iTWire recommends readers download and read the report (so we won't dissect it directly) however there are highlights worth mentioning.
As the introduction states, "The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of "hacktivism" rose to haunt organizations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can't predict their behavior.
"It wasn't all protest and lulz, however. Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property. We certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012 Data Breach Investigations Report (DBIR) is a recounting of the many facets of corporate data theft."
Overall, and for the first time in the report's history, more data was lost to the activities of hacktivists than to cyber criminals.
In conjunction with this latest report, iTWire took the opportunity to speak with Mark Goudie, Verizon Business' Asia Pacific investigative response managing principal and one of the authors of the report.
Read on for Mark Goudie's comments.
"Last year we were all scratching our heads wondering what was going on because there was only 4 million records stolen (in last year's report) but we had over 700 incidents which was really confounding for a while until we started to work out there has been a significant change in the way cyber crime was operating [this observation was in relation to the decline in intrusions over the previous few years, but a significant rebound in 2011].
"Traditional cyber crime of the past was going after the big brands; of course you heard many of the hacks into the big brands; particularly in the US because they've got laws that make these things far more public and many millions of records were stolen from these big-brand department stores and chain stores.
"Then along came a couple of guys that are doing time for their crimes now. So we think that's had a significant impact on the way the cyber criminals are operating and they're now focussing on much smaller targets. As a method of self-preservation, mainly. All of a sudden they've worked out if they're hunting lions and tigers, every now and again one of them is going to turn around and take retribution upon you for having a few pot-shots at them. Now they've gone back to hunting 'rabbits.' Far less dangerous, unless you're a Monty Python fan!"
But, is it still "for the lulz?"
Goudie: "There's really two distinct groups that have appeared across 2011. Of course you've got the cyber criminals who are in business. They treat this absolutely like a business. There's an interesting little segue in the report which is titled 'Nice work if you can get it.'
"We track a group of cyber criminals across their three-day work week, which is Saturday, Sunday and Monday. They take the rest of the week off, as far as we can tell. So across that three day work week they compromised 22 organisations across nine countries and they even compromised 15 organisations on the Monday, three of which were very close to home, you could say!
"So, these guys were very industrialised, large scale; but all of these attacks were opportunistic. So this is something very much that the organised criminals are focussing on is opportunistic style of attacks. They want to break into organisations that have very low levels of security to steal whatever data they can find. Obviously we don't investigate too often where nothing of value is stolen, so I can only imagine that they're actually breaking into far, far more organisations than what actually gets reported. Because they've probably come in, found nothing of interest and just leave it alone because basically there's no money in it for them."
iTWire: And they'll still probably cover their tracks on the way out anyway, so there's really no evidence they were there.
"One of the things that we did see across 2011 is the rise of hacktivism.
"These guys are far more likely to approach a big target and actually publicly take aim at a particular target and then look for ways in which they can compromise them. Although typically when they taking aim at them to say, "we're looking for ways to breach you, Acme Corporation" in the instances where we've done the investigation, we've find that they're not looking, they have already targeted them and compromised them. They're really just continuing their attack.
"Hacktivism only accounted for 2% of the data breaches that we investigated, but it did account for 58% of the data that we saw stolen last year. So that's a huge disparity - these guys are going after big organisations with big data. It's all about making a splash to get press coverage, to raise the profile of their cause.
"So we have cyber criminals focussing on the small, repeatable softer targets and the hacktivists focussing on the larger targets."
There was one throw-away line that left us somewhat intrigued. In response to an observation that many bush fires seem to occur at around 3:30pm on weekdays - timing is everything! Goudie noted that, "We find there's a bounce in cybercrime after (school) holidays." One wonders if this means the attackers are students who don't hack in their holidays of whether the hackers are older and don't have time to hack while home caring for school-aged children!
The report also makes some recommendations. Nothing startling, but clearly if these are still being re-stated, the message isn't getting through to enough people.
Recommendations for Enterprises
1. Eliminate unnecessary data. Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.
2. Establish essential security controls. To effectively defend against a majority of data breaches, organisations must ensure fundamental and common sense security countermeasures are in place and that they are functioning correctly. Monitor security controls regularly.
3. Place importance on event logs. Monitor and mine event logs for suspicious activity - breaches are usually identified by analysing event logs.
4. Prioritise security strategy. Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritised security strategy.
Recommendations for Small Organisations
1. Use a firewall. Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.
2. Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorised access.
3. Monitor third parties. Third parties often manage firewalls and POS systems. Organisations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.
One final thing. There is always an intriguing security / encryption puzzle associated with the image on the cover. This year's report sees no exception to that tradition - Verizon usually offers a prize to the first person to report the solution (how to claim the prize has previously formed part of the final stage of the puzzle).