![Disclosures ,[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommandé
Recommandé
Contenu connexe
Similaire à Know Your Enemy: Verizon Data Breach Report
Similaire à Know Your Enemy: Verizon Data Breach Report (20)
Know Your Enemy: Verizon Data Breach Report
- 1. Verizon Data Breach Report “Know Your Enemy” Edition Originally prepared for InfraGard Honolulu Chapter May 3, 2011 Beau Monday, CISSP GSEC Information Security Officer @ HawaiianTel
- 6. Demographics – by Sector
- 13. Malware
- 16. Attack Pathways
Notes de l'éditeur
- Focused on who the bad guys are and what they are exploiting.
- Most of NHTCU’s time was spent taking down a huge child porn ring and taking down botnets, so they are not actually included in the 2010 stats. They are laser focused on high value targets, and don’t investigate a large volume of cases.
- Top3 remain the same, just shuffle places (Fin was 1 st last year, then hosp, then retail). Have to keep in mind that the 2009 dataset was only 141 breaches. So, while Government sector is the same 4% of the total as it was in 2009, the number of breaches there actually quadrupled from 6 to 27.
- Again, dataset size is deceiving here. While the percentage of breaches overwhelmingly seemed to target SMBs, the number of breaches by companies of 1000+ employees still doubled since last year. This graph actually trends closely with the size of businesses in the United States overall.
- Only 3 partner-related incidents this year. 1 was a deliberate act, 2 were unintentional. Our long-fought battle with malicious insiders is finally won, right? Not so fast.
- While the percentage of insider breaches was down, the actual number of incidents doubled. Decline in partner-contributing breaches appear to be genuine, which is a good thing.
- Eastern Europe was still top dog in last year’s report, but only by a margin of 21% to USA’s 19%. Shows marked rise in criminal groups based in Eastern Europe.
- Infection vectors and functionality. Trend continues to focus on exfiltration capabilities and remote access. The 79% exfiltration and 78% backdoor represent huge jumps from last year (32% and 36%, respectively)
- 18% of malware investigated by Verizon was completely custom, and two-thirds was customized to some degree, mostly to avoid AV detection.
- Web application vulns fell to 3 rd place, from it’s traditional 1 st place spot, but if you take out the hosp and retail verticals, web applications are back on top and more prevalent than ever.
- Wait – IN PERSON?? Email was the favorite MO last year, but criminals have gotten personal it seems
- Skimming operations are becoming more organized and sophisticated. Sprees can target 50-100 businesses at a time
- Remote access channels are increasingly a favorite target. With the proliferation of cloud-type offerings like GoToMyPC, do you really know what remote access capabilities you have in your environment? Data exfiltration continues to be the primary goal of most intruders.
- Log management: reducing time to discovery is critical in limiting the damage intruders can inflict on your organization.
- Many companies don’t know what to do when they suspect a problem. Users clicking on hostile attachments is still a problem (see: RSA). Don’t neglect educating employees on social engineering tactics that involve a personal contact.