Security: Malware, Hacking Remain Preferred Methods of Cyber-Criminals
Hacking: Exploiting Default of Guessable Credentials
Attackers exploited default or easily guessable credentials for about 29 percent of the breaches analyzed by the Verizon RISK team. Many vendors often ship devices, appliances and software with a default password assigned. While it is possible to change them, that is not always the case. Industrial control systems are an example of devices with default passwords that can't be changed. Even if the password can be changed, many administrators don't bother. With a little bit of searching, attackers can find the passwords online, and the gates are wide open.
In the past 12 months, the majority of cyber-attackers relied primarily on two attack methodshacking and malwareto compromise networks and steal data in 2011, according to a report by the Verizon RISK team. Different types of malware are capable of stealing information, opening backdoors, and executing commands. While social engineering is becoming popular, straight-up hacking, where attackers are bypassing controls or exploiting flaws, still remains the predominant form of cyber-crime. In 2011, just about 99 percent of all compromised data records were stolen during an incident that involved either hacking or malware, according to the preliminary Verizon 2012 "Data Breach Investigations Report." These two attack techniques remain popular since they allow the adversary to launch the operation remotely and they make for an easy gateway. Criminals also used malware and hacking in tandem, such as installing malware that opens a backdoor on the infected machine, which is then used by the attacker to remotely execute code. Or perhaps the user is infected with a keylogger, which steals log-in credentials that criminals then use. The Verizon team pulled together the 10 most common examples of malware and hacking attacks in 2011 and urged businesses and other organizations to determine if their networks may have been compromised in the same way.