The information used to draw the conclusions in their report is based on the security knowledge and expertise of the company’s research team, as well as on data gathered during multiple investigations and from authoritative sources.
According to Positive Technologies’ report, personal data (30%) and credentials (22%) were the most attractive targets for threat actors, with a wide variety of websites being compromised by attackers to get their paws on this information.
Moreover, despite a decrease in the number of malware-based attacks during Q2 2018 compared to Q1 2018 (49% vs. 63%), they are still the most common, with leaked NSA exploits being used as attack vectors for compromising Internet-facing devices, acting as footholds for subsequent malware payload dropping.
Furthermore, bad actors have been using more and more exotic ways of attacking their targets, with credential compromise going up to 19% from 7% and web vulnerability exploiting reaching 18% from 12% in Q1.
54% of all attacks on companies were targeted attacks
Threat actors also used zero-day vulnerability exploits if they could get their hands on one, as well as social engineering to steal login credentials.
The security research team also discovered that out of all attacks on privately held companies and organizations, 54 percent of them were targeted attacks, which shows the attackers’ inclination on hitting high-value targets instead of random ones when using malware campaigns.
The company also provides a forecast for the next quarter of 2018, with an increase in the number of data theft attacks because of individuals and companies not securing their information correctly.