VERIZON DBIR TOP THREATS: CREDENTIAL THEFT, PHISHING AND POS
iSpeech
A lack of security common sense still plagues businesses with 30 percent of phishing emails opened by campaign targets. Worse, 12 percent click on the attachments inside those phishing attacks, giving crooks easy access to systems to snarf up credentials that are later used to pull off financially or espionage motivated crimes. Thatâs the big takeaway from Verizonâs 2016 Data Breach Investigations Report. Scheduled to be publicly released Wednesday, the report (PDF) taps information from more 100,000 incidents, 2,260 confirmed data breaches from 67 contributors including security service providers, law enforcement and government agencies.
Pro PoS Malware Simple, Less Sophisticated Than Initially Thought December 17, 2015 , 3:56 pm Most alarming is not whatâs new in the report, rather whatâs old and still causing chaos behind corporate firewalls. Older phishing attacks, malware and weak passwords, Verizon said, are still dominating the threat landscape. Phishing emails, something security experts have warned us about for over a decade, are opened by nearly one out of three recipients. And thatâs bad news, compared to 2015âs DBIR report of 23 percent of phishing messages opened by recipients.
âThe phishing email is being leveraged by opportunistic and targeted attacks,â said Marc Spitler, a researcher and co-author of Verizonâs Data Breach Investigations Report. âIt is being leveraged by state affiliated groups and organized crime. Itâs leveraging that human aspect of making targets interact with a link or more often an email attachment.â And what are those phishing attacks after? In a word, credentials.
Phishing emails, Verizon reports, are packed with exploits within one thing in mind â steal privileged access credentials. Phishing scams are used to open up backdoors that establish footholds and smuggle malware into targeted networks. Stolen credentials are then used to push the breach further into and across networks in hopes of stumbling on access to financial data or point-of-sale bank card systems. âWe call this the birth and re-birth of data breach. The first page of the intruderâs playbook is phishing, but after malware is used to get control over a device attackers go in different criminal directions within a companyâs network,â Spitler said.
Once intruders make it in, 89 percent of those data breaches were either financially or espionage motivated, Verizon reports. Verizon said most attacks compromise a system within days of initial infection â with two-thirds of crooks making off with stolen data within 48 hours after the initial compromise. However, some attackers work at lightning speed, Verizon reports, with a growing number of intruders compromising systems in minutes and make off with stolen data just as fast. âWhatâs not happening quickly, and what weâd like to see, is how long it takes to discover intrusions,â Spitler said. âUnfortunately, the time to discovery is not progressing at the same rate as the time to compromise. They are innovating faster than we are,â he said. For those reasons, things such as single-factor authentication just doesnât cut anymore.
[adsense size='1']
Enterprises need to upgrade to true multifactor protection for network access, Verizon recommends. When it comes to confirmed data breaches, 63 percent involved attackers using weak, default or stolen passwords. Understanding attack patterns is half the battle when it comes to playing defense, Spitler said. According to Verizonâs DBIR report 95 percent of breaches fall in to nine patterns: Miscellaneous errors represent 17.7 percent of breaches; insider and privilege misuse (16.3 percent); physical theft and loss (15.1 percent); denial of service (15 percent); crimeware (12.4 percent); web app attacks (8.3 percent), point-of-sale intrusions (0.8 percent); cyber-espionage (0.4 per cent); payment card skimmers (0.2 per cent).
Gloss