Breaches becoming more complex and damaging

Data breaches are becoming more complex, pervasive and damaging, with the human element remaining a weak link in the security chain, according to US-based ICT giant Verizon.

The company’s latest Data Breach Digest provides a detailed look at 16 recent representative real-world data breach investigations.

The related Data Breach Investigation Report found that over 90% of data breaches fall into one of nine incident patterns. These are insider and privilege misuse, cyber-espionage, web application attacks, crimeware, point-of-sale intrusions, DoS attacks, payment card skimmers, physical theft and loss, and miscellaneous errors directly causing data loss.

The digest concentrated on six of these, excluding the physical theft, payment card skimmers and miscellaneous errors. In turn the 16 scenarios were divided into four groups, concentrating on the human element, device misuse or tampering, system configuration exploitation and malicious software.

The report found that humans continue to play a significant role in data breaches as threat actors, targeted victims and incident response stakeholders. Attackers seeking to exploit the human element use techniques including phishing (92%), pretexting (4%) and bribery or solicitation (3%).

Examples listed in the report include a cybercriminal initiating a fraudulent wire transfer by sending an email appearing to be from the organisation’s CIO, using a domain that was just one character off from the organisation’s web domain, as well as hacktivists defacing an organisation’s website by targeting its domain registrar with a social engineering attack.

Devices also play a substantial role in data breaches, with vulnerable devices often targeted for use as command and control platforms or pass-through intermediaries.

Attacks are also growing in both complexity and sophistication, and the residual impact of falling victim to a data breach is growing, commented Bryan Sartin, executive director of Verizon Enterprise Solutions’ RISK Team.

“In working with victim organisations, we find that breaches touch every part of an organisation up to and including its board of directors. Companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible,” he said.

“Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price.”

The report also outlines the five actions an organisation should take in the aftermath of a breach, during the investigation period. It recommends organisations should preserve evidence, remain flexible and adaptable to evolving situations, establish consistent methods for communication, collaborate with other stakeholders and document any findings or actions taken.

DDoS mega attacks on the rise

As well as the ever-growing sophistication of data breach attacks, another issue the security community is grappling with is a rise in large-scale DDoS attacks.

Akamai’s latest quarterly State of the Internet report shows that there were 12 “mega attacks” — DDoS attacks peaking at greater than 100 Gbps during the fourth quarter. This represents a 140% year-on-year increase.

Seven of the 12 mega attacks were directly attributable to Mirai, the IoT-based botnet that made headlines last year. But the largest DDoS attack recorded during the quarter peaked at 517 Gbps, and came from Spike, a non-IoT botnet that has been operating for over two years.

“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security,” Akamai’s senior security advocate and report editor Martin McKeay said.

“For example, perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that’s the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks.”

Overall, DDoS attack totals declined during the quarter, but the number of IP addresses involved in DDoS attacks grew significantly.

The number of web application attacks meanwhile declined 19% year-on-year, but SQL injection web application attacks increased by 44%.

Image courtesy of Blogtrepreneur under CC

Follow us on Twitter and Facebook