JUSTFORTHESHELLOFIT

Verizon’s 2020 Data Breach Investigation Report

2020 DBIR

While it comes as no surprise that phishing attempts are going unreported in the Educational Services section of DBIR, the disproportionate amount of credential stuffing attempts indicates that this sector is behind the times on the enforcement of security best practices for AAA policies. An alarming increase in ransomware related malware attacks might be telling of either a weakness within the data storage redundancy, or a willingness to shell out the dough required to unlock files.

This last week, Verizon released its annual Data Breach Investigation Report for those that are interested. With a statistical analysis of trends in 16 different industries, it is evident that Manufacturing still holds the top spot for Cyber-Espionage. Given the historical significance within the intelligence realm, mis-information campaigns filled with tactfully engineered and flawed processes may prove fruitful in this arena. It is notable that this year’s numbers have decreased for this category.

Attack paths in incidents p31

While the portrayal of masterminds within the hacking movies makes for great films, the complication of these studied attacks does not vary with a great magnitude of order. A large majority of the security incidents remained at or below 7 steps. This coupled with the increase in DDOS and Web Application attacks might be indicative of unpatched systems. While it may be difficult to correlate the use of standard container images and readily available orchestration systems, the burden of configuration still lies on product owners within organizations instead of providers of resources. There must be an urgency to change how default applications and containers are being deployed coupled with a standardized timely update methodology if organizations want to change these annual traditions.

Connection attempts by port Figure 22

With honeypots picking up similar patterns for Telnet and SSH, it is clear that there is still a reason for people to scan these ports. The use of standardized ports in internet facing traffic should only be done as required for legacy software, and probably not at all. There are about 65,000 reasons not to be using these if you know what I mean.

Overall the tone of this report was very informative. There is much more in it than what was covered in this short blog. The speculation found within this writing is just that, speculation. It does not mean that it is right or wrong, but an estimation of a valid possibility that might fill the gap of solid data as it is presented. There may be further analysis with a more academic approach coming, this was just for the shell of it.

Leave a Reply

%d bloggers like this: