Date post: | 15-Jan-2015 |
Category: |
Technology |
Upload: | akamai-technologies |
View: | 5,224 times |
Download: | 2 times |
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Are modern threats so advanced,
diverse, and unpredictable that we
can’t mount any meaningful defense
against them?
> Let’s explore that question today
An ongoing study that analyzes forensic
evidence to uncover how sensitive data is
stolen from organizations, who’s doing it,
why they’re doing it, and what might be
done to prevent it.
Data Breach Investigations Report
• Australian Federal Police
• CERT Insider Threat Center
• Consortium of Cybersecurity Action
• Danish Ministry of Defence
• Danish National Police
• Deloitte
• Dutch Police
• Electricity Sector ISAC
• European Cyber Crime Center
• G-C Partners, LLC
• Guardia Civil
• Industrial Control Systems CERT
• Irish Reporting & InfoSec Service
• Malaysia CERT
• National Cybersecurity &
Communications Integration Center
• ThreatSim
• US CERT
• US Secret Service
• Verizon
--------------------------------------------------------------2013 CONTRIBUTORS--------------------------------------------------------------
Adware , Backdoor , Brute force , Capture app data , Capture stored data , Client-side , C2 , Destroy data ,
Disable controls , DoS , Downloader , Exploit vuln , Export data , Packet sniffer , Password dumper , Ram
scraper , Ransomware , Rootkit , Scan network , Spam , Spyware , SQL injection , Utility , Worm , Abuse of
functionality , Brute force , Buffer overflow , Cache poisoning , Credential/session prediction , Cross-site
request forgery , Cross-site scripting , Cryptanalysis , Denial of service , Footprinting and fingerprinting ,
Forced browsing , Format string attack , Fuzz testing , HTTP request smuggling , HTTP request splitting , HTTP
response smuggling , HTTP Response Splitting , Integer overflows , LDAP injection , Mail command injection ,
Man-in-the-middle attack , Null byte injection , Offline cracking , OS commanding , Path traversal , Remote
file inclusion , Reverse engineering , Routing detour , Session fixation , Session replay , Soap array abuse ,
Special element injection , SQL injection , SSL injection , URL redirector abuse , Use of backdoor or C2 , Use of
stolen creds , XML attribute blowup , XML entity expansion , XML external entities , XML injection , XPath
injection , XQuery injection , Baiting , Bribery , Elicitation , Extortion , Forgery , Influence , Scam , Phishing ,
Pretexting , Propaganda , Spam , Knowledge abuse , Privilege abuse , Embezzlement , Data mishandling ,
Email misuse , Net misuse , Illicit content , Unapproved workaround , Unapproved hardware , Unapproved
software , Assault , Sabotage , Snooping , Surveillance , Tampering , Theft , Wiretapping , Classification error ,
Data entry error , Disposal error , Gaffe , Loss , Maintenance error , Misconfiguration , Misdelivery ,
Misinformation , Omission , Physical accidents , Capacity shortage , Programming error , Publishing error ,
Malfunction , Deterioration , Earthquake , EMI , ESD , Temperature , Fire , Flood , Hazmat , Humidity ,
Hurricane , Ice , Landslide , Lightning , Meteorite , Particulates , Pathogen , Power failure , Tornado , Tsunami ,
Vermin , Volcano , Leak , Wind
All threat actions defined within VERIS
Top 20 threat actions observed across 2000+ data breaches
47%
41%
29%
28%
23%
21%
19%
12%
10%
10%
9%
9%
8%
7%
7%
6%
4%
4%
4%
4%
Brute force (Hacking)
Spyware (Malware)
Use of stolen creds (Hacking)
Export data (Malware)
Backdoor (Malware)
Use of backdoor or C2 (Hacking)
Tampering (Physical)
Disable controls (Malware)
Capture stored data (Malware)
Phishing (Social)
C2 (Malware)
Downloader (Malware)
Password dumper (Malware)
Unknown (Hacking)
Rootkit (Malware)
Unknown (Malware)
Privilege abuse (Misuse)
Adminware (Malware)
Embezzlement (Misuse)
Unapproved hardware (Misuse)
Overall
9%
19%
23%
22%
27%
23%
42%
8%
13%
21%
23%
21%
17%
6%
11%
1%
8%
4%
1%
2%
Larger orgs
Computer and Electronic Product Man ufacturing (334)
Transportation Equipment Manufacturing (336)
Food and Beverage Stores (445)
Health and Personal Care Stores (446)
Gasoline Stations (447) Clothing and Clothing Accessor ies Stores (448)
Miscellaneous Store Retailers (453)
Nonstore Retailers (454)
Pipeline Transportation (486)
Publishing Industries (except Internet) (511)
Telecommunications (517)
Data Processing, Hosting, and Related Ser vices (518)
Other Information Services (519)
Credit Intermediation and Related Activities (522)
Professional, Scientific, and Technical Services (541)
Administrative and Support Services (561)
Ambulatory Health Care Services (621)
Accommodation (721)
Food Services and Drinking Places (722)
Executive, Legislative, and Other General Government Support (921)
Cluster analysis measuring similarity of incidents across industries
Top threat scenarios observed across 2000+ data breaches
Something else
State espionage
Insider misuse
Web app hacks
Skimming devices
POS intrusions43%
22%
9%
9%
6%
11% 26%
24%
19%
19%
19%
15%
13%
13%
11%
11%
11%
11%
11%
9%
7%
7%
7%
6%
4%
4%
Spyware (Malware)
Backdoor (Malware)
Brute force (Hacking)
Export data (Malware)
Use of stolen creds (Hacking)
C2 (Malware)
Capture app data (Malware)
Downloader (Malware)
Client-side (Malware)
Extortion (Social)
Other (Hacking)
Phishing (Social)
Use of backdoor or C2 (Hacking)
Pretexting (Social)
Capture stored data (Malware)
Other (Malware)
Theft (Physical)
Unknown (Hacking)
Adminware (Malware)
Destroy data (Malware)
< or >
Threats to your data?
47%
41%
29%
28%
23%
21%
19%
12%
10%
10%
9%
9%
8%
Brute force (Hacking)
Spyware (Malware)
Use of stolen creds…
Export data (Malware)
Backdoor (Malware)
Use of backdoor or C2…
Tampering (Physical)
Disable controls…
Capture stored data…
Phishing (Social)
C2 (Malware)
Downloader (Malware)
Password dumper…