Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you. Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
4. The past month . . .
May 1 – DOJ indicts five PRC PLA Officers on 31 counts including theft of trade secrets, and economic espionage
May 15 - Lockheed admits cyber-attacks into its systems have quadrupled since 2007
May 23 - eBay admits to massive cyber-attack affecting 145million users
May 29 - Spotify tells eBay 'Me, too' as cyber attack compromises 40 million user accounts
May 29 – FireEye reports that Cyberattacks spiked as Russia annexed Crimea
May 30 - Brazilian government hit by cyber attack
June 1 - Western intelligence agencies in consensus predict a "powerful computer attack"from two malware software
programs known as GOZeuS and CryptoLocker.
June 3 – Justice Department indicts Russian cyber-criminal mastermind on 14 counts related to the GOZeuS and
CryptoLocker malware software programs
June 13 -- P.F. Chang's China Bistro breached. The breach has resulted in the probable loss of sensitive debit and credit card
information of its customers.
6. 92% of security incidents can be described
by just nine patterns*
* Based on analysis of over 100,000 incidents from between 2004 and 2013
7. POS Intrusions = 1% Crimeware = 19%
Web App Attacks = 8% Card Skimmers = 1%
Insider Misuse = 19% DoS Attacks = 2%
Physical Theft/Loss = 16% Cyber-espionage = 1%
Misc. Errors = 27% Everything Else = 8%
Based on analysis of over 100,000 incidents from between 2004 and 2013
Share of Incidents, All Industries
8. OF MISUSE
ATTACKS
HAPPENED
ACROSS THE
CORPORATE LAN.
85%
What is it?
When employees (or ex-employees) with access
rights use their privileges to access data, either in
person or over the network.
Is my industry a target?
A wide range of industries were represented: real
estate; public sector; mining; administrative and
others.
Insider Misuse
9. OF ALL
THEFT/LOSS
HAPPENED IN
THE WORK AREA.
43%
What is it?
The loss or theft of laptops, USB keys, printed
papers and other information assets, mostly from
offices, but also from vehicles and homes.
Is my industry a target?
Accidents happen anywhere — but 45% of all
incidents in the healthcare sector fit this profile.
Public sector was also a big contributor.
Physical Theft and Loss
10. What is it?
Any mistake that compromises security,
such as accidentally posting private data to a
public site, or failing to dispose of
documents or assets securely.
Is my industry a target?
Industries that communicate with the public
— such as public sector, administration,
education and healthcare — suffer most.
Miscellaneous Errors
OF ERRORS
INVOLVED
PRINTED
DOCUMENTS.
49%
11. THE MAJORITY OF
CRIMEWARE
INCIDENTS START VIA
WEB ACTIVITY, NOT
LINKS OR
ATTACHMENTS IN
EMAIL.
What is it?
Any use of malware (often web-based) to
compromise systems such as servers and
desktops. This pattern includes phishing.
Is my industry a target?
We found public sector, information, utilities, and
manufacturing were most at risk.
Crimeware
12. 86%
OF SKIMMING
ATTACKS WERE
ON ATMS.
What is it?
The physical installation of a “skimmer” on an
ATM, forecourt gas pump or POS terminal, to read
your card data as you pay.
Is my industry a target?
Banks and retailers are the primary targets, but
anybody that processes card “cardholder present”
transaction is vulnerable — like healthcare
providers.
Payment Card Skimmers
13. +115%
MORE POWERFUL
BOTNETS AND
REFLECTION ATTACKS
HAVE HELPED DRIVE
THE SCALE OF DOS
ATTACKS UP 115%
SINCE 2011.
What is it?
Attackers use “botnets” of PCs and powerful
servers to overwhelm an organization’s systems
and applications with malicious traffic, causing
normal business to grind to a halt.
Is my industry a target?
Attacks are often on mission-critical transactional
systems in finance, retail and similar sectors.
Denial of Service
14. 3x
THIS YEAR’S DATA SET
SHOWS A THREEFOLD
INCREASE IN
ESPIONAGE ATTACKS
YEAR ON YEAR.
What is it?
When state-affiliated actors breach an
organization, often via targeted phishing attacks,
and after intellectual property.
Is my industry a target?
Not just a problem for government and military
organizations, but professional, manufacturing,
mining, transportation and public sector are all
popular targets.
Cyber-espionage
15. Take aways . . .
• The physical component is important in both the physical and digital
domain – exercise vigilance, be paranoid, expect the unexpected.
• Ensure you are aware of your surroundings.
• Where possible use a credit vs. debit card.
• Vet your employees.
• Limit access to critical systems and data.
• Have a security audit performed routinely to ensure your enterprise is
optimized for security – you can pay a little now or a lot later. You
decide.
