Verizon: Financial malware, state-sponsored hacking dominated 2012 data breaches

Hacking continued to be the No. 1 way breaches occurred during 2012, according to the latest DBIR from Verizon
Hacking continued to be the No. 1 way breaches occurred during 2012, according to the latest DBIR from Verizon

Verizon has released its 2013 Data Breach Investigations Report, finding that financially motived cybercrime accounted for the lion’s share of the breaches (75%), while state-affiliated espionage campaigns claimed the No. 2 spot (20%). State-sponsored crime included cyber threats aimed at stealing intellectual property – such as classified information, trade secrets and technical resources – to further national and economic interests.

“The bottom line is that unfortunately, no organization is immune to a data breach in this day and age,” said Wade Baker, principal author of the Data Breach Investigations Report series. “We have the tools today to combat cybercrime, but it’s really all about selecting the right ones and using them in the right way.

“In other words, understand your adversary – know their motives and methods, and prepare your defenses accordingly and always keep your guard up,” Baker said.

Also in the realm of politics, the 2013 DBIR found that the proportion of incidents involving hacktivists held steady; but the amount of data stolen decreased, as many hacktivists shifted to other methods, such as distributed denial-of-service (DDoS) attacks. These attacks, aimed at paralyzing or disrupting systems, also have significant costs because they impair business and operations, but it’s not outright theft.

Verizon also found that in 2012, the victims represented a wide range of industries. About 37% of breaches affected financial organizations, and 24% affected retailers and restaurants. One-fifth (20%) of network intrusions involved the manufacturing, transportation and utilities industries, with the same percentage affecting information and professional services firms. Of all cyberattacks, 38% impacted larger organizations and represented 27 different countries.

“All in all, the large scale and diverse nature of data breaches and other network attacks took center stage for all to see in 2012,” Baker said.

Among the other findings is the fact that external attacks remain largely responsible for data breaches, with 92% of them attributable to outsiders. This category includes organized crime, activist groups, former employees, lone hackers and even organizations sponsored by foreign governments. As in the prior year’s report, business partners were responsible for about 1% of data breaches.

In terms of attack methods, hacking is the No. 1 way breaches occur. In fact, hacking was a factor in 52% of data breaches. Seventy-six percent of network intrusions exploited weak or stolen credentials (user name/password); 40% incorporated malware (malicious software, script or code used to compromise information); 35% involved physical attacks (such as ATM skimming); and 29% leveraged social tactics (such as phishing).

The proportion of breaches incorporating social tactics such as phishing was four times higher in 2012, which, according to the breach report, is directly related to the tactic’s widespread use in targeted espionage campaigns.

Additionally, the compromise-to-discovery timeline continues to be measured in months and even years, as opposed to hours and days. Finally, the report found that third parties continue to detect the majority of breaches (69%).

What’s hot on Infosecurity Magazine?