F5 Labs today released a new report, Lessons Learned from a Decade of Breaches, which researches 429 breach cases spanning 12 years, 37 industries, and 26 countries to discover patterns in attacks that lead to impactful incidents or breaches. The data shows:
- Collectively, attackers started either directly at the web application or attacked a user for their identity in 86% of the cases.
o Applications were the first target in 53% of the cases
- Web application vulnerabilities were the number one root cause of the breaches analyzed at 38% of the total.
- Vulnerable forums installed on applications are the #1 root cause of application attacks followed by SQL Injection.
o Identities were the first target in 33% of cases
- Phishing was the second highest root cause at 19%.
- Other identity attacks are in the top 5 list of root causes including “unauthorized access” and “credential stuffing”, both of which likely started with a phishing attack or application exploit at some point prior where the data used in these attacks was collected.
In addition to providing insight into the root causes (the ultimate target) and how they differ from the initial attack patterns, the report also examines the patterns by industry to determine which industries have more breaches.