The number of compromised records dropped precipitously, despite the fact that Verizon expanded its pool of data by teaming with the Dutch National High Tech Crime Unit for this year’s report. Verizon continued its association with the US Secret Service in the 2011 report.
Verizon attributed the seemingly bizarre results to the fact that there has been a significant decline in large-scale breaches as cybercriminals shift their tactics to smaller-scale attacks.
“The number of breaches doubled while the number of compromised records went down. So this reinforces the fact that while these breaches are still happening, they are much smaller, kind of like pinpricks, as opposed to really big breaches in previous years”, commented Chris Novak, managing principal at Verizon Investigative Response.
The last few years have been the best in terms of successful prosecution of cybercriminals. “That is probably having an impact on the types of breaches. We are not seeing these gigantic breaches because the big criminal networks are so disrupted that they are not able to function in a way that they can carry out these large-scale breaches”, Novak told Infosecurity.
The Verizon report also found that outsiders were responsible for 92% of the breaches, a significant increase from last year’s report. Novak noted that in previous years external and internal breaches were “almost neck and neck. Two years ago, external really started to surpass internal, and this year, the difference is the most dramatic ever.”
Hacking (50%) and malware (49%) were the most prominent types of attacks. “Malware was up again….In the previous report, malware was roughly 38% of the breaches; this year it is close to half. And malware was responsible for almost 80% of the compromised records”, he said. “We are hearing more and more about the sophisticated types of malware that are out there; it is really no surprise that malware is increasing in terms of its effectiveness in the marketplace”, he added.
The most common kinds of malware found in the Verizon caseload were those involving sending data to an external entity, opening backdoors, and keylogger functionalities, the survey found.
Verizon also found that stolen passwords and credentials are “out of control.” Ineffective, weak or stolen credentials continue to wreak havoc on enterprise security. Failure to change default credentials remains an issue. “Everyone is talking about stolen credentials now”, Novak stressed.
For the first time, physical attacks appeared as one of the three most common ways to steal information, constituting 29% of all cases investigated. These types of attacks include manipulating common credit-card devices such as ATMs, gas pumps, and point-of-sale terminals, Verizon said.