Analysis of almost 5,000 cyber attacks show that password theft is still very popular and admins do not master cloud services.
Over 25 percent of the attacks are Password theft and the use of copied credentials are the most common methods of intrusion. However, the misuse of unpatched software vulnerabilities accounts are less than five percent. Systems that can be taken over with attacks from the fund or a gap in the mail transfer agent Exim discovered last year that there are also susceptible to just about everyone else. Such unpatched systems are attacked by automatic scans of the entire internet. Obviously, administrators have simply overlooked these systems so that they act as entry points for criminals.
After hacking, human error ranks with social engineering as the reason for a successful attack. In particular, incorrectly configured systems, such as cloud storage that is freely accessible to everyone, invite data thieves the most.
Companies Risk The Data Themselves
It is unknown whether administrators actually commit more fatal errors or whether security researchers discover and report more misconfigured systems. Independent researchers tracked down around 60 percent of all misconfigurations evaluated. Another possible explanation is the stricter reporting requirements in many countries. More than 40 percent target twice as many attacks as in the previous year directly on web applications,35 percent on end devices of users and only a 5 percent on database servers.
Despite the cloud trend, only 20 percent of all successful attacks on cloud systems occur. The share still takes place in locally operated data centers. What is striking here is that more than the half of all successful attacks on cloud applications were carried out using copied login data.