External threats were behind most of 2011's data breaches, and they likely used malware or hacked their way in, according to Verizon's 2012 Data Breach Investigation Report.
FRANCISCOMalware and hacking were the most commonly used attack vectors in
data breaches that occurred in 2011, according to a sneak peek of the 2012 Data
Breach Investigations Report from Verizon.
released a preliminary version of its 2012 Data Breach Investigations Report
Feb. 29. The preliminary report contains "a few snapshots" from the
Verizon caseload that was analyzed for the report. The full version of the
report is expected to be released in the coming weeks.
full DBIR will include information about more than 850 data breaches in 2011,
according to Verizon. However, a little over 10 percent of the incidents were
actually investigated by the Verizon RISK team. Verizon complemented the
information from those 90 incidents with data gathered from five law
enforcement agencies it partnered with. The agencies included the U.S. Secret
Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information
Service, the Australian Federal Police and the London Metropolitan Police.
might consider this to be a tasty morsel to whet the appetite for the full
report," Verizon RISK researchers wrote in the report.
year was "exciting," with plenty of mini-breaches and mega-breaches
to keep infosec professionals awake at night, Verizon wrote. There was a little
bit of everything, with hacktivism, cyber-espionage and organized crime
wreaking havoc on enterprise and government systems around the world.
included both online and traditional brick-and-mortar merchantshospitality and
financial sectors suffered the most incidents in 2011, Verizon said. However,
information and manufacturing industries lost the largest amount of data,
measured in the number of records compromised, according to the preliminary
gain appeared to still be the main motivation for cyber-attacks, according to
the preliminary report. While organized crime was responsible for a majority of
the incidents, online protests, other forms of hacktivism and disgruntled
ex-employees also caused significant damage, according to the Verizon RISK
attacks continue to rise, as Verizon researchers found that 92 percent of
attacks analyzed were external in origin. This is a significant change from
previous years. Between 2004 and 2007, 80 percent of the breaches involved
and malware remain significant threats as these two attack methods played some
role in nearly all (99 percent) the incidents, according to the current report.
These two methods are popular because they allow attackers remote access,
automation and an easy getaway, Verizon said. Social engineering techniques are
also increasing in popularity, associated with over half of the breaches
investigated, Verizon said.
Verizon warned against ignoring all other threats to focus on hacking and
malware. The report's finding just means that organizations should identify their
weakness with respect to malware and hacking threats and prioritize related
most common servers breached in 2011 were point-of-sale servers, Web and
application servers, and database servers. Desktops, laptops and point-of-sale
terminals made up the bulk of compromised end-user devices, Verizon said.
card information, personal identifying information and authentication
credentials were the most often compromised in 2011, but other types of
sensitive organizational data, trade secrets and copyright information were
also stolen, Verizon said.
are still taking awhile to detect that they have been compromised. While it
takes attackers a very short time to breach a network and steal data, nearly 60
percent of the incidents were detected months or years after the fact, Verizon
a long time for customer data, intellectual property and other sensitive
information to be at the disposal of criminals," according to the report.
of the breaches were detected when an external third-party noticed the problem.
However, Verizon found a "glimmer of good news," as the number of
breaches detected because the organization was actively monitoring its logs has
gone up since previous years.
report affirmed just how global the cyber problem has gotten. Less than half of
the data breaches reported originated in North America. The bulk of the breach
reports were in Europe, the Middle East and Asia-Pacific, Verizon found.