RSA 2012: External Attacks Were The Most Common Breach Vector In 2011

External attackers were behind most 2011 data breaches, using malware or just hacking a way in, according to a Verizon report

Malware and hacking were the most commonly used attack vectors in data breaches during 2011, according to a sneak peek of the 2012 Data Breach Investigations Report from Verizon given this week to attendees at the RSA Conference in San Francisco.

Verizon released a preliminary version of its 2012 Data Breach Investigations Report (DBIR). It contains “a few snapshots” from the Verizon case-load that was analysed for the report. The full version of the report is expected to be released in the coming weeks.

‘Exciting’ year

The full DBIR will include information about more than 850 data breaches in 2011, according to Verizon. However, a little over 10 percent of the incidents were actually investigated by Verizon Risk (Research, Investigations, Solutions, Knowledge) team. Verizon complemented the information from those 90 incidents with data gathered from five law enforcement agencies it partnered with.

The agencies included the US Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police.

“One might consider this to be a tasty morsel to whet the appetite for the full report,” Verizon Risk researchers wrote in the report.

The year was “exciting”, with plenty of mini-breaches and mega-breaches to keep information security professionals awake at night, Verizon wrote. There was a little bit of everything, with hacktivism, cyber-espionage and organised crime wreaking havoc on enterprise and government systems around the world.

Retail, which included both online and traditional brick-and-mortar merchants, hospitality, and financial sectors suffered the most incidents in 2011, Verizon said. However, information and manufacturing industries lost the largest amount of data, measured in the number of records compromised, according to the preliminary report.

Financial gain appeared to still be the main motivation for cyber-attacks, according to the preliminary report. While organised crime was responsible for a majority of the incidents, but online protests, other forms of “hacktivism”, and disgruntled ex-employees also caused significant damage, according to the Verizon Risk team.

Increase in external attacks

External attacks continued to rise, as Verizon researchers found that 92 percent of attacks analysed were external in origin. This is a significant change from previous years. Between 2004 and 2007, 80 percent of the breaches involved outsiders.

Hacking and malware remain significant threats as these two attack methods played some role or other in nearly all, or 99 percent of all the incidents, according to the current report. These two methods are popular because they allow attackers remote access, automation, and an easy getaway, Verizon said. Social engineering techniques was also increasing in popularity, associated with over half of the breaches investigated, Verizon said.

However, Verizon warned against ignoring all other threats to focus on hacking and malware. The report’s finding just means that organisations should identify its weakness with respect to malware and hacking threats and prioritise related defences.

The most common servers breached in 2011 were point-of-sale servers, web and application servers, and database servers led the pack. Desktops, laptops, and point-of-sale terminals comprised the bulk of compromised end-user devices, Verizon said.

Payment cards information, personal identifying information, and authentication credentials were the most often compromised in 2011, but other types of sensitive organisational data, trade secrets and copyright information were also stolen, Verizon said.

Breach delay

Organisations are still taking a while to detect they have been compromised. While it takes attackers a very short time to breach the network and steal data, nearly 60 percent of the incidents were detected months or years after the fact, Verizon found.

“That’s a long time for customer data, intellectual property and other sensitive information to be at the disposal of criminals,” According to the report.

Two-thirds of the breaches were detected when an external third-party noticed the problem. However, Verizon found a “glimmer of good news”, as the number of breaches that were detected because the organisation was actively monitoring its logs have gone up since previous years.

Verizon’s report affirmed just how global the cyber-problem has gotten. Less than half of the data breaches reported originated in North America. The bulk of the breach reports were in Europe, the Middle East and Asia-Pacific, Verizon found.

How well do you know Internet security? Try our quiz and find out!