Categories: SecurityWorkspace

RSA 2012: External Attacks Were The Most Common Breach Vector In 2011

Malware and hacking were the most commonly used attack vectors in data breaches during 2011, according to a sneak peek of the 2012 Data Breach Investigations Report from Verizon given this week to attendees at the RSA Conference in San Francisco.

Verizon released a preliminary version of its 2012 Data Breach Investigations Report (DBIR). It contains “a few snapshots” from the Verizon case-load that was analysed for the report. The full version of the report is expected to be released in the coming weeks.

‘Exciting’ year

The full DBIR will include information about more than 850 data breaches in 2011, according to Verizon. However, a little over 10 percent of the incidents were actually investigated by Verizon Risk (Research, Investigations, Solutions, Knowledge) team. Verizon complemented the information from those 90 incidents with data gathered from five law enforcement agencies it partnered with.

The agencies included the US Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police.

“One might consider this to be a tasty morsel to whet the appetite for the full report,” Verizon Risk researchers wrote in the report.

The year was “exciting”, with plenty of mini-breaches and mega-breaches to keep information security professionals awake at night, Verizon wrote. There was a little bit of everything, with hacktivism, cyber-espionage and organised crime wreaking havoc on enterprise and government systems around the world.

Retail, which included both online and traditional brick-and-mortar merchants, hospitality, and financial sectors suffered the most incidents in 2011, Verizon said. However, information and manufacturing industries lost the largest amount of data, measured in the number of records compromised, according to the preliminary report.

Financial gain appeared to still be the main motivation for cyber-attacks, according to the preliminary report. While organised crime was responsible for a majority of the incidents, but online protests, other forms of “hacktivism”, and disgruntled ex-employees also caused significant damage, according to the Verizon Risk team.

Increase in external attacks

External attacks continued to rise, as Verizon researchers found that 92 percent of attacks analysed were external in origin. This is a significant change from previous years. Between 2004 and 2007, 80 percent of the breaches involved outsiders.

Hacking and malware remain significant threats as these two attack methods played some role or other in nearly all, or 99 percent of all the incidents, according to the current report. These two methods are popular because they allow attackers remote access, automation, and an easy getaway, Verizon said. Social engineering techniques was also increasing in popularity, associated with over half of the breaches investigated, Verizon said.

However, Verizon warned against ignoring all other threats to focus on hacking and malware. The report’s finding just means that organisations should identify its weakness with respect to malware and hacking threats and prioritise related defences.

The most common servers breached in 2011 were point-of-sale servers, web and application servers, and database servers led the pack. Desktops, laptops, and point-of-sale terminals comprised the bulk of compromised end-user devices, Verizon said.

Payment cards information, personal identifying information, and authentication credentials were the most often compromised in 2011, but other types of sensitive organisational data, trade secrets and copyright information were also stolen, Verizon said.

Breach delay

Organisations are still taking a while to detect they have been compromised. While it takes attackers a very short time to breach the network and steal data, nearly 60 percent of the incidents were detected months or years after the fact, Verizon found.

“That’s a long time for customer data, intellectual property and other sensitive information to be at the disposal of criminals,” According to the report.

Two-thirds of the breaches were detected when an external third-party noticed the problem. However, Verizon found a “glimmer of good news”, as the number of breaches that were detected because the organisation was actively monitoring its logs have gone up since previous years.

Verizon’s report affirmed just how global the cyber-problem has gotten. Less than half of the data breaches reported originated in North America. The bulk of the breach reports were in Europe, the Middle East and Asia-Pacific, Verizon found.

How well do you know Internet security? Try our quiz and find out!

Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Share
Published by
Fahmida Y Rashid eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago