Phishing and web app security problems remain the most common way for hackers to gain access to sensitive information, according to US telco giant Verizon.
Two out of three breaches were the result of weak or swiped passwords, making a case for strong two-factor authentication, the latest edition of Verizon’s annual Data Breach Investigations Report suggested.
The study put 2,122 confirmed breaches across 61 countries under the microscope. Many of these breaches traced their roots back to successful phishing attacks.
Around one in four (23 per cent) of recipients opened phishing messages, while more than one in 10 (11 per cent) of recipients clicked on attachments. Half (50 per cent) of successful phishing attacks involved emails that were opened in the first hour after their receipt. Corporate hackers often targeted lawyers, marketing staff and human resources within corporate environments in phishing runs because these departments regularly deal with a lot of email, according to Verizon.
The top three industries affected were the same as previous years: public sector, technology and financial services.
Jay Jacobs, principal, Verizon RISK team, explained that this ranking was down to the number of breaches rather than the number of records stolen or other metrics that look at the severity of attacks. One trend in the report is the increased prevalence of RAM scrapper malware as a hacker tool as a replacement for more traditional trojans and spyware.
RAM scrapper-style malware attacks first cropped up in the retail industry with attacks against Target and others back in 2013. RAM scrapper malware is a powerful tool for hackers because it is capable of lifting normally encrypted data – such as credit card records – in the clear from the memory of compromised devices, such as point-of-sale terminals. "There's a move from simple key-loggers to RAM scrappers," Jacobs explain. "We're seeing them outside of retail."
In 70 per cent of attacks where security researchers know the motive for the attack, there was a secondary victim, in some cases a partner or suppler who got hit simply as a way for hackers to get at their main target.
One prevalent form of attacks in hosted environments, in particular, is hacking web servers and blogging platforms as a platform for launching DDoS attacks and to harbour phishing sites.