Security Market Segment LS
Thursday, 22 March 2012 23:44

The Verizon 2012 Data Breach Investigations Report


Every year, Verizon builds a major snapshot of all the data breaches they investigated in the previous year.  The latest report details the rise of hacktivism and the continuation of cyber criminal activity around the world.  We also interview one of the report's authors.

This year's report is based on many of Verizon's own investigations and also includes content from five major police organisations: Australian Federal Police, The Dutch National High Tech Crime Unit, the Irish Reporting and Information Security Service, the London Metropolitan Police's Central E-Crime Unit and the US Secret Service.

iTWire recommends readers download and read the report (so we won't dissect it directly) however there are highlights worth mentioning.

As the introduction states, "The online world was rife with the clashing of ideals, taking the form of activism, protests, retaliation, and pranks. While these activities encompassed more than data breaches (e.g., DDoS attacks), the theft of corporate and personal information was certainly a core tactic. This re-imagined and re-invigorated specter of "hacktivism" rose to haunt organizations around the world. Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn't follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can't predict their behavior.

"It wasn't all protest and lulz, however. Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets. Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property. We certainly encountered many faces, varied tactics, and diverse motives in the past year, and in many ways, the 2012 Data Breach Investigations Report (DBIR) is a recounting of the many facets of corporate data theft."

Overall, and for the first time in the report's history, more data was lost to the activities of hacktivists than to cyber criminals.

In conjunction with this latest report, iTWire took the opportunity to speak with Mark Goudie, Verizon Business' Asia Pacific investigative response managing principal and one of the authors of the report.

Read on for Mark Goudie's comments.

When asked to summarise the report, Verizon's Mark Goudie observed, "Last year we actually saw a record number of incidents.  We study two major indicators of cyber crime, the number of incidents that we see and the number of records or individual pieces of data that are stolen.  Last year had the greatest number of incidents we've seen in any given year and last we had the second greatest amount of data stolen.

"Last year we were all scratching our heads wondering what was going on because there was only 4 million records stolen (in last year's report) but we had over 700 incidents which was really confounding for a while until we started to work out there has been a significant change in the way cyber crime was operating [this observation was in relation to the decline in intrusions over the previous few years, but a significant rebound in 2011]. 

"Traditional cyber crime of the past was going after the big brands; of course you heard many of the hacks into the big brands; particularly in the US because they've got laws that make these things far more public and many millions of records were stolen from these big-brand department stores and chain stores.

"Then along came a couple of guys that are doing time for their crimes now.  So we think that's had a significant impact on the way the cyber criminals are operating and they're now focussing on much smaller targets.  As a method of self-preservation, mainly.  All of a sudden they've worked out if they're hunting lions and tigers, every now and again one of them is going to turn around and take retribution upon you for having a few pot-shots at them.  Now they've gone back to hunting 'rabbits.'  Far less dangerous, unless you're a Monty Python fan!"

But, is it still "for the lulz?"

iTWire: Are they doing it for the data or are they still doing it for the fun?

Goudie: "There's really two distinct groups that have appeared across 2011.  Of course you've got the cyber criminals who are in business.  They treat this absolutely like a business.  There's an interesting little segue in the report which is titled 'Nice work if you can get it.'

"We track a group of cyber criminals across their three-day work week, which is Saturday, Sunday and Monday.  They take the rest of the week off, as far as we can tell.  So across that three day work week they compromised 22 organisations across nine countries and they even compromised 15 organisations on the Monday, three of which were very close to home, you could say! 

"So, these guys were very industrialised, large scale; but all of these attacks were opportunistic.  So this is something very much that the organised criminals are focussing on is opportunistic style of attacks.  They want to break into organisations that have very low levels of security to steal whatever data they can find.  Obviously we don't investigate too often where nothing of value is stolen, so I can only imagine that they're actually breaking into far, far more organisations than what actually gets reported.  Because they've probably come in, found nothing of interest and just leave it alone because basically there's no money in it for them."

iTWire: And they'll still probably cover their tracks on the way out anyway, so there's really no evidence they were there.

Goudie: "Yes."

"One of the things that we did see across 2011 is the rise of hacktivism.

"These guys are far more likely to approach a big target and actually publicly take aim at a particular target and then look for ways in which they can compromise them.  Although typically when they taking aim at them to say, "we're looking for ways to breach you, Acme Corporation" in the instances where we've done the investigation, we've find that they're not looking, they have already targeted them and compromised them.  They're really just continuing their attack.

"Hacktivism only accounted for 2% of the data breaches that we investigated, but it did account for 58% of the data that we saw stolen last year.  So that's a huge disparity - these guys are going after big organisations with big data.  It's all about making a splash to get press coverage, to raise the profile of their cause.

"So we have cyber criminals focussing on the small, repeatable softer targets and the hacktivists focussing on the larger targets."

There was one throw-away line that left us somewhat intrigued.  In response to an observation that many bush fires seem to occur at around 3:30pm on weekdays - timing is everything!  Goudie noted that, "We find there's a bounce in cybercrime after (school) holidays."  One wonders if this means the attackers are students who don't hack in their holidays of whether the hackers are older and don't have time to hack while home caring for school-aged children!

The report also makes some recommendations.  Nothing startling, but clearly if these are still being re-stated, the message isn't getting through to enough people.

Here are the report's recommendations:

Recommendations for Enterprises
1. Eliminate unnecessary data.
Unless there is a compelling reason to store or transmit data, destroy it. Monitor all important data that must be kept.

2. Establish essential security controls. To effectively defend against a majority of data breaches, organisations must ensure fundamental and common sense security countermeasures are in place and that they are functioning correctly. Monitor security controls regularly.

3. Place importance on event logs. Monitor and mine event logs for suspicious activity - breaches are usually identified by analysing event logs.

4. Prioritise security strategy. Enterprises should evaluate their threat landscape and use the findings to create a unique, prioritised security strategy.

Recommendations for Small Organisations
1. Use a firewall.
Install and maintain a firewall on Internet-facing services to protect data. Hackers cannot steal what they cannot reach.

2. Change default credentials. Point-of-sale (POS) and other systems come with pre-set credentials. Change the credentials to prevent unauthorised access.

3. Monitor third parties. Third parties often manage firewalls and POS systems.  Organisations should monitor these vendors to ensure they have implemented the above security recommendations, where applicable.

One final thing.  There is always an intriguing security / encryption puzzle associated with the image on the cover.  This year's report sees no exception to that tradition - Verizon usually offers a prize to the first person to report the solution (how to claim the prize has previously formed part of the final stage of the puzzle).


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments