RSA 2012: Hacking, external actors dominate 2011 data breaches

Verizon published a snapshot of the data from its upcoming report, using data from its own caseload of 90 confirmed data breach investigations of over 850 breach cases for last year.

“2011 was an interesting year in cybercrime. From mini-breaches to mega-breaches, and from 'hacktivism' to espionage to money-driven crime syndicates, there was plenty going on to keep infosec professionals awake at night”, according to the DBIR snapshot.

Verizon said that the 2012 DBIR would include data from its own investigations as well as those by the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Security Service, the Australian Federal Police, and the London Metropolitan Police.

The most commonly used method for breaches was exploiting default or guessable credentials (29%), followed by backdoor malware (26%), use of stolen login credentials (24%), exploitation of backdoor or command and control channels (23%), and keyloggers and spyware (18%), while SQL injection attacks accounted for 13% of the breaches.

A whopping 90% of 2011 breaches involved the compromise of a server, followed by end user devices (49%), people (4%), networks (2%), and offline data (1%).

Among servers involved in breaches, point-of-sale servers, web/application servers, and database servers led the pack. Desktops, laptops, and point-of-sale terminals comprised the bulk of compromised end-user devices.

With respect to the data stolen from these assets, payment cards, personal information, and authentication credentials were most often compromised, but other types of sensitive organizational data, trade secrets, and copyrighted information were taken as well.

In nearly 60% of cases, it took months or years for organizations to discover they had been the victim of a breach in 2011. “That’s a long time for customer data, intellectual property, and other sensitive information to be at the disposal of criminals”, Verizon said.

An external party - typically via fraud detection or customer notification - detected over two-thirds of breaches. “While not encouraging, it is hardly surprising...when one considers that this statistic has ranged from 61% to 86% each year we’ve conducted our study”, Verizon noted.

What’s hot on Infosecurity Magazine?