Vulnerabilities / Threats
06:33 PM
Connect Directly

Data Loss Plummets, Verizon Report Finds

It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.

The real world of cybercrime is very different than the virtual landscape described by security vendors, insists Bryan Sartin, director of investigative response for Verizon Business.

Verizon Business on Tuesday plans to issue its 2011 Data Breach Investigations Report, which covers almost 800 cases from 2010 and includes incidents investigated by the U.S. Secret Service and the Dutch National High-Tech Crime Unit.

The report finds the lowest level of data loss in 25 years, even as it covers the highest number of cases ever, almost as many in 2010 as the 900 covered in the years from 2004 through 2009. This at a time when the hacking hype is intense.

Verizon reported 361 million compromised records in 2008, 144 million in 2009, and a mere 4 million in 2010.

"The FUD is out of control," said Sartin in a phone interview. FUD, short for fear, uncertainty, and doubt, is what the security business sells, suggests Sartin, who dismissed industry jargon like "advanced persistent threat" as a way to drive sales of security products and services.

"People find a rudimentary virus and they think the Chinese are out to get the Colonel's secret recipe," quipped Sartin.

Supporting that view is the report's finding that 92% of the attacks investigated were deemed to be "not highly difficult."

Sartin suggests it has become chic for security professionals to blame computer crime on some sophisticated national espionage effort from China rather than face more prosaic possibilities. "You don't want to blame it on a 17-year-old from Belarus," he said.

What happened to produce such a remarkable drop in compromised records? Try market saturation. Thanks to the massive amount of credit card data stolen in recent years, there's been a huge decline in the value of consumer records, said Sartin, who noted that the price may rise again once the accounts stolen in 2008 expire. There's simply far too much stolen data for the criminals to use at the moment.

Then there's the fact that a substantial number of the 250 or so really capable criminal hackers, at least those known to authorities like Albert Gonzalez, have been caught.

"At the end of the day, what we're left with is not the organized criminal, but the disorganized criminal," said Sartin.

"Hacking into companies leaves a footprint and that leads to arrest and prosecution," said Sartin, who credited increased corporate network monitoring and log data retention with providing the "blood trail" necessary to conduct successful forensic investigations. It used to be, he said, that companies would take 120 days to bring in investigators and reveal that they only kept the last 100 days of log files.

As a result, those who are still committed to criminal hacking are focusing on smaller prey. They're hunting for rabbits rather than elephants as Sartin puts it.

That means more investigations of smaller crimes, up to a point. Sartin says a lot of the less significant hacking attacks don't get pursued and those doing the hacking rely on this to avoid getting caught.

Hackers today are looking for proprietary company data, particularly user IDs and passwords that provide access to government agencies, according to Sartin.

Among Verizon's more interesting findings: 92% of breaches came from external agents, a 22% increase from the previous year, while 17% implicated insiders, down 31% from the previous year; 50% of breaches involved hacking, 49% involved malware, and 29% had a physical component (ATM and gas pump credit card skimmers commonly).

Verizon's report also notes the operating systems of compromised assets, trusting that readers will refrain from misusing the data in the "OS holy wars." Windows is the most common commercial operating system. So it's perhaps no surprise that Windows was running on 85% of compromised assets, followed by Linux (10%), Unix (4%), Mac OS X (1%), and mainframe (less than 1%). Worth noting is that point-of-sale servers, which often run Windows, are by far the most commonly compromised asset in the Verizon data set (36%)

The report acknowledges that while there's significant interest in mobile security from Verizon's clients, no smartphone or tablet was the source of a data breach in 2010.

However, Sartin expects that will change. "In two years, more data will be stolen from mobile devices than from servers and applications," he predicted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-12-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2062. Reason: This candidate is a reservation duplicate of CVE-2010-2062. Notes: All CVE users should reference CVE-2010-2062 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

Published: 2014-12-26
Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.

Published: 2014-12-26
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.

Published: 2014-12-26
The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format...

Published: 2014-12-26
The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.