An Apple-commissioned data breach report found 2.6 billion records were stolen by hackers between 2021 and 2022.
The report by MIT Professor of Information Technology Stuart Madnick, published Thursday, said breaches were up by 20% in the first three quarters of 2023 compared with all of 2022.
Increasingly sophisticated ransomware attacks and attacks on third-party vendors are key factors in the increasing scope of data breaches, according to the report.
Cloud security was cited as being increasingly important, as 80% of breaches include data stored in the cloud.
The report compiles statistics and case studies from more than 200 sources to provide an overview of data breaches over the last two years.
Ransomware attacks increased by nearly 70% in the first nine months of 2023 compared with the same time period last year, the report noted.
Overall, more ransomware attacks were reported from January to September 2023 than in all of 2022.
Increasing organization and shifting strategies of attackers are reported as key contributors to the rising ransomware threat.
Ransomware gangs like LockBit, ALPHV/BlackCat and Clop often launch multiple attacks on the same victim using different variants and expand their reach by providing ransomware-as-service, Madnick noted.
The amount of personal information and sensitive records exposed on the internet is also amplified by ransomware gang activity as hackers shift strategy from ransoming encrypted records to threatening to leak them if ransom is not paid.
Security failures of third-party vendors widen attack surface.
Exploitation of vendors that provide software and services to multiple customers has been seen in some of the most extensive data breaches in 2023.
The report highlights how attackers take advantage of the weaker cybersecurity posture of small- or medium-sized companies to get to their larger-sized customers and do the greatest damage in a single attack.
The vast majority - 98% - of organizations have a relationship with a vendor that has been breached within the last two years, according to SecurityScorecard research cited in the report.
One major example of a third-party vendor breach is the MOVEit hack of May 2023, in which the ransomware group Clop exploited a vulnerability in the MOVEit file transfer software to access files from more than 2,300 organizations.
The breach has impacted more than 65 million individuals and cost more than $10 billion globally as of October 2023.
Millions of sensitive records, including medical records and financial information, have been leaked as a result.
In a press release accompanying the publishing of Madnick's report, Apple stressed the importance of encrypting data stored in the cloud to decrease the amount of readable data available to attackers.
Apple's Advanced Data Protection for iCloud, launched in December 2022, uses end-to-end encryption to protect 23 data categories - nine more than default iCloud settings.
This Cyber News was published on www.scmagazine.com. Publication date: Fri, 08 Dec 2023 00:44:05 +0000