Security – Verizon Data Breach insights

February 18th, 2017 by Stephen Jones Leave a reply »

The 2017 Verizon Data Breach Digest, published Tuesday, found that the effects of a breach are spreading to even more parts of an enterprise, increasingly causing problems outside of IT.

They examined 16 different scenarios examined in the 2017 Digest drawn from Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team’s investigation of 1,400 breach cases over the past three years. The scenarios were broken up into the following four breach types:

1. The human element.
Those breaches in which humans:
– had been compromised,
– or simply made a mistake,
– or intentionally acted maliciously.

Two of the scenarios—hactivist attack and partner misuse—were labeled as “lethal.”

The hacktivist attack occurs when a hacker targets a company in response to a perceived injustice committed by the firm.
Partner misuse refers to an attack when an indignant stakeholder attacks the firm from the inside. Another example of this kind of breach is a disgruntled ex-employee.

2. Conduit devices

Conduit devices are points of entry by which an attacker gains access to an organization’s network. Mobile assault and IoT calamity were the names given to the lethal scenarios of this breach type.

– A mobile assault occurred refers to a business traveler who uses an unsecure Wi-Fi connection, which leads to his phone being compromised.

– An example of an IoT calamity is a major university that was breached through its connected vending machines and smart light bulbs.

3. Configuration exploitation

“From a system standpoint, misconfigured devices are the vectors of compromise; from a network standpoint, misconfigurations allow for easy lateral movement and avenues for data exfiltration.”

Lethal scenarios of this type are a DDoS Attack. and an ICS onslaught.

– An One example of a major DDoS attack is the Mirai botnet that took down the DNS provider Dyn, and almost took down an entire country.
– An ICS onslaught occurs when an industrial control system is compromised, and may lead toboth massive physical damage and data leaks.

4. Malicious software

In the Verizon report, none were labeled as lethal. Examples are traditional malware, RAM scraping, spyware, and keylogger software. The Digest lists the three primary purposes of malware as meant to “establish a beachhead, collect data, and exfiltrate data.”

To respond to a breach, the Verizon Data Breach Digest recommends taking the following five actions:
1.”Preserve evidence; consider consequences of every action taken.”
2.”Be flexible; adapt to evolving situations.”
3.”Establish consistent methods for communication.”
4.”Know your limitations; collaborate with other key stakeholders.”
5.”Document actions and findings; be prepared to explain them
.”

Advertisement

Comments are closed.