Vulnerabilities / Threats
4/18/2011
06:33 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Data Loss Plummets, Verizon Report Finds

It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.

The real world of cybercrime is very different than the virtual landscape described by security vendors, insists Bryan Sartin, director of investigative response for Verizon Business.

Verizon Business on Tuesday plans to issue its 2011 Data Breach Investigations Report, which covers almost 800 cases from 2010 and includes incidents investigated by the U.S. Secret Service and the Dutch National High-Tech Crime Unit.

The report finds the lowest level of data loss in 25 years, even as it covers the highest number of cases ever, almost as many in 2010 as the 900 covered in the years from 2004 through 2009. This at a time when the hacking hype is intense.

Verizon reported 361 million compromised records in 2008, 144 million in 2009, and a mere 4 million in 2010.

"The FUD is out of control," said Sartin in a phone interview. FUD, short for fear, uncertainty, and doubt, is what the security business sells, suggests Sartin, who dismissed industry jargon like "advanced persistent threat" as a way to drive sales of security products and services.

"People find a rudimentary virus and they think the Chinese are out to get the Colonel's secret recipe," quipped Sartin.

Supporting that view is the report's finding that 92% of the attacks investigated were deemed to be "not highly difficult."

Sartin suggests it has become chic for security professionals to blame computer crime on some sophisticated national espionage effort from China rather than face more prosaic possibilities. "You don't want to blame it on a 17-year-old from Belarus," he said.

What happened to produce such a remarkable drop in compromised records? Try market saturation. Thanks to the massive amount of credit card data stolen in recent years, there's been a huge decline in the value of consumer records, said Sartin, who noted that the price may rise again once the accounts stolen in 2008 expire. There's simply far too much stolen data for the criminals to use at the moment.

Then there's the fact that a substantial number of the 250 or so really capable criminal hackers, at least those known to authorities like Albert Gonzalez, have been caught.

"At the end of the day, what we're left with is not the organized criminal, but the disorganized criminal," said Sartin.

"Hacking into companies leaves a footprint and that leads to arrest and prosecution," said Sartin, who credited increased corporate network monitoring and log data retention with providing the "blood trail" necessary to conduct successful forensic investigations. It used to be, he said, that companies would take 120 days to bring in investigators and reveal that they only kept the last 100 days of log files.

As a result, those who are still committed to criminal hacking are focusing on smaller prey. They're hunting for rabbits rather than elephants as Sartin puts it.

That means more investigations of smaller crimes, up to a point. Sartin says a lot of the less significant hacking attacks don't get pursued and those doing the hacking rely on this to avoid getting caught.

Hackers today are looking for proprietary company data, particularly user IDs and passwords that provide access to government agencies, according to Sartin.

Among Verizon's more interesting findings: 92% of breaches came from external agents, a 22% increase from the previous year, while 17% implicated insiders, down 31% from the previous year; 50% of breaches involved hacking, 49% involved malware, and 29% had a physical component (ATM and gas pump credit card skimmers commonly).

Verizon's report also notes the operating systems of compromised assets, trusting that readers will refrain from misusing the data in the "OS holy wars." Windows is the most common commercial operating system. So it's perhaps no surprise that Windows was running on 85% of compromised assets, followed by Linux (10%), Unix (4%), Mac OS X (1%), and mainframe (less than 1%). Worth noting is that point-of-sale servers, which often run Windows, are by far the most commonly compromised asset in the Verizon data set (36%)

The report acknowledges that while there's significant interest in mobile security from Verizon's clients, no smartphone or tablet was the source of a data breach in 2010.

However, Sartin expects that will change. "In two years, more data will be stolen from mobile devices than from servers and applications," he predicted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.