Malware, Hacking Most Common Attacks in 2011 Data Breaches: Verizon DBIR

External threats were behind most of 2011's data breaches, and they likely used malware or hacked their way in, according to Verizon's 2012 Data Breach Investigation Report.

SAN FRANCISCO€”Malware and hacking were the most commonly used attack vectors in data breaches that occurred in 2011, according to a sneak peek of the 2012 Data Breach Investigations Report from Verizon.

Verizon released a preliminary version of its 2012 Data Breach Investigations Report Feb. 29. The preliminary report contains "a few snapshots" from the Verizon caseload that was analyzed for the report. The full version of the report is expected to be released in the coming weeks.

The full DBIR will include information about more than 850 data breaches in 2011, according to Verizon. However, a little over 10 percent of the incidents were actually investigated by the Verizon RISK team. Verizon complemented the information from those 90 incidents with data gathered from five law enforcement agencies it partnered with. The agencies included the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police.

"One might consider this to be a tasty morsel to whet the appetite for the full report," Verizon RISK researchers wrote in the report.

The year was "exciting," with plenty of mini-breaches and mega-breaches to keep infosec professionals awake at night, Verizon wrote. There was a little bit of everything, with hacktivism, cyber-espionage and organized crime wreaking havoc on enterprise and government systems around the world.

Retail€”which included both online and traditional brick-and-mortar merchants€”hospitality and financial sectors suffered the most incidents in 2011, Verizon said. However, information and manufacturing industries lost the largest amount of data, measured in the number of records compromised, according to the preliminary report.

Financial gain appeared to still be the main motivation for cyber-attacks, according to the preliminary report. While organized crime was responsible for a majority of the incidents, online protests, other forms of hacktivism and disgruntled ex-employees also caused significant damage, according to the Verizon RISK team.

External attacks continue to rise, as Verizon researchers found that 92 percent of attacks analyzed were external in origin. This is a significant change from previous years. Between 2004 and 2007, 80 percent of the breaches involved outsiders.

Hacking and malware remain significant threats as these two attack methods played some role in nearly all (99 percent) the incidents, according to the current report. These two methods are popular because they allow attackers remote access, automation and an easy getaway, Verizon said. Social engineering techniques are also increasing in popularity, associated with over half of the breaches investigated, Verizon said.

However, Verizon warned against ignoring all other threats to focus on hacking and malware. The report's finding just means that organizations should identify their weakness with respect to malware and hacking threats and prioritize related defenses.

The most common servers breached in 2011 were point-of-sale servers, Web and application servers, and database servers. Desktops, laptops and point-of-sale terminals made up the bulk of compromised end-user devices, Verizon said.

Payment card information, personal identifying information and authentication credentials were the most often compromised in 2011, but other types of sensitive organizational data, trade secrets and copyright information were also stolen, Verizon said.

Organizations are still taking awhile to detect that they have been compromised. While it takes attackers a very short time to breach a network and steal data, nearly 60 percent of the incidents were detected months or years after the fact, Verizon found.

"That's a long time for customer data, intellectual property and other sensitive information to be at the disposal of criminals," according to the report.

Two-thirds of the breaches were detected when an external third-party noticed the problem. However, Verizon found a "glimmer of good news," as the number of breaches detected because the organization was actively monitoring its logs has gone up since previous years.

Verizon's report affirmed just how global the cyber problem has gotten. Less than half of the data breaches reported originated in North America. The bulk of the breach reports were in Europe, the Middle East and Asia-Pacific, Verizon found.