Verizon Data Breach Report: 10 Most Common Security Incidents Of The Past 10 Years
Inside The 2014 Verizon Data Breach Report
Verizon's annual data breach investigations report has become the go-to document used by the security industry to identify attack patterns, hacking techniques and common missteps in security measures designed to prevent data leakage and theft. In addition to the 1,367 confirmed data breaches analyzed by the 2014 Verizon Data Breach Investigations Report, researchers added analysis of more than 63,000 security incidents to reveal the most common attacks. Verizon uncovered actions by cybercriminals, their techniques and the data they are targeting to identify distinct classification patterns. These 10 most common security incidents describe nine distinct patterns that reflect 92 percent of the more than 100,000 security incidents collected over a 10-year period, Verizon said.
Web Application Attacks
Web applications were associated with 3,937 security incidents and 490 confirmed data breaches in 2013. Many of the attacks analyzed by Verizon were targeting popular blogging platforms or content management systems from Joomla, Wordpress and Drupal. The company said the attacks appeared to be driven by hacktivists, whose intent is to hack a server and use its power to carry out distributed denial-of-service attacks. Financially motivated cybercriminals also targeted Web applications to infect a website and use it as a platform for drive-by attacks.
Businesses need to ensure content management systems and their components are patched and use strong passwords, Verizon said. They also should consider two-factor authentication and use code-scanning software to find and fix Web application vulnerabilities. Businesses also should enforce lockout policies to guard against brute-force attacks.
Miscellaneous Errors
Verizon said human error was at the core of 412 confirmed data breaches in 2013 and associated with more than 16,000 security incidents. Process failures, a lack of communication, and poor controls mitigating business partner risk were associated with many of the incidents, Verizon said. Public sector organizations, administrative and health-care firms were the most affected by human error, according to the analysis. The top three errors were misdelivery of information, publishing mistakes and disposal errors.
Properly implemented and configured data loss prevention technology may be the best way to proactively address employee mistakes, Verizon said. Companies should implement more efficient processes and set enforceable security policies to control them.
Cyberespionage
Cyberespionage activity was associated with 511 security incidents and 306 confirmed data breaches, according to the Verizon report. Cyberespionage attacks are on the rise, mainly because more security firms are identifying and researching the threat, Verizon said. Attackers are targeting professional firms, manufacturers, mining operations and public organizations to gain access to intellectual property consisting of trade secrets, corporate negotiations and other highly sensitive information, according to Verizon.
The company recommends basic security best practices. Network segmentation, proactive log management and two-factor authentication could help stop lateral movement if an attacker is already inside and attempting to get to sensitive systems, Verizon said.
Point-Of-Sale System Intrusions
Verizon said it analyzed 198 security incidents and confirmed 198 data breaches in 2013. Investigators said retail point-of-sale breaches have been in decline over the past several years, despite the high-profile data breaches in recent months at Target, Neiman Marcus and Michaels Stores. Weak and default passwords on point-of-sale systems were consistently targeted by attackers. BlackPOS, a common memory-scraping malware, is a top technique used by credit card data thieves, Verizon said.
Businesses need to lock down their POS systems, Verizon said. They also should consider application whitelisting and use updated antivirus on the systems.
ATM Attacks
Payment card skimming, mainly associated with attacks against ATMs and gas terminals, has been a consistent issue found in the Verizon report analysis each year. Much of the data is disclosed to Verizon by the U.S. Secret Service. In 2013, there were 130 security incidents and confirmed data breaches associated with the attack method. ATM skimmers, which represent 87 percent of skimming attacks, are installed on the outside of the machine, Verizon said.
Verizon recommends business owners purchase tamper-resistant terminals, watch for tampering of devices, and place a sticker on the maintenance door of the gas pump to identify when a terminal may have been improperly accessed.
Physical Theft And Loss
Lost or stolen devices are consistently ranked as a top concern of IT security pros and chief information security officers, and Verizon found out why. Lost laptops and other devices accounted for more than 9,000 security incidents and 116 confirmed data breaches in 2013. The issue is a big problem in the health-care industry, according to Verizon.
Information assets are lost much more than they are stolen, by a 15-to-1 difference, Verizon said. Businesses need to implement device encryption, encourage users to keep devices with them at all times and implement an effective backup strategy, Verizon said.
Insider Privilege Misuse
The abuse of privileges by an employee, contractor or partner was associated with more than 11,600 security incidents and 112 confirmed data breaches in 2013. Verizon said it is watching a trend of insider espionage targeting internal data and trade secrets. Most insider attacks happened within the office network, Verizon said.
Businesses should build additional controls around systems containing sensitive data, Verizon said. They also must review user account activity and quickly disable former employees' user accounts, Verizon said.
Crimeware Toolkits
Crimeware, mainly financially driven attacks using automated attack toolkits, are a common problem faced by nearly every industry, Verizon said, and it found crimeware associated with more than 12,000 security incidents and 50 data breaches in 2013. The Zeus and SpyEye Trojan families spread quickly by organized cybercriminal networks that use spam messages and malicious links to trick people into downloading the dangerous malware. The malware is designed to steal account credentials and drain bank accounts. Verizon said many infections happen by simply visiting an attack website or downloading a malicious file.
Businesses need to deploy browser security patches and apply updates to browser plug-ins, Verizon said. Java should be disabled or uninstalled if it is not needed, the company said. In addition, two-factor authentication would thwart many attacks that use stolen credentials, according to Verizon.
Denial-Of-Service Attacks
Distributed denial-of-service attacks, designed to cripple the network or bring down websites and Web applications, is of growing concern of security experts, Verizon said. Attackers are compromising servers in public and private cloud data centers to increase the bandwidth of their attacks, the company said. Verizon analyzed more than 1,100 total security incidents in 2013. None of the attacks were associated with confirmed data breaches.
Verizon urged businesses to beware of marketing hype associated with DDoS attacks. They should have a plan in place and consider the use of an Internet service provider DDoS mitigation service. Businesses also should consider isolating IP space not in active use, Verizon said.
Everything Else
There were more than 7,200 security incidents that can't fit into a common incident pattern, according to Verizon. Nearly all of these attacks were external and were browser-based threats, using a combination of hacking, phishing and malware, Verizon said. Three-quarters of all incidents involved compromised Web servers, the company said, and they usually represent mass attacks, in which hundreds of servers are hijacked to host malware for drive-by attacks or phishing sites.