initial entry point. Subsequently, malware is introduced to either establish a persistent presence or initiate the Command and Control service.

Stolen credentials can originate from diverse channels, including services that sell them, password stealers employing social engineering techniques, or employing brute force attacks. Before getting to panic, it’s crucial to note that there are solutions available to minimize risks, such as Multifactor Authentication (MFA).

However, recent attacks have underscored the limitations of MFA, as cybercriminals have discovered methods to circumvent this security measure, allowing them to steal session cookies and impersonate the identities of their victims.

Codesealer has the capability to counteract social engineering tactics by thwarting a diverse range of tools used to circumvent MFA. This is accomplished by guaranteeing that only requests adhering to the encryption protocol and format are authorized to reach the backend.

Understanding the motives, threat actors, and consequences is crucial for a comprehensive perspective on web application attacks. Financial incentives account for 95% of the motives, with espionage or recreational reasons making up the remainder. External actors play a significant role as the primary facilitators, compromising data that includes credentials, personally identifiable information, and internal details.

Enhancing access controls for external-facing services and implementing effective vulnerability management programs can empower organizations to bolster their defenses. Meanwhile, users can contribute by exercising greater diligence in managing their passwords and adhering to best practices for safeguarding their information.

A useful tip for creating passwords is to think in sentences that are easy to remember. From these sentences, extract individual characters to form your password. This approach enhances both the memorability and security of passwords.

MORE EXPERT BLOGS

Read more from security experts around the world.

security when shifting left

security when shifting left

Security matters to everyone involved in application development and support, from the design phase to deployment. Whether you're a developer, security or operations engineer, or the CISO of a company, you're already considering security. Shifting security left...

read more
Security best practices in Kubernetes context

Security best practices in Kubernetes context

Kubernetes is a cutting-edge technology that revolutionizes how applications are deployed and managed. It simplifies the process of orchestrating containers, making it easier for developers and IT teams to build, scale, and manage applications seamlessly. Kubernetes...

read more
Application Security For Retail & ECommerce  Applications

Application Security For Retail & ECommerce Applications

“We know our clients and their needs… We aim to provide consistently high-quality products and services for them. We should also take care of the scalability of our website since we don’t want to lose customers due to the failure in the peak hours, right?” - that's a...

read more
What Is Spooling In Cyber Security?

What Is Spooling In Cyber Security?

What Is Spooling In Cyber Security? Have you ever encountered it before? Before we start on what data spooling means, first of all, let us explain what Cyber Security is in simple words so that everyone gets an idea of what we are talking about. And how spooling...

read more
API ATTACKS! Types & Prevention

API ATTACKS! Types & Prevention

An API attack is a hostile attempt to change the details, steal information, or threaten the authorities. The API attackers use the loopholes available in the system to get the desired information, and sometimes, they change the entire result coming out of data...

read more
Evolution of Signature Based Detection in Cybersecurity

Evolution of Signature Based Detection in Cybersecurity

The Efficacy and Evolution of Signature-Based Detection in Cybersecurity In the ever-evolving landscape of cybersecurity, signature-based detection stands as one of the foundational pillars of defense against digital threats. This method involves identifying malicious...

read more
14 best Kubernetes Security Tools

14 best Kubernetes Security Tools

In the digital realm, app security is a major concern. Many use modern security tools to manage and run applications smoothly and deal with digital threats. One such tool is Kubernetes security tools. Kubernetes is an orchestration platform that has become quite...

read more
what is a replay attack? A Complete Guide

what is a replay attack? A Complete Guide

What if the inaccessible security measures protecting your digital transactions could be misguided, allowing unauthorized third-party access to sensitive information? This problem gives rise to the concept known as a “Replay Attack.” Well, the main question is, what...

read more