Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/22/2013
04:18 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

No 'One Size Fits All' In Data Breaches, New Verizon Report Finds

Verizon Data Breach Investigations Report 2013 says financial cybercrime accounting for three-fourths of real-world breaches, followed by cyberespionage in one-fifth of breaches

If there's one big theme of the just-released Verizon Data Breach Investigations Report (DBIR), it's demographics: All sizes of organizations are getting hacked, and different industries are getting hit for different reasons and with different attack methods.

"We shouldn't have a one-size-fits-all approach," Jay Jacobs, senior analyst for the Verizon RISK Team, says is one of the biggest takeaways from this year's report, which was the biggest one yet in terms of data and sources. "There's a big difference between [attacks hitting] a retailer and financial institutions versus manufacturers or consultants."

The report -- which draws from 621 confirmed data breaches, 47,000 reported security incidents, and 44 million compromised records worldwide in 2012 from Verizon as well as the US Computer Emergency Response Team and other national CERTs, the U.S. Secret Service, and law enforcement agencies in Europe -- shows that 75 percent of all breaches last year were the result of financially motivated cyberattacks, while 20 percent were cyberespionage for stealing intellectual property or other information for competitive purposes. Hacktivism remained steady, but with more distributed denial-of-service (DDoS) attacks than "doxing" or other forms or data theft.

Outsiders again reigned as the top attackers, making up 92 percent of the attackers that hit organizations last year. Next were state-sponsored attackers -- the majority from China -- with 19 percent of the attacks, and 14 percent were executed by insiders. Financial firms were hit the most, with 37 percent of last year's breaches, followed by retailers and restaurants, 24 percent; manufacturing, transportation, and utilities, 20 percent; and information services and professional services, 20 percent.

Nearly 40 percent of all attacks hit large organizations, but smaller organizations represented a large number of breached organizations when it came to cyberespionage-type attacks: Some 22 of the organizations suffering cyberespionage last year were firms with only one to 100 employees, mainly in manufacturing and professional services, and 23 firms with 101 to 1,000 employees, mainly in manufacturing. Firms with 1,001 to 10,000 employees accounted for 36 of the cyberespionage attacks.

"That size variable was a surprise to me," Jacobs says. "We saw an even split [overall] between large and small organizations ... The best theory we could come up with was that in a lot of the main industries here -- manufacturing and professionals services like consultants, programming or engineering -- there's a lot of intelligence-gathering in their relationships. So attackers may go after a small manufacturing company because they manufacture something on behalf of a bigger company. So they generate this intellectual property."

[Half of all targeted attacks last year hit companies with less than 2,500 employees, and overall, targeted cyberattacks jumped 42 percent in 2012, new Symantec data show. See Small Businesses Now Bigger Targets In Cyberattacks.]

Other key findings were that organizations typically don't discover that they've been breached for months and even years after the fact, and nearly 70 percent of them learn from a third party. And when it comes to cyberespionage attacks, 96 percent of them were attributed to attackers in China, while the majority of financially motivated breaches came from attackers in the U.S. or Eastern Europe. Romania was No. 1 there, with 28 percent of the attacks.

Origin of External Actors: Top 10

Source: 2013 Verizon Data Breach Investigations Report (DBIR)

And even amid growing concerns about mobile security and the bring-your-own device explosion, mobile wasn't a factor in the breaches last year, according to Verizon's report. "We're just not seeing [mobile] yet," Verizon's Jacobs says. "It's either because it's not holding data, or there's an easier path to the data ... But that may change as it becomes more ubiquitous and standardized."

A combination of methods contributed to attackers hitting their marks, but hacking (52 percent) was the most common technique, followed by malware (40 percent); physical, such as ATM skimmers (35 percent); social (29 percent); misuse (13 percent); and user mistakes (2 percent).

Meanwhile, the report highlights just how crucial demographics are to unraveling data breach incidents. Different industries are more prone to specific threats than others, for instance, and also face different types of attack methods. Smaller firms also face different attack methods than larger ones. "We see a diverse set of tactics," Jacobs says.

Financial cybercrime actors typically hit smaller organizations by compromising weak passwords on an admin's account, for example, and gather their intel on this via automated scans looking for open ports and weak passwords to gain remote admin control. "With smaller targets, it's more of low-hanging fruit," Jacobs says. "With larger targets, we see a more diverse set of attacks."

With larger targets, phishing and malware are a popular combination, especially in cyberespionage, but that also is typical with targeted spying attacks on smaller firms. The bottom line is a one-size-fits-all approach to security is detrimental, according to Verizon. "Any attempt to enforce a one-size-fits-all approach to securing our assets may result in leaving some organizations underprotected from targeted attacks, while others potentially overspend on defending against simpler opportunistic attacks," the report says.

Overall, phishing tactics quadrupled in 2012, a jump Verizon attributes to the popularity of phishing in targeted cyberespionage campaigns.

Organized crime syndicates mostly out of Eastern Europe and North America typically target the finance, retail, and food industries for payment cards, credentials, and bank information, while state-sponsored attackers mostly out of China go after manufacturing, professional, and transportation firms for credentials, organizations, data, trade secrets, and system information, the report says.

Hacktivists, mostly from North America and Western Europe, target information, public, and other services, mainly for credentials, personal information, and internal organization data, Verizon says.

"The bottom line is that unfortunately, no organization is immune to a data breach in this day and age," said Wade Baker, principal author of the DBIR reports. "We have the tools today to combat cybercrime, but it's really all about selecting the right ones and using them in the right way. In other words, understand your adversary -- know their motives and methods, and prepare your defenses accordingly and always keep your guard up."

The full Verizon 2013 DBIR is available here (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
John Jameson
50%
50%
John Jameson,
User Rank: Apprentice
4/23/2013 | 7:50:09 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
That link is to the 2012 report. The 2013 report is here-http://www.verizonenterprise.c...
kjhiggins
50%
50%
kjhiggins,
User Rank: Strategist
4/23/2013 | 11:38:00 AM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
Good catch, John! The URL in Verizon's release on the report was incorrect--updating my article now with the link to the latest report. Thank you.

Kelly Jackson Higgins, Senior Editor, Dark Reading
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/29/2013 | 5:43:59 PM
re: No 'One Size Fits All' In Data Breaches, New Verizon Report Finds
I donGt think that it
is so much the size of the organizations as it is the ease of access into these
systems. Financial gains and corporate espionage
make up the top 2 on the list, and those factors do not care about the size or
demographic of your company. The chart really puts it into perspective for the reader.
Now take for example the governments in these countries and it also makes sense
as to high number of corporate espionage that is taking place in that county.
With the growing number of mobile devices and technology in the mobile field
constantly expanding the attacks and the vulnerabilities are sure to be on the
rise just as quickly as the industry.

Paul Sprague

InformationWeek Contributor
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...