pogonici - Fotolia
The number of disclosed data breaches declined during the first quarter of this year, according to a new report, but the authors say it's not necessarily cause for celebration.
While the number of publicly reported data breaches decreased compared with the same period in 2019, according to a new report from Risk Based Security, the number of exposed records reached a new high. The threat intelligence firm released its 2020 Q1 Report, which found the number of records exposed in breaches and accidental leaks reached a record 8.4 billion. According to the report, that is a 273% increase compared to the first quarter of 2019, while the number of publicly reported breaches in the first quarter of 2020 decreased by 58%.
Not only did the number of exposed records increase, but it was "the most records exposed in any first quarter period since [they] began tracking data breaches in earnest in 2005," Risk Based Security wrote in the report. And while the drop in reported breaches was noteworthy, the vendor cautioned that breach reporting may have been disrupted during the quarter because of the disruption caused by the COVID-19 pandemic.
The vendor noted the increase in exposed records was driven largely by one leak: a misconfigured ElasticSearch cluster that exposed 5.1 billion records. "Adjusting for this incident, the number of records still increased 48 percent compared to Q1 2019," Risk Based Security wrote in the report.
Reports of accidental data exposures and leaks have become more common in recent years as threat researchers have discovered many misconfigured databases and cloud instances. Inga Goddijn, executive vice president of Risk Based Security and co-author of the report, said it's unclear if the number of leaks has increased or if researchers are paying more attention to them.
"Shodan and other tools to search for internet-connected devices have made it a more accessible pastime for researchers and folks interested in looking at these types of misconfigurations," Goddijn said. "I think there certainly is an element of researchers becoming more skilled at finding these data sets, but as researchers become more skilled, so do malicious actors."
In addition, the threat intelligence firm found that approximately 70 percent of reported breaches were due to unauthorized access to systems or services, while approximately 90 percent of records exposed were attributable to exposing or publishing data online.
While malicious attacks account for more of the breach activity by sheer count, the accidental exposure or failure to protect a database is driving up the number of records being exposed, said Goddijn.
"Malicious attacks have that whole component to them where to an extent, you can say the attackers are after that information for malicious purposes. Whereas with the accidental exposure, the data is out there, it's set loose, but you don't know for certain if anyone has used it for nefarious purposes," Goddijn said.
However, both types of attacks are problematic.
"With the accidental leaks, it makes it easier for folks who want to get in the malicious space to start out with 'Hey, let's go look for open data sets.' Once that data is exposed and especially if people are rifling through it, you have even I think less visibility into what the ultimate consequences might be for that information being out there," Goddijn said.
The number of publicly disclosed breaches overall in the first quarter of 2020 dramatically decreased compared to 2019. "There were 1,196 breaches reported in the first three months of 2020, the lowest number of breaches disclosed during the first quarter since 2016," Risk Based Security wrote in the report.
In addition to COVID-19, Risk Based Security attributed the decline to the unusually high number of breaches reported in the first quarter of 2019. A total of 3,813 breaches were reported in the first six months of 2019, exposing over 4.1 billion records, according to the Risk Based Security's 2019 Mid-year quick view data breach report.
And while the number of overall reported breaches declined in Q1, the healthcare industry led all verticals with 106 breaches during that period; COVID-19 was also one of the reasons healthcare topped all industries, said Goddijn.
"Healthcare is usually right up toward to the top but it fluctuates quarter to quarter. With the pandemic and so much attention being focused on healthcare and the whole industry, it presented a unique opportunity for attackers, especially those who make use of ransomware," Goddijn said. "It's not like the threat actors were discovering a whole new source of information, but I think they took the tools and technology they had at hand and took advantage of the situation."