Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Are most security breaches based on social engineering?
11 points by danielovichdk on Sept 20, 2021 | hide | past | favorite | 3 comments

Do we have any data that tells us how a hack was initiated.


How did Solarwind happen ? How did Sony happen ? The US Gas Line The Equifax

So, i would really like to know how many of these was actually caused by human error (download and installed malware) and not a poor tech solution (firewall was open)

Any evidens as such ?

You can look at:

- A collection of public threat intel reports [0]. Lots of reading though. I did some Splunking on it last year and at least 50% uses phishing for initial access. You could call that a structural vulnerability.

- Exploiting vulnerable public facing stuff is another initial access technique. Here someone collected all the CVEs used by ransomware crews [1].

- VERIS community database [2]. Collection of 8894 security incidents. If you look in the JSON there are some fields describing the vector and the actor.

[0] https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_C...

[1] https://twitter.com/uuallan/status/1437068825636265985

[2] https://github.com/vz-risk/VCDB

Not exactly. Here's a list of common mistakes: https://owasp.org/www-project-top-ten/

Social engineering is definitely in there, but it's more like one step in some. And perhaps involves four out of ten.

> human error (download and installed malware) and not a poor tech solution (firewall was open)

These tend to both be examples of poor tech solutions, unless it’s your sysadmins being tricked to download and install malware.

Applications are open for YC Winter 2024

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact