According to the “2023 Data Breach Investigations Report” by Verizon, denial-of-service (DOS) attacks continue to dominate the threat landscape in 2022, accounting for 38% of the over 16,300 security incidents analyzed. However, confirmed data breaches, which result in data loss, were caused more often by system intrusions, basic web application attacks, and social engineering, making up 32% of the incidents. The report emphasized that the difference lies in the level of impact on businesses. While DOS attacks were disruptive until they were mitigated, data breaches through system intrusions, web application compromises, and social engineering resulted in significant harm to companies.
Moreover, the report noted that the top two attack types—DOS attacks and system intrusions—target different parts of the Confidentiality, Integrity, and Availability (CIA) triad. System intrusions typically affect confidentiality and integrity, while DOS attacks target availability. Erick Galinkin, principal researcher at vulnerability management company Rapid7, explained that the use of DOS attacks is to put pressure on a target and force them to focus on getting availability back up. It can be used as part of an extortion campaign, to distract a target from contemporaneous compromise attempts, or even as a standalone tactic to disrupt some target.
The report also highlighted the fact that while patterns are informative, they can also vary widely. Joe Gallop, intelligence analysis manager at Cofense, an email security company, stressed that because of the overlap between various methods and the potential for an attack chain to cycle between activities that might fall under several categories, it is vital to maintain a holistic approach to security.
The study reveals that ransomware accounted for more than 80% of all actions in the system-intrusion category, making the system intrusion pattern the most common. David Hylender, senior manager of threat intelligence at Verizon, said that because ransomware continues to be ubiquitous among organizations of all sizes, verticals, and geographic locations, the system intrusion pattern continues to grow. Other vectors of attacks that lead to breaches include basic web attacks and social engineering, with 25% of breaches caused by basic web application attacks and 18% of breaches caused by social engineering.
Since social engineering has a broad footprint across different breach types, the report suggests that employees are integral to the defense against data breaches. Cofense’s Gallop said that since 74% of all breaches in the report included a human element, addressing human vulnerabilities is critical. Employees should be trained to be skeptical of social engineering attempts, recognize suspicious links, and never share credentials.
Moreover, Rapid7’s Galinkin noted that, as different organizations value different resources and assets, it is essential for companies to consider what their most important resources are and to evaluate how various threats may target those resources. This evaluation will eventually inform the best defense. In healthcare settings, for instance, a DOS attack will usually impact public-facing resources like payment or scheduling portals, which are essential but might not affect the core functionality of patient care.
In conclusion, the report emphasized that while DOS attacks continue to be rampant, data breaches through system intrusions, web application compromises, and social engineering cause significant harm to businesses. It is, therefore, important to maintain a holistic approach to security and ensure that employees receive adequate training to address human vulnerabilities and are aware of their organization’s most critical resources and assets.