Vulnerabilities / Threats
4/18/2011
06:33 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Data Loss Plummets, Verizon Report Finds

It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.

The real world of cybercrime is very different than the virtual landscape described by security vendors, insists Bryan Sartin, director of investigative response for Verizon Business.

Verizon Business on Tuesday plans to issue its 2011 Data Breach Investigations Report, which covers almost 800 cases from 2010 and includes incidents investigated by the U.S. Secret Service and the Dutch National High-Tech Crime Unit.

The report finds the lowest level of data loss in 25 years, even as it covers the highest number of cases ever, almost as many in 2010 as the 900 covered in the years from 2004 through 2009. This at a time when the hacking hype is intense.

Verizon reported 361 million compromised records in 2008, 144 million in 2009, and a mere 4 million in 2010.

"The FUD is out of control," said Sartin in a phone interview. FUD, short for fear, uncertainty, and doubt, is what the security business sells, suggests Sartin, who dismissed industry jargon like "advanced persistent threat" as a way to drive sales of security products and services.

"People find a rudimentary virus and they think the Chinese are out to get the Colonel's secret recipe," quipped Sartin.

Supporting that view is the report's finding that 92% of the attacks investigated were deemed to be "not highly difficult."

Sartin suggests it has become chic for security professionals to blame computer crime on some sophisticated national espionage effort from China rather than face more prosaic possibilities. "You don't want to blame it on a 17-year-old from Belarus," he said.

What happened to produce such a remarkable drop in compromised records? Try market saturation. Thanks to the massive amount of credit card data stolen in recent years, there's been a huge decline in the value of consumer records, said Sartin, who noted that the price may rise again once the accounts stolen in 2008 expire. There's simply far too much stolen data for the criminals to use at the moment.

Then there's the fact that a substantial number of the 250 or so really capable criminal hackers, at least those known to authorities like Albert Gonzalez, have been caught.

"At the end of the day, what we're left with is not the organized criminal, but the disorganized criminal," said Sartin.

"Hacking into companies leaves a footprint and that leads to arrest and prosecution," said Sartin, who credited increased corporate network monitoring and log data retention with providing the "blood trail" necessary to conduct successful forensic investigations. It used to be, he said, that companies would take 120 days to bring in investigators and reveal that they only kept the last 100 days of log files.

As a result, those who are still committed to criminal hacking are focusing on smaller prey. They're hunting for rabbits rather than elephants as Sartin puts it.

That means more investigations of smaller crimes, up to a point. Sartin says a lot of the less significant hacking attacks don't get pursued and those doing the hacking rely on this to avoid getting caught.

Hackers today are looking for proprietary company data, particularly user IDs and passwords that provide access to government agencies, according to Sartin.

Among Verizon's more interesting findings: 92% of breaches came from external agents, a 22% increase from the previous year, while 17% implicated insiders, down 31% from the previous year; 50% of breaches involved hacking, 49% involved malware, and 29% had a physical component (ATM and gas pump credit card skimmers commonly).

Verizon's report also notes the operating systems of compromised assets, trusting that readers will refrain from misusing the data in the "OS holy wars." Windows is the most common commercial operating system. So it's perhaps no surprise that Windows was running on 85% of compromised assets, followed by Linux (10%), Unix (4%), Mac OS X (1%), and mainframe (less than 1%). Worth noting is that point-of-sale servers, which often run Windows, are by far the most commonly compromised asset in the Verizon data set (36%)

The report acknowledges that while there's significant interest in mobile security from Verizon's clients, no smartphone or tablet was the source of a data breach in 2010.

However, Sartin expects that will change. "In two years, more data will be stolen from mobile devices than from servers and applications," he predicted.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.