A US network security firm released a data breach investigations report. It looks into cyber espionage and denial-of-service attacks, and features nine common incident patterns for most confirmed security incidents.
About 92 percent of the 100,000 security incidents analysed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry. Verizon’s “2014 Data Breach Investigations Report,” calls for a more focused and effective approach to cyber-threats.
Wade Baker, principal author of the Data Breach Investigations Report series, said: “After analysing ten years of data, we realise most organisations cannot keep up with cyber-crime – and the bad guys are winning. But by applying big data analytics to security risk management, we can begin to bend the curve and combat cyber-crime more effectively and strategically. Organisations need to realise no one is immune from a data breach. Compounding this issue is the fact that it is taking longer to identify compromises within an organisation – often weeks or months, while penetrating an organisation can take minutes or hours.”
The report identifies those nine threat patterns as: miscellaneous errors such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; Web app attacks; denial of service attacks; cyber-espionage; point-of-sale intrusions; and payment card skimmers.
This year’s report found that on average, just three threat patterns cover 72 percent of the security incidents in any industry.
For example, in the financial services sector, 75 percent of the incidents come from web application attacks, distributed denial of service (DDoS) and card skimming, while 54 percent of all manufacturing attacks are attributed to cyber-espionage and DDoS. In the retail sector, the majority of attacks are tied to DDoS (33 percent) followed by point-of-sale intrusions (31 percent).
Findings in the report include:
Cyberespionage is up again in the 2014 report, representing a more than three-fold increase compared with the 2013 report, with 511 incidents. (This is partially due to a bigger dataset.) In addition, these attacks were found to be the most complex and diverse, with a long list of threat patterns. As it did last year, China still leads as the site of the most cyberespionage activity; but the other regions of the world are represented, including eastern Europe with more than 20 percent.
For the first time, the report examines distributed denial of service attacks, which are attacks intended to compromise the availability of networks and systems so that, for example, a website is rendered useless. They are common to the financial services, retail, professional, information and public sector industries. The report points out that DDoS attacks have grown stronger year-over-year for the past three years.
The use of stolen and/or misused credentials (user name/passwords) continues to be the main way to gain access to information. Two out of three breaches exploit weak or stolen passwords, making a case for strong two-factor authentication.
Retail point-of-sale (POS) attacks continue to fall, as since 2011. Industries commonly hit by POS intrusions are restaurants, hotels, grocery stores and other brick-and-mortar retailers, where intruders seek to capture payment card data. While POS breaches have been in the headlines, they are not indicative of the actual picture of cybercrime, according to the researchers.
While external attacks still outweigh insider attacks, insider attacks are up, especially with regard to stolen intellectual property. The report points out that 85 percent of insider and privilege-abuse attacks used the corporate LAN, and 22 percent took advantage of physical access.
Visit: http://newscenter.verizon.com/corporate/news-articles/2014/04-23-data-breach-investigations-report/#sthash.unjYM6qz.dpuf
Comment
Lancope’s director of security research, Tom Cross, said: “The Verizon DBIR paints a picture of how point-of-sale attacks have evolved. POS Terminals that are directly connected to the open internet by small businesses represent low hanging fruit that is incredibly easy to pluck. In the past year we know that POS malware was used in much more sophisticated attacks against larger, better defended retail establishments. This process mirrors what we expect to see with other kinds of embedded systems associated with the Internet of Things. If there is a business model associated with attacking devices, it will be pursued, and it will first impact systems that are easy to compromise. If those attacks prove lucrative, we’ll see them replicated in increasingly sophisticated attacks that get at devices that are more heavily defended. What drives all of this activity is the opportunity to make money.
“I think Verizon’s security recommendations are particularly noteworthy, because they are rooted in a wealth of knowledge about how organizations get compromised. Many of these recommendations might seem like table stakes – update your anti-virus, patch your systems, use good passwords or two-factor authentication – but you’d be amazed at how many organizations fail to execute on these basic steps. The report also highlights approaches that are on the leading edge of what IT shops are doing, and probably deserve to be adopted more broadly, including threat indicator feeds, network behavioral anomaly detection, and monitoring of internal networks for lateral movement by sophisticated adversaries and malicious insiders. My favorite recommendation in the report is the suggestion that organizations should adopt unappealing technology in order to deter theft. It reminds me of a scene in one of William Gibson’s novels in which someone is applying spray-on rust to a brand new bicycle in order to make it look unattractive to thieves. Sometimes, having the latest tech gadgets can make you a target, and its all the more troublesome if you happened to have loaded a bunch of sensitive information onto that gadget right before it grew legs.”
And Tim Erlin, director of security and risk at Tripwire, said: “The most important breach isn’t the one with the headlines or biggest economic impact. The most important breach is the one that affects you. The Verizon report should remind all of us that, while big breaches make great news events, the frequency of smaller breaches has a large aggregate impact, and directly affects many individuals.
Spying is nothing new and we shouldn’t be surprised that the political entities around the world are expanding their intelligence arsenals with modern capabilities. It’s likely that the data from the Verizon report is a trailing indicator of the increasing cyber-espionage capabilities around the world.”
