The Jigsaw Security Operations team will be publishing the "State of Security" report for the previous years activity. This report is provided as a transparency report to allow those that utilize our intelligence products to determine if we have coverage that they may be missing. Many of the statistical review has been completed. The Security Operations team has stated that there will be 2 reports generated, the first a general report that will give the executive overview and a detailed report. The "Detailed Report" will include specific information from our intelligence products and is free for our customers or $295.95 for non-subscribing entities. The report will provide a detailed look as all aspects of our services and products.
Leaked Records Collected - A quick look
In 2018 Jigsaw Security collected and analyzed 2.9 billion pieces of intelligence information. This category of leaked records include data from Facebook, LinkedIn, Pastebin, FTP servers, C2 servers in which forensics were performed, network logs that were submitted for analysis, sensor and honeypot data, third party data provided information, firewall and router logs and individual reports of information that contained PII/PHI.
Of the 2.9 billion items observed there were 1.3 billion individual identifying pieces of information to include usernames, passwords, credit card data, address, phone, location or GPS data, network and device passwords, router configurations, medical records, highly confidential corporate data and other information released by mistake due to incorrectly configured storage, hardware or protective devices.
The number one source of information was misconfigured databases to include Amazon S3 and incorrectly configured cloud/big data storage platforms to include mongodb, elasticsearch and FTP servers.
In 2016 we observed 1.4 billion individual records so this is a 1.5 billion more records or more than a doubling in inadvertent exposures. While we have noticed an uptick in the amount of incidents the technology to find and observe information has improved dramatically in the past year, this is increased the amount of data being ingested for review.
One of the biggest increase in leaked credentials has been from the Educational space. Every day the EDU domains lead the pack with more credential leaks than any other sector. Here are the top 5 leaks we observed in the last year:
1. EDU - Educational institutions passwords and leaked PII
2. Website Dumped SQL Data - Many attacks dumping data with sqli and other methods
3. MIL/GOV - Military and Government Credentials - Which may be to third party sites due to the use of certificates for many site logins - Misuse or password reuse is the biggest issue
4. Hacked Cloud and Data Storage Facilities - Credentials dumped from Cloud systems
5. Application Leaking Data - Mobile phone applications and web browser leaking information that could be used to track, trick or cause malware to be loaded without user interaction
In short there have been many very large leaks of information over the last year such as online spambot which was similar to another leak in 2015 that covered nearly every company in the US Forbes list. Many of these companies were not even aware that they had been compromised and very few of them had even acknowledged the issue since that particular breach.
Out of the top 10 incidents (ranked by size), 5 of them were mis-configurations and 5 were not known. Many times companies do not list the reason out of fear that providing this information may lead to farther incidents.
Geographic Layout of Incidents
In 2017 there were a total of 178 incidents in the United States that we observed with 1.6 billion records being leaked or compromised. Next after the US was the United Kingdom with 23 incidents and Canada in third place with 11 major events.
Even though the UK was second in number of incidents, the number of records in the UK was 28.6 million whereas the US alone lost 1.6 billion records. The fact that many of these records were on Amazon AWS is why the US ranks highest on the list. If we excluded Amazon based issues the US would have only had 146 million records. So this fact should show that since AWS is being adopted by business, securing AWS is where you should be spending the most time in ensuring applications are secure.
Keep your eyes open. Customer should receive this report by the end of February.