• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 

Sophos fixed two critical Sophos Firewall vulnerabilities

 | 

French Authorities confirm XSS.is admin arrested in Ukraine

 | 

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Hacking
  • Intelligence
  • Security
  • Reading the Verizon Data Breach Investigation Report 2014

Reading the Verizon Data Breach Investigation Report 2014

Pierluigi Paganini April 27, 2014

Verizon Data Breach Investigation Report 2014, to better understand how attackers can affect company business, and learn the proper countermeasures.

Verizon firm provided the first data related to its annual report titled Verizon’s 2014 Data Breach Investigations Report (DBIR). The document reports specific sections around common incident patterns covering the bad actors, the techniques used, targets hit, timelines of the attacks and specific recommendations to mitigate the threat.

The experts observed that the majority of incidents could be placed into one of nine principal patterns, discovering a correlation between them and various industries.

Verizon Data Breach Investigation Report 2014 attack patterns

The data for Verizon’s 2014 Data Breach Investigations Report (DBIR) were collected with the participation of 50 global companies contributing, 1,367 confirmed data breaches and 63,437 security incidents in representing of 95 countries. The last year was characterized by an impressive number of incidents which involved Payment systems, 2013 may be remembered as the “year of the retailer breach,” an year in which offensives mutated from geopolitical attacks to large-scale attacks on payment card systems. The report identified the following principal motives for bad actors responsible of data breaches

  • Financial
  • Espionage
  • Ideology/Fun

As shown in the graph the cyber espionage is in constant increase while a flection has been observed for Financial motivation, but I believe it is just a temporary phenomenon. Verizon Data Breach Investigation Report 2014 threat actor motivation

The industries that most of all were victims of cyber espionage attacks from other countries  are utilities, manufacturing, and mining. In the below table are reported for each industry the percentage of incidents related to the various attack category. For example, in Accommodation industry the 75% of the attacks is related to POS Intrusion.

Verizon Data Breach Investigation Report 2014 attack x industries

The report continues to provide detailed data for each attack method, including recommendations to limit the exposure to the cyber threats. Referring the Web attacks the Verizon data breach reports that the primary causes are the exploitation of weaknesses in the application and the exploitation of stolen credentials to impersonate a valid user.

A significant number of attacks targeted popular content management systems (e.g., Joomla!, WordPress, or Drupal) to gain control of servers for use in DDoS campaigns. Security experts at Verizon recommended the following controls to mitigate the threats:

  • Don’t use single-factor password authentication on anything that faces the Internet;
  • Set up automatic patches for any content management system such as Drupal and WordPress;
  • Fix vulnerabilities right away before the bad guys find them;
  • Enforce lockout policies;
  • Monitor outbound connections.

The report is full of interesting information on data breach … it’s a must read!

Pierluigi Paganini

(Security Affairs –  Verizon’s 2014 Data Breach Investigations Report,  Security)


facebook linkedin twitter

Anonymous cyber espionage Cybercrime data breach DDoS Espionage Hackers Hacking Hacktivism malware POS Verizon Verizon Data Breach Investigation Report 2014

you might also like

Pierluigi Paganini July 26, 2025
Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme
Read more
Pierluigi Paganini July 25, 2025
Operation CargoTalon targets Russia’s aerospace with EAGLET malware,
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

    Malware / July 27, 2025

    Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 27, 2025

    Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

    Cyber Crime / July 26, 2025

    Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

    Intelligence / July 26, 2025

    Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

    Intelligence / July 25, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT