Web Applications attacks utilizing stolen credentials are rife in this vertical. Social engineering attacks in which adversaries insert themselves into the property transfer process and attempt to direct fund transfers to attacker-owned bank accounts are also prevalent. Like many other industries, Misconfigurations are impacting this sector.
37 incidents, 33 with confirmed data disclosure
Web Application, Everything Else and Miscellaneous Errors represent 88% of data breaches
External (73%), Internal (27%) (breaches)
Financial (45%—97%), Convenience/Espionage (0%—40% each), Fear/Fun/Grudge/Ideology/Other/Secondary (0%—21% each) (breaches)
Personal (83%), Internal (43%), Other (43%), Credentials (40%) (breaches)
Top Controls: Secure Configuration (CSC 5, CSC 11), Implement a Security Awareness and Training Program (CSC 17), Boundary Defense (CSC 12)
Data Analysis Notes
Actor Motives are represented by percentage ranges, as only eight breaches had a known motive. Some charts also do not have enough observations to have their expected value shown.
There is nothing quite like that feeling of owning your first home. Moving in, enjoying the smell of fresh paint, and reflecting on all the memories you’ll make. Our data for this vertical indicates that cyber criminals are also being allowed to move right in and make themselves at home. Whether they are attending a showing of your data via Web Applications attacks, utilizing social engineering in the Everything Else pattern or simply being asked to drop in by your employees through an assortment of Miscellaneous Errors, they are certainly being made welcome. As you can see in Figure 95, it is difficult to state conclusively which of these three patters is the statistical leader but we can assert that they are all in the running.
Don’t leave the key under the welcome mat
Although we saw a rather small number of breaches in this sector over the last year, there are some interesting high-level findings to discuss. As in many other sectors, criminals have been actively leveraging stolen credentials to access users' inboxes and conduct nefarious activities. In fact, across all industries, credential theft is so ubiquitous perhaps it would be more accurate to consider them time shares rather than owned. Meanwhile, other external actors are relying on social engineering to get the job done. Some of these activities are simply aimed at stealing your data, but in other cases these attacks can be used to tee up a separate assault, as seen in many of the attacks that leverage pretexting.