Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/22/2013
04:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

No 'One Size Fits All' In Data Breaches, New Verizon Report Finds

Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches

If there's one big theme of the just-released Verizon Data Breach Investigations Report (DBIR), it's demographics: All sizes of organizations are getting hacked, and different industries are getting hit for different reasons and with different attack methods.

"We shouldn't have a one-size-fits-all approach," Jay Jacobs, senior analyst for the Verizon RISK Team, says is one of the biggest takeaways from this year's report, which was the biggest one yet in terms of data and sources. "There's a big difference between [attacks hitting] a retailer and financial institutions versus manufacturers or consultants."

The report -- which draws from 621 confirmed data breaches, 47,000 reported security incidents, and 44 million compromised records worldwide in 2012 from Verizon as well as the US Computer Emergency Response Team and other national CERTs, the U.S. Secret Service, and law enforcement agencies in Europe -- shows that 75 percent of all breaches last year were the result of financially motivated cyberattacks, while 20 percent were cyberespionage for stealing intellectual property or other information for competitive purposes. Hacktivism remained steady, but with more distributed denial-of-service (DDoS) attacks than "doxing" or other forms or data theft.

Outsiders again reigned as the top attackers, making up 92 percent of the attackers that hit organizations last year. Next were state-sponsored attackers -- the majority from China -- with 19 percent of the attacks, and 14 percent were executed by insiders. Financial firms were hit the most, with 37 percent of last year's breaches, followed by retailers and restaurants, 24 percent; manufacturing, transportation, and utilities, 20 percent; and information services and professional services, 20 percent.

Nearly 40 percent of all attacks hit large organizations, but smaller organizations represented a large number of breached organizations when it came to cyberespionage-type attacks: Some 22 of the organizations suffering cyberespionage last year were firms with only one to 100 employees, mainly in manufacturing and professional services, and 23 firms with 101 to 1,000 employees, mainly in manufacturing. Firms with 1,001 to 10,000 employees accounted for 36 of the cyberespionage attacks.

"That size variable was a surprise to me," Jacobs says. "We saw an even split [overall] between large and small organizations ... The best theory we could come up with was that in a lot of the main industries here -- manufacturing and professionals services like consultants, programming or engineering -- there's a lot of intelligence-gathering in their relationships. So attackers may go after a small manufacturing company because they manufacture something on behalf of a bigger company. So they generate this intellectual property."

[Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data show. See Small Businesses Now Bigger Targets In Cyberattacks.]

Other key findings were that organizations typically don't discover that they've been breached for months and even years after the fact, and nearly 70 percent of them learn from a third party. And when it comes to cyberespionage attacks, 96 percent of them were attributed to attackers in China, while the majority of financially motivated breaches came from attackers in the U.S. or Eastern Europe. Romania was No. 1 there, with 28 percent of the attacks.

Origin of External Actors: Top 10

Source: 2013 Verizon Data Breach Investigations Report (DBIR)

And even amid growing concerns about mobile security and the bring-your-own device explosion, mobile wasn't a factor in the breaches last year, according to Verizon's report. "We're just not seeing [mobile] yet," Verizon's Jacobs says. "It's either because it's not holding data, or there's an easier path to the data ... But that may change as it becomes more ubiquitous and standardized."

A combination of methods contributed to attackers hitting their marks, but hacking (52 percent) was the most common technique, followed by malware (40 percent); physical, such as ATM skimmers (35 percent); social (29 percent); misuse (13 percent); and user mistakes (2 percent).

Meanwhile, the report highlights just how crucial demographics are to unraveling data breach incidents. Different industries are more prone to specific threats than others, for instance, and also face different types of attack methods. Smaller firms also face different attack methods than larger ones. "We see a diverse set of tactics," Jacobs says.

Financial cybercrime actors typically hit smaller organizations by compromising weak passwords on an admin's account, for example, and gather their intel on this via automated scans looking for open ports and weak passwords to gain remote admin control. "With smaller targets, it's more of low-hanging fruit," Jacobs says. "With larger targets, we see a more diverse set of attacks."

With larger targets, phishing and malware are a popular combination, especially in cyberespionage, but that also is typical with targeted spying attacks on smaller firms. The bottom line is a one-size-fits-all approach to security is detrimental, according to Verizon. "Any attempt to enforce a one-size-fits-all approach to securing our assets may result in leaving some organizations underprotected from targeted attacks, while others potentially overspend on defending against simpler opportunistic attacks," the report says.

Overall, phishing tactics quadrupled in 2012, a jump Verizon attributes to the popularity of phishing in targeted cyberespionage campaigns.

Organized crime syndicates mostly out of Eastern Europe and North America typically target the finance, retail, and food industries for payment cards, credentials, and bank information, while state-sponsored attackers mostly out of China go after manufacturing, professional, and transportation firms for credentials, organizations, data, trade secrets, and system information, the report says.

Hacktivists, mostly from North America and Western Europe, target information, public, and other services, mainly for credentials, personal information, and internal organization data, Verizon says.

"The bottom line is that unfortunately, no organization is immune to a data breach in this day and age," said Wade Baker, principal author of the DBIR reports. "We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way. In other words, understand your adversary -- know their motives and methods, and prepare your defenses accordingly and always keep your guard up."

The full Verizon 2013 DBIR is available here (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
John Jameson
50%
50%
John Jameson,
User Rank: Apprentice
4/23/2013 | 7:50:09 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
That link is to the 2012 report. The 2013 report is here-http://www.verizonenterprise.c...
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
4/23/2013 | 11:38:00 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
Good catch, John! The URL in Verizon's release on the report was incorrect--updating my article now with the link to the latest report. Thank you.

Kelly Jackson Higgins, Senior Editor, Dark Reading
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/29/2013 | 5:43:59 PM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
I donGt think that it
is so much the size of the organizations as it is the ease of access into these
systems. Financial gains and corporate espionage
make up the top 2 on the list, and those factors do not care about the size or
demographic of your company. The chart really puts it into perspective for the reader.
Now take for example the governments in these countries and it also makes sense
as to high number of corporate espionage that is taking place in that county.
With the growing number of mobile devices and technology in the mobile field
constantly expanding the attacks and the vulnerabilities are sure to be on the
rise just as quickly as the industry.

Paul Sprague

InformationWeek Contributor
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...