Europe, Middle East and Africa (EMEA)

Summary

EMEA continues to be beset by Basic Web Application Attacks, System Intrusion, and Social Engineering.

Frequency

5,379 incidents, 293 with confirmed data disclosure

Top Patterns

Basic Web Application Attacks, System Intrusion, and Social Engineering patterns represent 83% of breaches

Threat Actors

External (83%), Internal (18%) (breaches)

Actor Motives

Financial (89%), Espionage (8%), Fun (1%), Grudge (1%) (breaches)

Data compromised

Credentials (70%), Internal (52%), Personal (22%), Other (16%) (breaches)

EMEA is made up of Europe, the Middle East and Africa. For the second year in a row, Basic Web Application Attacks are the most commonly seen pattern in this region, accounting for approximately 54% of breaches. 

Sometimes these attacks are aimed at obtaining the data within the application itself, but in other cases it is simply a means to an end in order to perpetrate other forms of badness.

The System Intrusion, Social Engineering and Miscellaneous Errors patterns are all closely grouped for second place in this region (Figure 130). By far the most often breached data type in EMEA is Credentials, and this goes some way toward explaining the placement of the patterns. While in many cases we know that stolen Credentials were used, we do not always have visibility into how they were initially acquired. However, we do know that Social Engineering in the form of Phishing is very often the means attackers use to obtain them.

Regardless of how they originally got their grubby little hands on them, using stolen Credentials is the primary means by which the actor hacks into the organization, and in many cases, it is via a Web application.

Finally, 17% of actors in EMEA are Internal (most often system administrators), which explains the presence of Miscellaneous Errors in the top four patterns. In the majority of cases (67%), these are unintentional Misconfiguration errors.