16. Links
• Metcalf Incident: “Assault on California Power Station Raises Alarm on Potential
for Terrorism”
http://online.wsj.com/news/articles/SB100014240527023048511045793591419
41621778
• Milken Institute “High Stakes in Cyber Security”
http://www.milkeninstitute.org/presentations/mediapage.taf?ID=4818
• Verizon Data Breach Investigation Report:
http://www.verizonenterprise.com/DBIR/
• The New Threat Landscape: http://www.fireeye.com/info-
center/videos/?video=new_threat_landscape
Notas del editor
Does anyone know what this video represents?
I’ll give you a hint – April 16, 2013. Still no ideas? If you watch the video closely, you will see streaks of light, those streaks of light represent sniper rounds impacting metal surfaces. Still no ideas?
This is early morning video surveillance footage of a Pacific Gas and Electric electrical transmission substation in Metcalf California being attacked by snipers.
12:58 – 1:07 AM: attackers slip into an underground AT&T vault and expertly severed six AT&T fiber optic telecommunication lines in a way that would make repair difficult. The lid over this vault was so heavy that it would take at least two people to lift it.
1:31 AM: snipers began firing at the power station, destroying 17 giant transformers and six circuit breakers.
1:41 AM: first call to LE from plant operator
1:45 AM: transformers all over the substation start crashing
1:50 AM: gunmen cease fire and depart
1:51 AM: LE arrive, but can’t enter substation & leave, as everything appears “normal”
3:15 AM when utility electrician arrives the full scope of the damage is appreciated
The Metcalf power station was down for 27 days and the cost of the damage was estimated to be $15.4 million. Members of the Joint Warfare Analysis Center found fingerprint-free shell casings, & small piles of rocks, probably left by an advance scout to tell the attackers where to get the best shots.
This was a low tech attack, but it wasn’t just a bunch of guys drinking brewskies.
Picture of an actual attack on the financial infrastructure of the United States sometime in 2013
Blue dots are victims, suffering from a denial of service attack
Yellow dots were underpinning infrastructure
Red dots represent where attacks were being launched – but in fact they were most likely orchestrated from Iran (according to the Washington Post), this group hijacked the infrastructure of global telecommunications companies to disrupt the financial infrastructure of the United States.
This attack was 3X what most global telecommunications companies could bear.
What is scary about this attack is that the aggressor stopped and pulled back. Why? We don’t know.
Tens of millions were spent trying to shed these attacks
This is a bit of an eye chart. The picture I am painting here is that the threat is persistent and growing. While you’re reading this slide, be sure to check your phone and ensure its not a Tianxing N9500. Today’s WSJ reports that this device comes to you preloaded with malware – in the firmware!
Verizon, in collaboration with 50 other organizations (including FireEye) analyzed 100,000 Data breach incidents, what they found might surprise you
Interesting – when you look across all industries, the 4 largest share of incidents fall into four categories – insider misuse, physical theft / loss, miscellaneous errors and crime ware. We won’t focus on all of these, but of particular note when you look at incidents with confirmed data breaches, two categories stand out: payment card skimmers and cyber espionage. According to Verizon’s cyber threat group, the two fastest growing threats to the enterprise are Denial of Service attacks and Cyber Espionage.
What is it? When employees (or ex-employees) with access rights use their privileges to access data, either in person or over the network. Culprits cover every level of business, from the frontline assistants to the boardroom.
Is my industry a target? Wherever a business trusts people, you’ll find this risk.
What is it? The loss or theft of laptops, USB keys, printed papers and other information assets, mostly from offices, but also from vehicles and homes.
Is my industry a target? Accidents happen anywhere — but 45% of all incidents in the healthcare sector fit this profile. Public sector was also a big contributor.
What is it?
Simply, any mistake that compromises security: which may mean posting private data to a public site accidentally, sending information to the wrong recipients, or failing to dispose of documents or assets securely.
Is my industry a target?
People make mistakes, no matter what industry they work in. But industries that deal in the communication of information — such as public sector, administration, education and healthcare — suffer most.
What is it? Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems such as servers and desktops. This pattern includes phishing.
Is my industry a target? We found public sector, information, utilities and manufacturing were most at risk.
What is it? The physical installation of a “skimmer” on an ATM, forecourt gas pump or POS terminal, to read your card data as you pay.
Is my industry a target? Banks and retailers are the primary targets.
What is it? These are attacks, not attempted breaches. Attackers use “botnets” of PCs and powerful servers to overwhelm an organization’s systems and applications with malicious traffic, causing normal business to grind to a halt.
Is my industry a target? Attacks focused on mission-critical transactional systems in finance, retail and similar sectors.
What is it? When state-affiliated actors breach an organization, often via targeted phishing attacks, and after intellectual property.
Is my industry a target? Espionage is not just a problem for government and military organizations. Professional, transportation, manufacturing, mining and public sector are all popular targets. If a developing economy, without respect of rule of law or intellectual property rights can jump start their R&D process they will – the industries most often target here are those with large investments in R&D