Ask HN: Are most security breaches based on social engineering?

[danielovichdk]

Hi,

Do we have any data that tells us how a hack was initiated.

E.g

How did Solarwind happen ? How did Sony happen ? The US Gas Line The Equifax

So, i would really like to know how many of these was actually caused by human error (download and installed malware) and not a poor tech solution (firewall was open)

Any evidens as such ?

[__jf__]

You can look at:

- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].

- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

[1] https://twitter.com/uuallan/status/1437068825636265985

[2] https://github.com/vz-risk/VCDB

[muzani]

Not exactly. Here's a list of common mistakes: https://owasp.org/www-project-top-ten/

Social engineering is definitely in there, but it's more like one step in some. And perhaps involves four out of ten.

[ryanlol]

> human error (download and installed malware) and not a poor tech solution (firewall was open)

These tend to both be examples of poor tech solutions, unless it’s your sysadmins being tricked to download and install malware.