Web applications are targeted with availability attacks as well as leveraged for access to cloudbased organizational email accounts.


    1,094 Incidents, 155 with confirmed data disclosure

    Top 3 Partners

    Miscellaneous Errors, Web Applications, and Cyber- Espionage
    represent 83% of breaches within Information

    Threat Factor

    External (56%), Internal (44%), Partner (2%) (breaches)

    Actor Motives

    Financial (67%), Espionage (29%) (breaches)

    Data Compromised

    Personal (47%), Credentials (34%), Secrets (22%) (breaches)


    The Information Society 

    The Information industry is a veritable pantechnicon (look it up) that is chock-full of organizations that have to do with the creation, transmission and storing of information. One might think that with so wide an array of victims, the attacks would be all over the place, but, in fact, it is our duty to inform you that much of what we saw in this category for the 2019 report mirrors last year’s results. As was the case in 2018, most of the incidents in this industry consists of DoS attacks (63%). In fact, it is perhaps fitting that this industry covers both TV and motion pictures, since it is in many ways a rerun of last year’s programming when viewed from an incident point of view.

    With regard to confirmed data disclosure, two of the top three patterns remain the same as last year (albeit in a different order) and we have one newcomer. In order of frequency, the patterns are Miscellaneous Errors (42%), Web App attacks (29%) and Cyber-Espionage (13%). Let’s take a quick look at the most common errors below.



    Faulty towers

    No one is perfect, but when you are a system admin­istrator you are often provided with a better stage on which to showcase that imperfection. Figure 52 illustrates how errors are put in the spotlight. Our data indicates that misconfiguration (45%) and publishing errors (24%) are common miscues that allowed data disclosure to occur. When looking at the relationship between actions and assets in Table 6, 36 percent (24 of 67) of error-related breaches involved misconfigurations on databases, often cloud storage – not good. Obviously, those buckets of data are meant to store lots of information and if your bucket has a (figurative) hole in it, then it may run completely dry before you make it back home from the well and notice. Often these servers are brought online in haste and configured to be open to the public, while storing non-public data. Publishing errors on web applications offer a similar exposure of data to a much wider than intended audience. Just for cmd shift and giggles, we will mention that programming errors were committed on web servers and a couple of databases.














  • It’s not only Charlotte’s Web (apps) you can read about

    Even if your IT department doesn’t make big mistakes like the poor unfortunate souls above, there is no need to worry. You still have more excellent chances to get your data stolen. Criminals do love a tempting freshly baked (or half baked) web application to attack. The illicit use (and reuse) of stolen creds is a common hacking action against web applications regardless of industry. The malware action variety of capture app data is more commonly associated with e-retailers, the application data being captured is the user inputting payment information. While not as common, any internet portals or membership sites that sell content as opposed to a physical product would fall into the Information sector. And payment cards used to purchase content are just as good to steal as ones used to buy shoes online.

    I spy with my little eye, something phished

    The third pattern in Information breaches we highlight is Cyber-Espionage. An eye opening 36 percent of external attackers were of the state-affiliated variety, statistically even with organized crime. As we have pointed out many times in the past, most Cyber-Espionage attacks begin with a successful phishing campaign and that goes some way to explain why 84 percent of social attacks in this industry featured phishing emails.

    Sir Francis Bacon once famously stated "knowledge is power." Perhaps a better definition for 2019 would be "to gain and to control information is power." Therefore, we should probably not be shocked that the organizations that own and distribute that information are the target of such attacks.

  • Things to consider

    Asset assistance

    Whether intentional web attacks or erroneous actions, both databases and web application servers are oft-compromised assets, especially for this industry. Many will complain about "checklist security" but a standard protocol regarding bringing up cloud servers and publishing sensitive data on websites – if implemented and followed – would go a long way to mitigate human error/carelessness.

    Scrubbing packets

    While breaches were at the forefront of this section, DDoS protection is an essential control for Information entities given the percentage of Denial of Service incidents. Guard against non-malicious interruptions with continuous monitoring and capacity planning for traffic spikes.

    It bears repeating

    Knowledge is power, and the increase in state-affiliated attacks is a data point we will keep an eye on. It could very well be a spike and not indicative of a trend, but Information organizations have desirable data and these motivations would not be likely to disappear in a year. Understand that these attacks are often “phishy” in nature and start with a compromised workstation and escalate from there.