Cloud databases leaked over two billion records in 2017, according to IBM X-Force. The arm of IBM said that server misconfigurations made up 70 percent of the total number of reported leaked records this past year. It said it was important for organisations to conduct proper risk assessments of their cloud deployments. Security managers should consider periodically engaging a professional penetration testing service to map vulnerabilities and inadvertent access issues.
IBM also pointed to cases of ‘cyberextortion’ of data with value, such as several plastic surgery clinics breached, including one in Beverly Hills and one in London, both of which catered to celebrity clients. Given the sensitive nature of photos and patient history, high-profile targets such as these are particularly vulnerable. Whether they’re going after medical records, private dating preferences, intellectual property or hot television series, attackers are targeting high-value data in attempts to earn cash through (old-fashioned) extortion.
IBM X-Force identified six major trends from over 235 publicly disclosed breaches it tracked in 2017. Some are trends that we’ve been highlighting for years, such as phishing attacks and failure to patch. Others are newer, growing trends, such as hijacked thingbots, misconfigured cloud servers and cryptocurrency-targeted attacks. For more, visit https://securityintelligence.com/six-major-data-breach-trends-from-2017/.
Comment
Mark James, Security Specialist at internet security product company ESET, said: “It’s no surprise to me that Ransomware attacks are on the rise. Often, cyber-attacks are based on their probability to succeed and likelihood to reap rewards and ransomware has proven time and again it works. It’s also no surprise that human error and mistakes in infrastructure configurations are on the rise; the ability to utilise these “holes” in the security, enable vulnerabilities and exploits to be utilised to gain control or access. It is still concerning that phishing led attacks including user driven link clicking is still a major concern and causes more damage than traditional data breaches.
“There is one thing we can be sure of and that is it’s not going to decline in any way. Malware attacks, misconfigurations and user driven attacks are going to continue to cause companies problems, despite the emphasis being on patching and updating operating systems and applications. So many companies have to outsource so many services that it becomes very difficult to have complete control over the security of our data, when it’s being stored on someone else’s servers.”
