Pierluigi Paganini April 27, 2014

Verizon Data Breach Investigation Report 2014, to better understand how attackers can affect company business, and learn the proper countermeasures.

Verizon firm provided the first data related to its annual report titled Verizon’s 2014 Data Breach Investigations Report (DBIR). The document reports specific sections around common incident patterns covering the bad actors, the techniques used, targets hit, timelines of the attacks and specific recommendations to mitigate the threat.

The experts observed that the majority of incidents could be placed into one of nine principal patterns, discovering a correlation between them and various industries.

The data for Verizon’s 2014 Data Breach Investigations Report (DBIR) were collected with the participation of 50 global companies contributing, 1,367 confirmed data breaches and 63,437 security incidents in representing of 95 countries. The last year was characterized by an impressive number of incidents which involved Payment systems, 2013 may be remembered as the “year of the retailer breach,” an year in which offensives mutated from geopolitical attacks to large-scale attacks on payment card systems. The report identified the following principal motives for bad actors responsible of data breaches

• Financial
• Espionage
• Ideology/Fun

As shown in the graph the cyber espionage is in constant increase while a flection has been observed for Financial motivation, but I believe it is just a temporary phenomenon.

The industries that most of all were victims of cyber espionage attacks from other countries  are utilities, manufacturing, and mining. In the below table are reported for each industry the percentage of incidents related to the various attack category. For example, in Accommodation industry the 75% of the attacks is related to POS Intrusion.

The report continues to provide detailed data for each attack method, including recommendations to limit the exposure to the cyber threats. Referring the Web attacks the Verizon data breach reports that the primary causes are the exploitation of weaknesses in the application and the exploitation of stolen credentials to impersonate a valid user.

A significant number of attacks targeted popular content management systems (e.g., Joomla!, WordPress, or Drupal) to gain control of servers for use in DDoS campaigns. Security experts at Verizon recommended the following controls to mitigate the threats:

• Don’t use single-factor password authentication on anything that faces the Internet;
• Set up automatic patches for any content management system such as Drupal and WordPress;
• Fix vulnerabilities right away before the bad guys find them;
• Enforce lockout policies;
• Monitor outbound connections.

The report is full of interesting information on data breach … it’s a must read!

Pierluigi Paganini

(Security Affairs –  Verizon’s 2014 Data Breach Investigations Report,  Security)