The HackNotice threat intelligence platform shared with the SecurityWeek portal an analysis of more than 60,000 reports of breaches over the past three years and found some disturbing results. The main one is that there was an increase in the rate of violations and a decline in the number of official notifications of these violations.
The company examined 67,529 breaches that were publicly reported from 2018 to 2020. CEO and co-founder Steve Thomas told SecurityWeek to believe that hackers have become more successful at a time when we have increased security budgets “because companies focus on defenses in the wrong areas. Hackers are winning cyber war mainly because they don’t target infrastructure, but they target people ”. According to him, phishing, credential stuffing, personal accountability for access to e-commerce, “all the main attack vectors depend on the fact that employees are not informed about how much they are exposed and value security much less than the security team ”.
These are the categories of violations and HackNotice’s comments on each one:
- Leak reports containing data from a breached company, as disclosed by hackers – 41,030 occurrences
- News that is, a violation report initially announced by an online news service – 15,219 occurrences
- Hackers reported 2.7 times more breaches than news services. HackNotice concludes that monitoring the dark web does more to companies than monitoring news
- Ransomware, with Data Leaked by Hackers When the Victim Refuses to Pay the Ransom – 988 occurrences
- According to HackNotice, the number is not an indication of the total number of successful ransomware attacks, but of the number of companies breached and who refused to pay the ransom. The first of these breach announcements occurred in April 2020, but the number grew to almost 1,000 by January 1, 2021. The implication is that double-extortion ransomware attacks are on the increase and are likely to continue to increase until 2021 and beyond.
- Disfigurement (defacement), in which case a website has been breached and the content altered by the hacker as evidence of the invasion – 2,243 occurrences
- Disfigurement is popular with hacktivists. A decade ago, they were common, but seem to have lost popularity. However, according to HackNotice, its total rose in July 2019 and even more from April 2020. The rise is likely to reflect changes in geopolitics. Companies that work in politically or ethically sensitive areas should take extra care when protecting their sites from disfigurement attacks.
- Official disclosure, Cases in which a Data Violation was Reported to Official Sources and Disclosed – 9131 occurrences
- The interesting thing here is the relatively small number of violations. Only 13.5% of the total are reported by official channels. This represents a 25% drop in relation to the beginning of the analyzed period.
See the original post at: https://www.cisoadvisor.com.br/hackers-seguem-fazendo-vitimas-e-elas-tentando-fugir-da-lei/?rand=59039