18 common data breach scenarios

Data Breach, Hacker, Information Management, IT, IT Security, Data Center, Verizon, Atlanta, Jacksonville, Dothan, Tallahassee, Thomasville, Albany, Tifton, Valdosta


Verizon has just released their annual Data Breach Digest, outlining the themes that came out of their investigation of 500 cases pertaining to cyber security. All of these breaches were broken down into 18 common scenarios, clustered into four groups. I’ve outlined them below to give you a teaser of the 84 page document.

  1. The human element—five scenarios highlighting human threats or targets (48% of breaches)
    1. Social Engineering (16% of breaches)
      1. This is generally used for cyber espionage by organized crime or a government such as China, Argentina, North Korea, and Russia
    2. Financial Pretexting (7% of breaches)
      1. This is generally used for financial gain by organized crime
    3. Digital Extortion (9% of breaches)
      1. This is generally used for financial gain by organized crime using ransomware on an organization’s server
    4. Insider Threat (12% of breaches)
      1. This is generally used by employees with access to money or financial transactions with a grudge.
    5. Partner Misuse (4% of breaches)
      1. This is generally when a principal takes advantage of partners
  2. Conduit devices—five scenarios covering device misuse or tampering (65% of breaches).
    1. USB Infection (4% of breaches)
      1. This is generally associated with state and organized crime, used for corporate espionage and financial gain
    2. Peripheral Tampering (1% of breaches)
      1. Organized crime in Eastern Europe, Brazil, and the US are typically associated with the payment card skimmer breach
    3. Hactivist Attack (3% of breaches)
      1. Groups like Anonymous target organizations they have differences with to shut down or deface their websites and interrupt their ability to operate
    4. Rogue Connection (4% of breaches)
      1. Organized crime uses phishing, spyware, and key logger software to steal financial information.
    5. Logic Switch (53% of breaches)
      1. State and organized crime use SQL injection and stolen credentials to manipulate account balances, create non existent funds, bypass security, and cash out quickly.
  3. Configuration exploitation—four scenarios focusing on reconfigured ormisconfigured settings (100% of breaches – some use multiple methods simultaneously).
    1. SQL Injection (11% of breaches)
      1. These attacks abuse an application’s interaction with its backend database. They frequently target web applications.
    2. Content Management System (CMS) Compromise (46% of breaches)
      1. CMS vulnerabilities are used to install backdoor software the attacker can come back to later to access the data or use the system.
    3. Backdoor Access (51% of breaches)
      1. Once a backdoor has been created in an application, the infiltrator can push further into the organization’s systems and install other malware to capture keystrokes, escalate privileges, compromise accounts and export data.
    4. Domain Name System (DNS) Tunneling (1% of breaches)
      1. This involves creating an unintended communication channel to a C2 server to exfiltrate data. Networks with particularly tough security protocols are typically the target of these attacks.
  4. Malicious software—four scenarios centering on sophisticated orspecial-purpose illicit software (86% of breaches).
    1. Data Ransomware (4% of breaches)
      1. This malware is used to prevent users from accessing data until they pay a ransom to have it unlocked. Organized crime are the typical perpetrators.
    2. Sophisticated Malware (32% of breaches)
      1. Antivirus software is rendered ineffective because this utilizes custom-written, special purpose malware. This generally occurs in targeted attacks.
    3. RAMscraping (8% of breaches)
      1. Organized crime uses customized tools for identifying and exporting specific data, generally financial.
    4. Credential Theft (42% of breaches)
      1. These spyware/keylogger attacks involve unauthorized software or hardware used to gain access to protected elements of an organization’s IT infrastructure and are used for financial gain and espionage.



Our Latest Consulting Insights


Five Ways to Detect a Phishing Email Scam

Gone Phishing? It could lead to disastrous results. According to Symantec’s 2018 Internet Security Threat Report (ISTR), the average user receives 16 malicious spam emails or phishing attempts per month. Over the course of the year, that’s nearly 200 chances to accidentally give away a password, […]

Read More


What benefits does outsourced document scanning offer?

To Scan or not to scan, that is the question. For many rural hospitals, financial institutions, or businesses in highly-regulated industries, “just scan everything” is often the answer. While it’s seemingly the obvious solution, it’s never the easiest, and, in many times, it’s the most […]

Read More


5 ways to create value with your documents

Despite the oppressive heat here in South Georgia, school is back in session. People are shaking off the lazy, hazy, crazy days of summer and jumping back into order and routine. There’s no better time to look at your document management routine and ensure that […]

Read More

Why do most document management software projects fail?

We hear it all the time: “We’re paperless.” “We have the latest, greatest software money can buy.” “We are cloud-based.” However, when we walk through the office, we see papers being shuffled back and forth and hard copy files being referenced. And then we realize, […]

Read More

How Can A Rural Hospital Reduce Risk & Expense?

The average rural hospital has an average 3,000 boxes of paper records even though they implemented EMR software a decade ago. Ninety-five percent of hard copy records will never be accessed, so scanning everything is an expensive, inefficient solution. Labor associated with managing medical records […]

Read More

Reasons SRS Does Business With Other Local Businesses

Secure Records Solutions is a local, family-owned and operated business here in Southwest Georgia. We strive to work with similar business partners because we know the positive impact it has on the economy of Southwestern Georgia. There are familiar faces in chamber meetings, at Rotary […]

Read More

Why Does NAID AAA Certification Matter?

Security FAQ for Finding a Document Management Company The 2018 Cost of a Data Breach Study from IBM Security reported that the average cost, globally, for each lost or stolen confidential record is $148 per record. That comes out to a global average cost of […]

Read More

Hurricane Preparedness Tips for Your Secure Records

Barry. Humberto. Karen. Wendy. You haven’t met them yet; but come summer, you just might. These are some of the 21 names chosen for this year’s storms. The Weather Channel recently released its hurricane outlook for 2019. A total of 14 named storms, seven hurricanes […]

Read More

Earth Day Sustainability

This past Earth Day, April 22, 2019, the hashtag #onegreenthing circulated around social media. Some companies donned green attire and took part in a recycling or clean-up project in their community; others shared images of people planting trees or taking part in an urban garden. Secure […]

Read More

GDPR IS HERE | Is your business ready?

Disclaimer: We are not attorneys. Nothing within this post should be considered legal advice, but rather a spur to put your research hat on! Does your company collect, maintain, or process personal data of individuals within the European Union (EU)?  If so, the General Data Protection […]

Read More

PRISM International & NAID Merge to Form New Industry Association

Secure Records Solutions was honored to participate in the 2018 PRISM International Summit this week as history was made with a vote finalizing the merger between PRISM International and NAID, two industry associations in which we were already very involved. Our Consulting Team Leader, Christopher Jones, first […]

Read More