Vulnerabilities / Threats

06:33 PM
Connect Directly

Data Loss Plummets, Verizon Report Finds

It's getting harder to get away with hacking big companies and data thieves are looking for easier prey.

The real world of cybercrime is very different than the virtual landscape described by security vendors, insists Bryan Sartin, director of investigative response for Verizon Business.

Verizon Business on Tuesday plans to issue its 2011 Data Breach Investigations Report, which covers almost 800 cases from 2010 and includes incidents investigated by the U.S. Secret Service and the Dutch National High-Tech Crime Unit.

The report finds the lowest level of data loss in 25 years, even as it covers the highest number of cases ever, almost as many in 2010 as the 900 covered in the years from 2004 through 2009. This at a time when the hacking hype is intense.

Verizon reported 361 million compromised records in 2008, 144 million in 2009, and a mere 4 million in 2010.

"The FUD is out of control," said Sartin in a phone interview. FUD, short for fear, uncertainty, and doubt, is what the security business sells, suggests Sartin, who dismissed industry jargon like "advanced persistent threat" as a way to drive sales of security products and services.

"People find a rudimentary virus and they think the Chinese are out to get the Colonel's secret recipe," quipped Sartin.

Supporting that view is the report's finding that 92% of the attacks investigated were deemed to be "not highly difficult."

Sartin suggests it has become chic for security professionals to blame computer crime on some sophisticated national espionage effort from China rather than face more prosaic possibilities. "You don't want to blame it on a 17-year-old from Belarus," he said.

What happened to produce such a remarkable drop in compromised records? Try market saturation. Thanks to the massive amount of credit card data stolen in recent years, there's been a huge decline in the value of consumer records, said Sartin, who noted that the price may rise again once the accounts stolen in 2008 expire. There's simply far too much stolen data for the criminals to use at the moment.

Then there's the fact that a substantial number of the 250 or so really capable criminal hackers, at least those known to authorities like Albert Gonzalez, have been caught.

"At the end of the day, what we're left with is not the organized criminal, but the disorganized criminal," said Sartin.

"Hacking into companies leaves a footprint and that leads to arrest and prosecution," said Sartin, who credited increased corporate network monitoring and log data retention with providing the "blood trail" necessary to conduct successful forensic investigations. It used to be, he said, that companies would take 120 days to bring in investigators and reveal that they only kept the last 100 days of log files.

As a result, those who are still committed to criminal hacking are focusing on smaller prey. They're hunting for rabbits rather than elephants as Sartin puts it.

That means more investigations of smaller crimes, up to a point. Sartin says a lot of the less significant hacking attacks don't get pursued and those doing the hacking rely on this to avoid getting caught.

Hackers today are looking for proprietary company data, particularly user IDs and passwords that provide access to government agencies, according to Sartin.

Among Verizon's more interesting findings: 92% of breaches came from external agents, a 22% increase from the previous year, while 17% implicated insiders, down 31% from the previous year; 50% of breaches involved hacking, 49% involved malware, and 29% had a physical component (ATM and gas pump credit card skimmers commonly).

Verizon's report also notes the operating systems of compromised assets, trusting that readers will refrain from misusing the data in the "OS holy wars." Windows is the most common commercial operating system. So it's perhaps no surprise that Windows was running on 85% of compromised assets, followed by Linux (10%), Unix (4%), Mac OS X (1%), and mainframe (less than 1%). Worth noting is that point-of-sale servers, which often run Windows, are by far the most commonly compromised asset in the Verizon data set (36%)

The report acknowledges that while there's significant interest in mobile security from Verizon's clients, no smartphone or tablet was the source of a data breach in 2010.

However, Sartin expects that will change. "In two years, more data will be stolen from mobile devices than from servers and applications," he predicted.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.