• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 

Critical Sudo bugs expose major Linux distros to local Root exploits

 | 

Google fined $314M for misusing idle Android users' data

 | 

A flaw in Catwatchful spyware exposed logins of +62,000 users

 | 

China-linked group Houken hit French organizations using zero-days

 | 

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

 | 

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Intelligence
  • Security
  • Reading the Verizon Data Breach Investigation Report 2014

Reading the Verizon Data Breach Investigation Report 2014

Pierluigi Paganini April 27, 2014

Verizon Data Breach Investigation Report 2014, to better understand how attackers can affect company business, and learn the proper countermeasures.

Verizon firm provided the first data related to its annual report titled Verizon’s 2014 Data Breach Investigations Report (DBIR). The document reports specific sections around common incident patterns covering the bad actors, the techniques used, targets hit, timelines of the attacks and specific recommendations to mitigate the threat.

The experts observed that the majority of incidents could be placed into one of nine principal patterns, discovering a correlation between them and various industries.

Verizon Data Breach Investigation Report 2014 attack patterns

The data for Verizon’s 2014 Data Breach Investigations Report (DBIR) were collected with the participation of 50 global companies contributing, 1,367 confirmed data breaches and 63,437 security incidents in representing of 95 countries. The last year was characterized by an impressive number of incidents which involved Payment systems, 2013 may be remembered as the “year of the retailer breach,” an year in which offensives mutated from geopolitical attacks to large-scale attacks on payment card systems. The report identified the following principal motives for bad actors responsible of data breaches

  • Financial
  • Espionage
  • Ideology/Fun

As shown in the graph the cyber espionage is in constant increase while a flection has been observed for Financial motivation, but I believe it is just a temporary phenomenon. Verizon Data Breach Investigation Report 2014 threat actor motivation

The industries that most of all were victims of cyber espionage attacks from other countries  are utilities, manufacturing, and mining. In the below table are reported for each industry the percentage of incidents related to the various attack category. For example, in Accommodation industry the 75% of the attacks is related to POS Intrusion.

Verizon Data Breach Investigation Report 2014 attack x industries

The report continues to provide detailed data for each attack method, including recommendations to limit the exposure to the cyber threats. Referring the Web attacks the Verizon data breach reports that the primary causes are the exploitation of weaknesses in the application and the exploitation of stolen credentials to impersonate a valid user.

A significant number of attacks targeted popular content management systems (e.g., Joomla!, WordPress, or Drupal) to gain control of servers for use in DDoS campaigns. Security experts at Verizon recommended the following controls to mitigate the threats:

  • Don’t use single-factor password authentication on anything that faces the Internet;
  • Set up automatic patches for any content management system such as Drupal and WordPress;
  • Fix vulnerabilities right away before the bad guys find them;
  • Enforce lockout policies;
  • Monitor outbound connections.

The report is full of interesting information on data breach … it’s a must read!

Pierluigi Paganini

(Security Affairs –  Verizon’s 2014 Data Breach Investigations Report,  Security)


facebook linkedin twitter

Anonymous cyber espionage Cybercrime data breach DDoS Espionage Hackers Hacking Hacktivism malware POS Verizon Verizon Data Breach Investigation Report 2014

you might also like

Pierluigi Paganini July 09, 2025
Nippon Steel Solutions suffered a data breach following a zero-day attack
Read more
Pierluigi Paganini July 09, 2025
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Nippon Steel Solutions suffered a data breach following a zero-day attack

    Data Breach / July 09, 2025

    Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

    Malware / July 09, 2025

    Hackers weaponize Shellter red teaming tool to spread infostealers

    Malware / July 09, 2025

    Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

    Security / July 08, 2025

    Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

    Intelligence / July 08, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT