Summary of key findings
Adversaries continue to innovate
Attack volumes increased across all industries between 2018 and 2019. Due to the overwhelming success of the use of tools such as web shells, exploit kits, and targeted ransomware, adversaries are still developing effective multifunction attack tools and capabilities. The most common techniques observed globally were remote code execution (15%) and injection (14%) attacks. In most cases, these attacks continue to be effective due to organizations poor practices related to network, operating system, and application configuration, testing, security controls and overall security hygiene. Adversaries are also leveraging artificial intelligence, machine learning, and investing in the automation of attacks. 21% of malware detected was in the form of a vulnerability scanner which also supports the premise that automation is key focus point of attackers.
Old vulnerabilities still a prime target
As with previous year’s reports, attackers are still focusing on leveraging vulnerabilities which are several years old, have patches available, but are still not being addressed by organization’s patch and configuration management programs. 258 new vulnerabilities were identified in Apache frameworks and software, such as Struts and Tomcat, over the last two years. Additionally, Apache software was the third most targeted in 2019, accounting for over 15% of all attacks observed.
IoT weaponization: IoT devices continue to be compromised
The re-emergence of Mirai and variants has helped widen the spread of IoT attacks. Botnets such as Mirai, IoTroop, and Echobot have advanced their propagation capabilities by investing in automation. IoTroop remains a persistent threat, accounting for 87% of botnet activity detected in Japan.
Technology leads top attacked industries
Technology was the most attacked industry in 2019, accounting for 25% of all attacks observed. Significant increases in application-specific and DoS/DDoS attacks, along with weaponization of IoT attacks against technology contributed to technology becoming the most attacked industry. Technology was previously the second most attacked industry in 2017 and 2018 and had the highest occurrence of ransomware activity at 9%, while no other industry showed higher detections of ransomware than 4%. Government activity driven by geo-political activity accounted for 16% of activity this year, compared to 9% in 2019. The technology industry also had the lowest performance of application security, with an average of 12 serious vulnerabilities per web application.
Content management systems heavily targeted
Malicious actors leverage compromised web servers to steal valuable data and use these powerful resources to conduct additional cyber-attacks. Some of the most dominant activity during the past year was related to attacks against popular content management systems (CMS), malware activity, and web-application attacks. Popular CMS platforms such as Joomla!, Drupal, and noneCMS account for the majority of CMS market share. They also represent being the target of approximately 20% of all observed attacks globally. Additionally, nearly 55% of all attacks were application-specific (33%) and web-application (22%) attacks.
2019 a year of enforcement: GRC continues to become more complex
More data privacy professionals are influencing the digital agenda. At the current rate of increasing governance, risk, and compliance (GRC) initiatives globally, being complacent with compliance will likely continue to create challenges for organizations. The regulatory landscape is continuing to make dynamic shifts and globalization of third-party vendors and suppliers compounds complexity. Several acts and laws are influencing how organizations handle data and privacy, including the California Consumer Privacy Act, Brazilian General Data Protection Law, India’s Personal Data Protection Bill, and Singapore Personal Data Protection Act. Although we provide multiple recommendations throughout the report, we believe the following principles can be valuable to consider as you move towards your information security and data protection goals.