Attacks/Breaches

5/22/2013
06:22 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

The Eight Most Common Causes Of Data Breaches

Why do bad breaches happen to good companies? Here's a look at the most frequent causes

[The following is excerpted from "The 8 Most Common Causes of Data Breaches -- And How You Can Prevent Them," a new report published this week on Dark Reading's Attacks and Breaches Tech Center.]

Data breaches have dominated headlines recently. Whether it's nation-state spies intent on stealing information, cyber pranksters and hacktivists looking for attention, or cybercriminals out to make a buck, there are plenty of adversaries intent on breaking into networks and databases and carrying away whatever pieces of information they can grab.

"And from pubs to public agencies, mom-and-pops to multinationals, nobody was immune," the Verizon RISK Team writes in its "2013 Data Breach Investigations Report."

Verizon investigators analyzed information from 621 data breaches and more than 47,000 security incidents in 2012 that the company or one of its 19 partner organizations had investigated on the behalf of customers.

Motives for the data breaches are diverse. Hacktivists and those looking to make some money generally go after the low- hanging fruit -- the insecure systems in the enterprise -- to carry out their plans. Organized crime may be a bit more willing to spend the time going after better-protected systems in hopes of a bigger payoff. Then there are those targeting a specific individual or organization -- these adversaries are stealthy and persistent enough to slowly chip away at defenses until they get what they are looking for.

Even as the list of victims gets longer, it's increasingly clear that some of these breaches could have been prevented. Of the breaches included in the report, 78% had initial intrusions Verizon's investigators rated as "low difficulty."

Many of these attacks could have been prevented by adopting security controls, switching authentication schemes and adopting best practices, Verizon suggested.

While Verizon investigators cautioned against trying to treat all the breaches in the same way, they identified several ways in which organizations have been compromised. Understanding these categories can help organizations figure out how best to boost their defenses.

Several of the most common attack methods in the report fall into two broad categories: hacking and malware. The report identifies hacking as the most common method, at 52%, followed by malware, at 40%, and physical attacks -- such as adding skimming hardware on ATMs -- at 35%. Social engineering is also a serious problem, at 29%. "Misuse," which includes activities such as privilege abuse and using unapproved hardware and correlated strongly with insider attacks, was observed in 13% of the breaches. User error rounded out the list with 2%.

"Treating our adversaries as random and unpredictable is counterproductive. We may be able to reduce the majority of attacks by focusing on a handful of attack patterns," Verizon researchers write in the report. Following are eight ways that enterprise systems and data are being targeted.

1. Weak And Stolen Credentials, a.k.a. Passwords
Hacking remains the single biggest cause of attacks don't depend on finding vulnerabilities in the application or network protocol to tunnel through. For years, experts have warned about the risks of relying on weak credentials to restrict who has access to the data, and this is still a problem.

About 76% of network intrusions involved weak credentials, according to Verizon's data breach report. Authentication-based attacks, which includes guessing passwords, cracking using specific tools or trying out passwords from other sites on the target system, factored into about four of every five breaches that was classified as a hacking incident in 2012, Verizon says.

Stolen passwords played a role in 48% of the data breaches that involved hacking, Verizon found. This could have been accomplished by using stolen password lists from previous data breaches, keylogging malware or phishing attacks.

If that number isn't eye-popping enough, Verizon estimated that 80% of data breaches would have been stopped or forced to change tactics if a "suitable replacement" (such as multifactor authentication) to passwords had been used.

2. Back Doors, Application Vulnerabilities
Considering that Verizon's system identifies more than 40 types of hacking, the fact that nearly all the hacking activity was accounted for by five methods is "remarkable," the researchers wrote. Along with use of stolen credentials and brute-force methods, both of which deal with the issue of weak credentials, other common hacking actions include the use of back doors (44%) and SQL injection (8%). Exploiting buffer overflow vulnerabilities made the top 10 common hacking actions, but was observed in only 1% of the incidents.

"Security teams have to use tools that sift through tens or hundreds of thousands of vulnerabilities continuously, finding the most likely attack routes and the vulnerabilities that need to be blocked to prevent the breach," says Gidi Cohen, CEO and founder of Skybox Security.

Attacks exploiting vulnerabilities in Web applications increased from previous years but are no longer the leading attack vector among larger organizations, Verizon found.

To read about the other six most common causes of data breaches -- and what your organization can do about them -- download the full report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Free Tool Scans for Chrome Extension Safety
Dark Reading Staff 2/21/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9047
PUBLISHED: 2019-02-23
GoRose v1.0.4 has SQL Injection when the order_by or group_by parameter can be controlled.
CVE-2019-9062
PUBLISHED: 2019-02-23
PHP Scripts Mall Online Food Ordering Script 1.0 has Cross-Site Request Forgery (CSRF) in my-account.php.
CVE-2019-9063
PUBLISHED: 2019-02-23
PHP Scripts Mall Auction website script 2.0.4 allows parameter tampering of the payment amount.
CVE-2019-9064
PUBLISHED: 2019-02-23
PHP Scripts Mall Cab Booking Script 1.0.3 allows Directory Traversal into the parent directory of a jpg or png file.
CVE-2019-9065
PUBLISHED: 2019-02-23
PHP Scripts Mall Custom T-Shirt Ecommerce Script 3.1.1 allows parameter tampering of the payment amount.