GUEST ESSAY: Stolen logons, brute force hacking get used the most to breach web, email servers

By Dawid Czarnecki

Web application attacks directed at organizations’ web and mail servers continue to take the lead in cybersecurity incidents.

Related: Damage caused by ‘business logic’ hacking

This is according to Verizon’s latest 2022 Data Breach Investigations Report (DBIR).

In the report’s findings, stolen credentials and exploited vulnerabilities are the top reasons for web breaches. This year, these were the top reasons for web breaches.

•A whopping 80 percent were due to stolen credentials (nearly a 30 percent increase since 2017!)

•Exploited vulnerabilities were the second leader at almost 20 percent

•Brute forcing passwords (10 percent) came in third

•Backdoors or C2 (10 percent) were the fourth runner-ups

Poor password practices are responsible for most incidents involving web applications and data breaches since 2009. Password security may seem like a simple solution for a huge problem, but it may be difficult to successfully implement in practice. Ignoring it, on the other hand, can lead to complications such as an unwarranted data breach.

Without strong, secure passwords or two-factor authentication (2FA) enabled in an organization or startup, it becomes easy for attackers to access stolen credentials on their web and email servers.

Consequently, sensitive data can become compromised, ending up in the wrong hands. In 2022, 69 percent of personal data and 67 percent of credentials became compromised in a web breach. This data strongly indicates that password management and 2FA are crucial for any organization or startup to become more secure from web attacks.

We’ve shared some helpful guidance on password security at Zigrin Security blog.

Shifting exposures

The landscape of the cyber domain is in flux. Money-motivated cybercriminals are no longer the main attackers on the web as a rise in nation-state attackers motivated by espionage comes in a close second for dominating web breaches.


Moreover, 65 percent of web breaches are motivated by financial gains, and 31 percent are due to espionage motives. Both types of attacker’s target organizations, often those with weak credentials.

Strong password security for any organization or startup can avoid and reduce the number of attacks via default, shared, or stolen credentials on the web.

“From the chart, it is evident that many intrusions exploit the basic (mis)management of identity. Unauthorized access via default, shared, or stolen credentials constituted more than a third of the entire Hacking category and over half of all compromised records. It is particularly disconcerting that so many large breaches stem from the use of default and/or shared credentials, given the relative ease with which these attacks could be prevented.” (2009 DBIR page 17) 

It’s not just a web thing. It’s an e-mail thing too. Although web servers constitute nearly 100 percent of web breaches, 20 percent of mail servers have been compromised in web breaches recently.

Interestingly, 80 percent of mail servers became compromised due to stolen credentials too, and 30 percent were due to an exploit – a 27 percent jump from last year in 2021 when it was only 3 percent. Among those exploits, the most popular seem to target SQL injection vulnerabilities. Other reasons mail servers became breached are:

•Improperly constrained or misconfigured access control lists (ACLs)

•Authentication bypass

•Privilege escalation

•Brute forcing passwords

The need to guard identities

In conclusion, stolen credentials are the main threat and concern for an organization’s or startup’s infrastructure – primarily web servers and mail servers – that attackers frequently leverage for financial gain and espionage: stolen credentials were responsible for 80 percent of web and mail servers, a 30 percent increase since 2017.

Brute force remained near the top of the list, as well. That indicates that password management and 2FA are critical for organizations and startups to mitigate these threats, reducing web breaches to a great extent. Securing web and mail servers from exploitable vulnerabilities that attackers can leverage is just as important when the rise of web breaches increasingly makes organizations and startups more vulnerable.

For more details on how to secure your organization or startup from web attacks go to

About the essayist: Dawid Czarnecki is the CEO of Zigrin Security.  As has served as a senior penetration tester at NATO Cyber Security Centre and holds numerous cybersecurity certifications, including OSCP, GIAC Certified Incident Handler, and GIAC Certified Web Application Defender (GWEB.) He is also a member of the GIAC Advisory Board. 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone