05:45 PM
George V. Hulme
George V. Hulme

Verizon Data Breach Report: Some Big Surprises

One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.

One of the most comprehensive data breach reports available found the number of breaches to have declined significantly last year, and significant changes in how attackers are infiltrating companies.For an overview of the report headlines, take a look at Thomas Claburn's story from this morning, Stolen Records, Data Prices Decline. Essentially, the market for stolen records has collapsed under its own weight: with roughly 143 million records breached last year compared to 285 million the year before.

One year's data does not make a trend change. And I've seen years past when data breaches and reported successful attacks took short term reprieves only to spike viciously upward again. And, perhaps it was the arrest of Alberto Gonzales (TJX and Heartland Payment Systems), coupled with supply of breached records far outstripping their demand that contributed to the year over year drop. The price for breached record ranged from $9 to $14 a few years ago to 20 cents or less today.

But it is good news nonetheless. However short-lived I expect it to be.

If criminals are not trying to grab as many financial and credit card data as years past because the market is literally flooded, what might many be targeting now? Well, in a market driven economy, even an underground economy, suppliers will shift to where demand is highest and availability is scarce. That could include medical records, as well as attacks on Fortune 500-sized companies for proprietary information to steal to direct competitors and producers of counterfeit goods.

That's why in the next few years I expect to see more data stolen that could be used for medical identity theft, as well as more attacks similar to those that surfaced early this year that targeted Google and other major software makers.

Another interesting takeaway from the report, within the hacking section, page 27, (Full report is available for download here.) is how wildly successful the use of stolen login credentials is. While constituting 38 percent of incidents in the report, 86 percent of all breached records were stolen this way. The two other most common attack methods where the exploitation of backdoor and/command and control channels established (such as with botnets).

The troubling thought with so many stolen credentials in play is how that suggests insiders are obtaining and selling logon information. That could be a challenging problem for businesses to solve as it may require the deployment of a another factor of authentication, such as smart card or biometric in addition to the username and password combination. Perhaps changing passwords more often could help.

However, the other two can be more readily managed. There's virtually no excuse for SQL Injection vulnerabilities to be present in modern day systems. None. It's a decade old problem, and developers know how to avoid them. Businesses just need to do a better job with the QA in their development process. And spotting botnet C&C traffic on your network can be done through standard monitoring.

But that's often the case with information security challenges, isn't it: businesses know what they should be doing to avoid trouble and just don't bother to do it until after there's been a nasty incident.

For my security and technology observations throughout the day, find me on Twitter.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-08
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Published: 2015-10-08
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privile...

Published: 2015-10-08
The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request, aka Bug ID CSCuw31632.

Published: 2015-10-08
Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236.

Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.