Web applications represented the most common attack vector at tech companies.
Sartin described one forensic investigation that involved a mining company. The company made large mining equipment, which it sold mainly to customers in Canada's Northwest Territories and in South Africa. The company made most of its money off the sale of spare parts rather than mining gear itself.
The company started to notice that generic versions of its parts were showing up on the black market in South Africa, Sartin explained. When company investigators obtained some of these unauthorized parts, they found that the tolerances were almost exactly the same as the authorized ones manufactured by the company.
"It became clear that someone had gotten into one of their CAD systems," Sartin said. "And sure enough they had an online CAD system that they'd made available to engineers in the field."
Further investigation revealed that someone had penetrated the system using a SQL injection attack. "Someone had stumbled onto the data and sold it," said Sartin, who added that the perpetrator has been arrested and prosecuted.
Sartin described another case he worked on involving a large shipping company that sent goods overseas on routes through Southeast Asia, from Singapore to Indonesia.
The company was having problems with pirates. Not college kids downloading copyrighted music, but armed robbers with boats. The company's container ships weren't armed and tried to defend themselves with water cannons, but weren't having much luck. Generally, the crews retreated and locked themselves in cabins for safety when boarded.
Despite the fact that the many containers on the ship looked alike, the pirates always seemed to know which ones had the most valuable, sellable goods in them. "Someone had access to bill-of-lading information," Sartin said.
This information enabled them to strike quickly and get away, rather than having to open every container on the ship.
Verizon's investigators found that the shipping company's Web-based inventory system had been breached. "This underscores the idea that anybody who has access to data of value ... can find somebody to buy it," said Sartin.
The investigators' findings were turned over to local authorities. No arrest has been made.
For information security directors at large corporations, the growing reliance on contractors is a major security concern. Many businesses are turning to software-based contractor-isolation solutions to address this potential threat. Download the TechWeb report Efficiently Isolating Contractors From Sensitive Data: The Many Advantages of Software-based Contractor Isolation to learn more about contractor security trends and software-based contractor isolation (registration required).