The Rise of System Intrusions: Why They Pose a Greater Threat than DOS Attacks

Denial-of-Service Attacks Dominate the 2023 Threat Landscape

The “2023 Data Breach Investigations Report” by Verizon revealed that denial-of-service attacks remained the most common type of security incident experienced in 2022, accounting for 38% of more than 16,300 incidents. System intrusions, basic web application attacks, and social engineering caused 32% of confirmed data breaches. Erick Galinkin, principal researcher at Rapid7, explains that denial-of-service attacks target availability, while system intrusions typically affect confidentiality and integrity. While DOS attacks were disruptive, data breaches through system intrusions, web application compromises, and social engineering tended to result in significant business impacts.

Differences in Threat Activities and Real Harm

The report highlights the difference between threat activities that become incidents and those that cause true harm to companies. Of the 6,248 denial-of-service incidents, only four resulted in data disclosure, while ransomware accounted for 24% of all breaches. However, the average damage caused by the ransomware incident doubled to $26,000, according to the report.

Importance of a Holistic Approach to Security

The report emphasizes the importance of maintaining a holistic perspective on security, as every breach incident is different. Each attack can cycle through several categories, making it difficult to create an exhaustive and detailed set of categories. Therefore, it is crucial to maintain an all-encompassing security approach. Blending different incidents makes it necessary to protect systems and data against breaches comprehensively.

System Intrusions

Ransomware dominates the system intrusion category, accounting for over 80% of all actions, with the most common pattern being the installation of malicious software on a computer or device, followed by data exfiltration, and finally attacking system or data availability. As ransomware continues to proliferate, companies must focus on detecting the system intrusion pattern.

Basic Web Application Attacks

Basic Web application attacks resulted in 25% of breaches in the report. Meanwhile, attacks through web applications accounted for a third of all system intrusion attacks.

Social Engineering

Social engineering is a critical element in many breach incidents, accounting for 18% of all breaches in the survey. Since 74% of all breaches had a human element, addressing employee vulnerabilities is essential. Employees must be trained to recognize suspicious links, be skeptical of social engineering attempts, and not share credentials.

Defensive Strategy

Organizations must define their most valuable and critical resources and use that to evaluate how different threats might target them. The protective strategy will then be informed by the best defense for the organization. In healthcare, for instance, a DDoS attack might impact the payment or scheduling portals, but not the core functionality of patient care.

Conclusion

The report indicates that while DOS attacks dominated security incidents in 2022, data breaches caused by system intrusions, basic web application attacks, and social engineering caused significant business impacts. The effective security approach must maintain a holistic perspective, address employee vulnerabilities, and tailor protection strategies for an organization’s critical resources and assets.