Verizon has just released their annual Data Breach Digest, outlining the themes that came out of their investigation of 500 cases pertaining to cyber security. All of these breaches were broken down into 18 common scenarios, clustered into four groups. I’ve outlined them below to give you a teaser of the 84 page document.
- The human element—five scenarios highlighting human threats or targets (48% of breaches)
- Social Engineering (16% of breaches)
- This is generally used for cyber espionage by organized crime or a government such as China, Argentina, North Korea, and Russia
- Financial Pretexting (7% of breaches)
- This is generally used for financial gain by organized crime
- Digital Extortion (9% of breaches)
- This is generally used for financial gain by organized crime using ransomware on an organization’s server
- Insider Threat (12% of breaches)
- This is generally used by employees with access to money or financial transactions with a grudge.
- Partner Misuse (4% of breaches)
- This is generally when a principal takes advantage of partners
- Social Engineering (16% of breaches)
- Conduit devices—five scenarios covering device misuse or tampering (65% of breaches).
- USB Infection (4% of breaches)
- This is generally associated with state and organized crime, used for corporate espionage and financial gain
- Peripheral Tampering (1% of breaches)
- Organized crime in Eastern Europe, Brazil, and the US are typically associated with the payment card skimmer breach
- Hactivist Attack (3% of breaches)
- Groups like Anonymous target organizations they have differences with to shut down or deface their websites and interrupt their ability to operate
- Rogue Connection (4% of breaches)
- Organized crime uses phishing, spyware, and key logger software to steal financial information.
- Logic Switch (53% of breaches)
- State and organized crime use SQL injection and stolen credentials to manipulate account balances, create non existent funds, bypass security, and cash out quickly.
- USB Infection (4% of breaches)
- Configuration exploitation—four scenarios focusing on reconfigured ormisconfigured settings (100% of breaches – some use multiple methods simultaneously).
- SQL Injection (11% of breaches)
- These attacks abuse an application’s interaction with its backend database. They frequently target web applications.
- Content Management System (CMS) Compromise (46% of breaches)
- CMS vulnerabilities are used to install backdoor software the attacker can come back to later to access the data or use the system.
- Backdoor Access (51% of breaches)
- Once a backdoor has been created in an application, the infiltrator can push further into the organization’s systems and install other malware to capture keystrokes, escalate privileges, compromise accounts and export data.
- Domain Name System (DNS) Tunneling (1% of breaches)
- This involves creating an unintended communication channel to a C2 server to exfiltrate data. Networks with particularly tough security protocols are typically the target of these attacks.
- SQL Injection (11% of breaches)
- Malicious software—four scenarios centering on sophisticated orspecial-purpose illicit software (86% of breaches).
- Data Ransomware (4% of breaches)
- This malware is used to prevent users from accessing data until they pay a ransom to have it unlocked. Organized crime are the typical perpetrators.
- Sophisticated Malware (32% of breaches)
- Antivirus software is rendered ineffective because this utilizes custom-written, special purpose malware. This generally occurs in targeted attacks.
- RAMscraping (8% of breaches)
- Organized crime uses customized tools for identifying and exporting specific data, generally financial.
- Credential Theft (42% of breaches)
- These spyware/keylogger attacks involve unauthorized software or hardware used to gain access to protected elements of an organization’s IT infrastructure and are used for financial gain and espionage.
- Data Ransomware (4% of breaches)
