The document is a report analyzing data from over 2000 data breaches to understand how sensitive data is stolen. It finds that the most common threat actions are brute force hacking (47%), spyware/malware (41%), and using stolen credentials (29%). Other frequent threats included exporting data through malware, backdoors, tampering, disabling controls, capturing stored data, phishing, command and control servers, downloaders, and password dumpers. The report clusters similar breaches by industry and identifies the top threat scenarios as spyware, backdoors, exporting data, using stolen credentials, and brute force hacking.

1. Are modern threats so advanced,
diverse, and unpredictable that we
can’t mount any meaningful defense
against them?
> Let’s explore that question today
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.

4. Data Breach Investigations Report
An ongoing study that analyzes forensic
evidence to uncover how sensitive data is
stolen from organizations, who’s doing it,
why they’re doing it, and what might be
done to prevent it.
--------------------------------------------------------------2013 CONTRIBUTORS-------------------------------------------------------------•
•
•
•
•
•
•
•
•
•
Australian Federal Police
CERT Insider Threat Center
Consortium of Cybersecurity Action
Danish Ministry of Defence
Danish National Police
Deloitte
Dutch Police
Electricity Sector ISAC
European Cyber Crime Center
G-C Partners, LLC
•
•
•
•
•
•
•
•
•
Guardia Civil
Industrial Control Systems CERT
Irish Reporting & InfoSec Service
Malaysia CERT
National Cybersecurity &
Communications Integration Center
ThreatSim
US CERT
US Secret Service
Verizon

5. All threat actions defined within VERIS
Adware , Backdoor , Brute force , Capture app data , Capture stored data , Client-side , C2 , Destroy data ,
Disable controls , DoS , Downloader , Exploit vuln , Export data , Packet sniffer , Password dumper , Ram
scraper , Ransomware , Rootkit , Scan network , Spam , Spyware , SQL injection , Utility , Worm , Abuse of
functionality , Brute force , Buffer overflow , Cache poisoning , Credential/session prediction , Cross-site
request forgery , Cross-site scripting , Cryptanalysis , Denial of service , Footprinting and fingerprinting ,
Forced browsing , Format string attack , Fuzz testing , HTTP request smuggling , HTTP request splitting , HTTP
response smuggling , HTTP Response Splitting , Integer overflows , LDAP injection , Mail command injection ,
Man-in-the-middle attack , Null byte injection , Offline cracking , OS commanding , Path traversal , Remote
file inclusion , Reverse engineering , Routing detour , Session fixation , Session replay , Soap array abuse ,
Special element injection , SQL injection , SSL injection , URL redirector abuse , Use of backdoor or C2 , Use of
stolen creds , XML attribute blowup , XML entity expansion , XML external entities , XML injection , XPath
injection , XQuery injection , Baiting , Bribery , Elicitation , Extortion , Forgery , Influence , Scam , Phishing ,
Pretexting , Propaganda , Spam , Knowledge abuse , Privilege abuse , Embezzlement , Data mishandling ,
Email misuse , Net misuse , Illicit content , Unapproved workaround , Unapproved hardware , Unapproved
software , Assault , Sabotage , Snooping , Surveillance , Tampering , Theft , Wiretapping , Classification error ,
Data entry error , Disposal error , Gaffe , Loss , Maintenance error , Misconfiguration , Misdelivery ,
Misinformation , Omission , Physical accidents , Capacity shortage , Programming error , Publishing error ,
Malfunction , Deterioration , Earthquake , EMI , ESD , Temperature , Fire , Flood , Hazmat , Humidity ,
Hurricane , Ice , Landslide , Lightning , Meteorite , Particulates , Pathogen , Power failure , Tornado , Tsunami ,
Vermin , Volcano , Leak , Wind

6. Top 20 threat actions observed across 2000+ data breaches
Overall
Larger orgs
47%
Brute force (Hacking)
Spyware (Malware)
9%
41%
19%
Use of stolen creds (Hacking)
29%
23%
Export data (Malware)
28%
22%
Backdoor (Malware)
23%
Use of backdoor or C2 (Hacking)
27%
21%
Tampering (Physical)
23%
19%
Disable controls (Malware)
42%
12%
Capture stored data (Malware)
10%
Phishing (Social)
8%
10%
C2 (Malware)
9%
Password dumper (Malware)
8%
Unknown (Hacking)
7%
Rootkit (Malware)
7%
Unknown (Malware)
6%
21%
9%
Downloader (Malware)
13%
23%
21%
17%
6%
11%
1%
Privilege abuse (Misuse)
4%
Adminware (Malware)
4%
Embezzlement (Misuse)
4%
1%
Unapproved hardware (Misuse)
4%
2%
8%
4%

7. Cluster analysis measuring similarity of incidents across industries
Nonstore Retailers (454)
Other Information Services (519)
Credit Intermediation and Related Activities (522)
Administrative and Support Services (561)
Publishing Industries (except Internet) (511)
Data Processing, Hosting, and Related Ser vices (518)
Telecommunications (517)
Executive, Legislative, and Other General Government Support (921)
Miscellaneous Store Retailers (453)
FoodGasoline Stations (447)
and Beverage Stores (445)
Clothing and Clothing Accessor ies Stores (448)
Professional, Scientific, and Technical Services (541)
Ambulatory Health Care Ser vices (621)
Health and Personal Care Stores (446)
Food Services and Drinking Places (722)
Accommodation (721)
Computer and Electronic Product Man ufacturing (334)
Transportation Equipment Manufacturing (336)
Pipeline Transportation (486)

8. Top threat scenarios observed across 2000+ data breaches
11% Something else
6%
State espionage
9%
Insider misuse
9%
26%
Spyware (Malware)
Backdoor (Malware)
24%
19%
Export data (Malware)
19%
Use of stolen creds (Hacking)
Web app hacks
Brute force (Hacking)
19%
C2 (Malware)
15%
Capture app data (Malware)
13%
Downloader (Malware)
13%
Client-side (Malware)
11%
Extortion (Social)
11%
Other (Hacking)
11%
Phishing (Social)
11%
Use of backdoor or C2 (Hacking)
22% Skimming devices
11%
Pretexting (Social)
9%
Capture stored data (Malware)
43% POS intrusions
7%
Other (Malware)
7%
Theft (Physical)
7%
Unknown (Hacking)
6%
Adminware (Malware)
4%
Destroy data (Malware)
4%

9. Threats to your data?
47%
Brute force (Hacking)
Spyware (Malware)
41%
Use of stolen creds…
29%
Export data (Malware)
< or >
28%
Backdoor (Malware)
23%
Use of backdoor or C2…
21%
Tampering (Physical)
Disable controls…
Capture stored data…
Phishing (Social)
19%
12%
10%
10%
C2 (Malware)
9%
Downloader (Malware)
9%
Password dumper…
8%