Vulnerabilities / Threats
06:33 PM
Connect Directly

Data Loss Plummets, Verizon Report Finds

It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.

The real world of cybercrime is very different than the virtual landscape described by security vendors, insists Bryan Sartin, director of investigative response for Verizon Business.

Verizon Business on Tuesday plans to issue its 2011 Data Breach Investigations Report, which covers almost 800 cases from 2010 and includes incidents investigated by the U.S. Secret Service and the Dutch National High-Tech Crime Unit.

The report finds the lowest level of data loss in 25 years, even as it covers the highest number of cases ever, almost as many in 2010 as the 900 covered in the years from 2004 through 2009. This at a time when the hacking hype is intense.

Verizon reported 361 million compromised records in 2008, 144 million in 2009, and a mere 4 million in 2010.

"The FUD is out of control," said Sartin in a phone interview. FUD, short for fear, uncertainty, and doubt, is what the security business sells, suggests Sartin, who dismissed industry jargon like "advanced persistent threat" as a way to drive sales of security products and services.

"People find a rudimentary virus and they think the Chinese are out to get the Colonel's secret recipe," quipped Sartin.

Supporting that view is the report's finding that 92% of the attacks investigated were deemed to be "not highly difficult."

Sartin suggests it has become chic for security professionals to blame computer crime on some sophisticated national espionage effort from China rather than face more prosaic possibilities. "You don't want to blame it on a 17-year-old from Belarus," he said.

What happened to produce such a remarkable drop in compromised records? Try market saturation. Thanks to the massive amount of credit card data stolen in recent years, there's been a huge decline in the value of consumer records, said Sartin, who noted that the price may rise again once the accounts stolen in 2008 expire. There's simply far too much stolen data for the criminals to use at the moment.

Then there's the fact that a substantial number of the 250 or so really capable criminal hackers, at least those known to authorities like Albert Gonzalez, have been caught.

"At the end of the day, what we're left with is not the organized criminal, but the disorganized criminal," said Sartin.

"Hacking into companies leaves a footprint and that leads to arrest and prosecution," said Sartin, who credited increased corporate network monitoring and log data retention with providing the "blood trail" necessary to conduct successful forensic investigations. It used to be, he said, that companies would take 120 days to bring in investigators and reveal that they only kept the last 100 days of log files.

As a result, those who are still committed to criminal hacking are focusing on smaller prey. They're hunting for rabbits rather than elephants as Sartin puts it.

That means more investigations of smaller crimes, up to a point. Sartin says a lot of the less significant hacking attacks don't get pursued and those doing the hacking rely on this to avoid getting caught.

Hackers today are looking for proprietary company data, particularly user IDs and passwords that provide access to government agencies, according to Sartin.

Among Verizon's more interesting findings: 92% of breaches came from external agents, a 22% increase from the previous year, while 17% implicated insiders, down 31% from the previous year; 50% of breaches involved hacking, 49% involved malware, and 29% had a physical component (ATM and gas pump credit card skimmers commonly).

Verizon's report also notes the operating systems of compromised assets, trusting that readers will refrain from misusing the data in the "OS holy wars." Windows is the most common commercial operating system. So it's perhaps no surprise that Windows was running on 85% of compromised assets, followed by Linux (10%), Unix (4%), Mac OS X (1%), and mainframe (less than 1%). Worth noting is that point-of-sale servers, which often run Windows, are by far the most commonly compromised asset in the Verizon data set (36%)

The report acknowledges that while there's significant interest in mobile security from Verizon's clients, no smartphone or tablet was the source of a data breach in 2010.

However, Sartin expects that will change. "In two years, more data will be stolen from mobile devices than from servers and applications," he predicted.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.