The document is a report analyzing data from over 2000 data breaches to understand how sensitive data is stolen. It finds that the most common threat actions are brute force hacking (47%), spyware/malware (41%), and using stolen credentials (29%). Other frequent threats included exporting data through malware, backdoors, tampering, disabling controls, capturing stored data, phishing, command and control servers, downloaders, and password dumpers. The report clusters similar breaches by industry and identifies the top threat scenarios as spyware, backdoors, exporting data, using stolen credentials, and brute force hacking.
Observations on Modern Cyber Crime and Espionage - Wade Baker, Verizon
1. Are modern threats so advanced,
diverse, and unpredictable that we
can’t mount any meaningful defense
against them?
> Let’s explore that question today
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
2.
3.
4. Data Breach Investigations Report
An ongoing study that analyzes forensic
evidence to uncover how sensitive data is
stolen from organizations, who’s doing it,
why they’re doing it, and what might be
done to prevent it.
--------------------------------------------------------------2013 CONTRIBUTORS-------------------------------------------------------------•
•
•
•
•
•
•
•
•
•
Australian Federal Police
CERT Insider Threat Center
Consortium of Cybersecurity Action
Danish Ministry of Defence
Danish National Police
Deloitte
Dutch Police
Electricity Sector ISAC
European Cyber Crime Center
G-C Partners, LLC
•
•
•
•
•
•
•
•
•
Guardia Civil
Industrial Control Systems CERT
Irish Reporting & InfoSec Service
Malaysia CERT
National Cybersecurity &
Communications Integration Center
ThreatSim
US CERT
US Secret Service
Verizon
6. Top 20 threat actions observed across 2000+ data breaches
Overall
Larger orgs
47%
Brute force (Hacking)
Spyware (Malware)
9%
41%
19%
Use of stolen creds (Hacking)
29%
23%
Export data (Malware)
28%
22%
Backdoor (Malware)
23%
Use of backdoor or C2 (Hacking)
27%
21%
Tampering (Physical)
23%
19%
Disable controls (Malware)
42%
12%
Capture stored data (Malware)
10%
Phishing (Social)
8%
10%
C2 (Malware)
9%
Password dumper (Malware)
8%
Unknown (Hacking)
7%
Rootkit (Malware)
7%
Unknown (Malware)
6%
21%
9%
Downloader (Malware)
13%
23%
21%
17%
6%
11%
1%
Privilege abuse (Misuse)
4%
Adminware (Malware)
4%
Embezzlement (Misuse)
4%
1%
Unapproved hardware (Misuse)
4%
2%
8%
4%
7. Cluster analysis measuring similarity of incidents across industries
Nonstore Retailers (454)
Other Information Services (519)
Credit Intermediation and Related Activities (522)
Administrative and Support Services (561)
Publishing Industries (except Internet) (511)
Data Processing, Hosting, and Related Ser vices (518)
Telecommunications (517)
Executive, Legislative, and Other General Government Support (921)
Miscellaneous Store Retailers (453)
FoodGasoline Stations (447)
and Beverage Stores (445)
Clothing and Clothing Accessor ies Stores (448)
Professional, Scientific, and Technical Services (541)
Ambulatory Health Care Ser vices (621)
Health and Personal Care Stores (446)
Food Services and Drinking Places (722)
Accommodation (721)
Computer and Electronic Product Man ufacturing (334)
Transportation Equipment Manufacturing (336)
Pipeline Transportation (486)
8. Top threat scenarios observed across 2000+ data breaches
11% Something else
6%
State espionage
9%
Insider misuse
9%
26%
Spyware (Malware)
Backdoor (Malware)
24%
19%
Export data (Malware)
19%
Use of stolen creds (Hacking)
Web app hacks
Brute force (Hacking)
19%
C2 (Malware)
15%
Capture app data (Malware)
13%
Downloader (Malware)
13%
Client-side (Malware)
11%
Extortion (Social)
11%
Other (Hacking)
11%
Phishing (Social)
11%
Use of backdoor or C2 (Hacking)
22% Skimming devices
11%
Pretexting (Social)
9%
Capture stored data (Malware)
43% POS intrusions
7%
Other (Malware)
7%
Theft (Physical)
7%
Unknown (Hacking)
6%
Adminware (Malware)
4%
Destroy data (Malware)
4%
9. Threats to your data?
47%
Brute force (Hacking)
Spyware (Malware)
41%
Use of stolen creds…
29%
Export data (Malware)
< or >
28%
Backdoor (Malware)
23%
Use of backdoor or C2…
21%
Tampering (Physical)
Disable controls…
Capture stored data…
Phishing (Social)
19%
12%
10%
10%
C2 (Malware)
9%
Downloader (Malware)
9%
Password dumper…
8%