Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

5/22/2013
06:22 AM
Dark Reading
Dark Reading
Quick Hits
50%
50%

The Eight Most Common Causes Of Data Breaches

Why do bad breaches happen to good companies? Here's a look at the most frequent causes

[The following is excerpted from "The 8 Most Common Causes of Data Breaches -- And How You Can Prevent Them," a new report published this week on Dark Reading's Attacks and Breaches Tech Center.]

Data breaches have dominated headlines recently. Whether it's nation-state spies intent on stealing information, cyber pranksters and hacktivists looking for attention, or cybercriminals out to make a buck, there are plenty of adversaries intent on breaking into networks and databases and carrying away whatever pieces of information they can grab.

"And from pubs to public agencies, mom-and-pops to multinationals, nobody was immune," the Verizon RISK Team writes in its "2013 Data Breach Investigations Report."

Verizon investigators analyzed information from 621 data breaches and more than 47,000 security incidents in 2012 that the company or one of its 19 partner organizations had investigated on the behalf of customers.

Motives for the data breaches are diverse. Hacktivists and those looking to make some money generally go after the low- hanging fruit -- the insecure systems in the enterprise -- to carry out their plans. Organized crime may be a bit more willing to spend the time going after better-protected systems in hopes of a bigger payoff. Then there are those targeting a specific individual or organization -- these adversaries are stealthy and persistent enough to slowly chip away at defenses until they get what they are looking for.

Even as the list of victims gets longer, it's increasingly clear that some of these breaches could have been prevented. Of the breaches included in the report, 78% had initial intrusions Verizon's investigators rated as "low difficulty."

Many of these attacks could have been prevented by adopting security controls, switching authentication schemes and adopting best practices, Verizon suggested.

While Verizon investigators cautioned against trying to treat all the breaches in the same way, they identified several ways in which organizations have been compromised. Understanding these categories can help organizations figure out how best to boost their defenses.

Several of the most common attack methods in the report fall into two broad categories: hacking and malware. The report identifies hacking as the most common method, at 52%, followed by malware, at 40%, and physical attacks -- such as adding skimming hardware on ATMs -- at 35%. Social engineering is also a serious problem, at 29%. "Misuse," which includes activities such as privilege abuse and using unapproved hardware and correlated strongly with insider attacks, was observed in 13% of the breaches. User error rounded out the list with 2%.

"Treating our adversaries as random and unpredictable is counterproductive. We may be able to reduce the majority of attacks by focusing on a handful of attack patterns," Verizon researchers write in the report. Following are eight ways that enterprise systems and data are being targeted.

1. Weak And Stolen Credentials, a.k.a. Passwords
Hacking remains the single biggest cause of attacks don't depend on finding vulnerabilities in the application or network protocol to tunnel through. For years, experts have warned about the risks of relying on weak credentials to restrict who has access to the data, and this is still a problem.

About 76% of network intrusions involved weak credentials, according to Verizon's data breach report. Authentication-based attacks, which includes guessing passwords, cracking using specific tools or trying out passwords from other sites on the target system, factored into about four of every five breaches that was classified as a hacking incident in 2012, Verizon says.

Stolen passwords played a role in 48% of the data breaches that involved hacking, Verizon found. This could have been accomplished by using stolen password lists from previous data breaches, keylogging malware or phishing attacks.

If that number isn't eye-popping enough, Verizon estimated that 80% of data breaches would have been stopped or forced to change tactics if a "suitable replacement" (such as multifactor authentication) to passwords had been used.

2. Back Doors, Application Vulnerabilities
Considering that Verizon's system identifies more than 40 types of hacking, the fact that nearly all the hacking activity was accounted for by five methods is "remarkable," the researchers wrote. Along with use of stolen credentials and brute-force methods, both of which deal with the issue of weak credentials, other common hacking actions include the use of back doors (44%) and SQL injection (8%). Exploiting buffer overflow vulnerabilities made the top 10 common hacking actions, but was observed in only 1% of the incidents.

"Security teams have to use tools that sift through tens or hundreds of thousands of vulnerabilities continuously, finding the most likely attack routes and the vulnerabilities that need to be blocked to prevent the breach," says Gidi Cohen, CEO and founder of Skybox Security.

Attacks exploiting vulnerabilities in Web applications increased from previous years but are no longer the leading attack vector among larger organizations, Verizon found.

To read about the other six most common causes of data breaches -- and what your organization can do about them -- download the full report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0565
PUBLISHED: 2020-02-25
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2020-9393
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
CVE-2020-9394
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
CVE-2019-3999
PUBLISHED: 2020-02-25
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2020-8809
PUBLISHED: 2020-02-25
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker ...