Nearly 70% of cyber attacks target secondary victims, and not the owners of the hacked website, according to the 2015 Data Breach Investigations Report, an annual report by telecommunications company Verizon.
The attackers hack websites then serve up malware to visitors, expecting that their true target will become infected.
Hackers have no real interest in the owner of the website other than using him to further the real attack, adding complexity to a breach, according to the document.
Most of the attacks originated from opportunistically compromised servers used to participate in denial-of service (DoS) attacks, host malware or be repurposed for a phishing site, not from espionage campaigns.
â€œDespite all the awareness and training around security, 23% of all recipients of phishing scams still openâ€ such emails, and 11% click on the attachments, said Bryan Sartin, managing director for Verizonâ€™s RISK team, which investigates breaches, according to Wall Street Journalâ€™s Blog. The report says that it only takes minutes for an attacker to bypass a companyâ€™s perimeter defenses, once a successful phishing attempt has been registered.
The report analyzes more than 2,100 confirmed data breaches and approximately 80,000 reported security incidents. It addresses more than 8,000 breaches and nearly 195,000 security incidents that have occurred over more than 10 years.