2010 Data Breach Investigations Report

Similar documents
2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

2012 Data Breach Investigations Report

7 VITAL FACTS ABOUT HEALTHCARE BREACHES.

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Information Security and Risk Management

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

INVESTIGATIONS REPORT

Risky Business. Is Your Cybersecurity in Cruise Control? ISACA Austin Chapter Meeting May 5, 2015

DBIR INDUSTRY SNAPSHOT: FINANCE AND INSURANCE

Defensible Strategy To. Cyber Incident Response

Cybersecurity: Protecting Your Business. March 11, 2015

Rashmi Knowles Chief Security Architect EMEA

Securing OS Legacy Systems Alexander Rau

Into the cybersecurity breach

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Protecting against cyber threats and security breaches

Security Intelligence

Defending Against Attacks by Modeling Threat Behaviors

Software Defined Network

Privilege Gone Wild: The State of Privileged Account Management in 2015

IBM Security re-defines enterprise endpoint protection against advanced malware

Security for a Smarter Planet IBM Corporation All Rights Reserved.

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Advanced SOC Design. Next Generation Security Operations. Shane Harsch Senior Solutions Principal, MBA GCED CISSP RSA

Security Landscape of Cloud Computing

Symantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team

Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

Privilege Gone Wild: The State of Privileged Account Management in 2015

After the Attack. The Transformation of EMC Security Operations

Collateral Effects of Cyberwar

Security and Privacy

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID

Reduce Your Breach Risk: File Integrity Monitoring for PCI DSS Compliance and Data Security

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at

Network Security & Privacy Landscape

Cyber Security An Exercise in Predicting the Future

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Advanced Threats: The New World Order

BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT

Attack Intelligence: Why It Matters

Speed Up Incident Response with Actionable Forensic Analytics

Hunting for Indicators of Compromise

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Information Security Incident Management Guidelines

VerIS a Framework for Gathering Risk Management Informa8on from Security Incidents

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cyber Security Metrics Dashboards & Analytics

Security Analytics for Smart Grid

How To Create Situational Awareness

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

The Business Case for Security Information Management

Risk Analytics for Cyber Security

The Cloud App Visibility Blindspot

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

Working with the FBI

Agenda , Palo Alto Networks. Confidential and Proprietary.

Stay ahead of insiderthreats with predictive,intelligent security

Data-Centric Security vs. Database-Level Security

Keynote: FBI Wednesday, February 4 noon 1:10 p.m.

Brief. The BakerHostetler Data Security Incident Response Report 2015

DBIR SNAPSHOT: INTELLECTUAL PROPERTY THEFT

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Cybersecurity Awareness. Part 1

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

IT Security Strategy and Priorities. Stefan Lager CTO Services

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

Defending Against Data Beaches: Internal Controls for Cybersecurity

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Cyber security Building confidence in your digital future

Worldwide Security and Vulnerability Management Forecast and 2008 Vendor Shares

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Determining Data Equity: Capture and Calculate Valuation at Risk

How To Fix A Broken Server At A Major Corporation

Software that provides secure access to technology, everywhere.

Solution Path: Threats and Vulnerabilities

Transcription:

2010 Data Breach Investigations Report Matthijs van de Wel Managing Principal Forensics EMEA 2010 Verizon. All Rights Reserved. PTE14626 07/10

PROPRIETARY STATEMENT This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. 2

A call for breach research we will create a National Digital Security Board modeled on the National Transportation Safety Board. The NDSB will have the authority to investigate information security breaches reported by victim organizations. The NDSB will publish reports on its findings for the benefit of the public and other organizations, thereby increasing transparency in two respects. First, intrusions will have real costs beyond those directly associated with the incident, by bringing potentially poor security practices and software to the attention of the public. Second, other organizations will learn how to avoid the mistakes made by those who fall victim to intruders. -- Remarks by the president on securing our nation s cyber infrastructure May 29, 2009 http://www.whitehouse.gov/the_press_office/remarks-by-the-president-on-securing-our-nations-cyber-infrastructure/

Methodology Data Source Verizon Business Investigative Response Team NEW: United States Secret Service (USSS) Collection and Analysis VERIS framework used to collect data after investigation USSS used internal application based on VERIS Case data anonymized and aggregated RISK Intelligence team provides analytics Data Sample Six years of forensic investigations (not internal Verizon incidents) >900 breaches, 900 million stolen records in combined dataset Actual compromise rather than data-at-risk Both disclosed and non-disclosed Many of the largest breaches ever reported 4

VERIS Framework VERIS is a set of metrics designed to provide a common language for describing security incidents (or threats) in a structured and repeatable manner. The overall goal is to create a foundation for data-driven decision-making and risk management.

VERIS Framework The Incident Classification section employs Verizon s A 4 threat model A security incident (or threat scenario) is modeled as a series of events. Every event is comprised of the following 4 A s: Agent: Whose actions affected the asset Action: What actions affected the asset Asset: Which assets were affected Attribute: How the asset was affected Incident as a > chain of events 1 > 2 > 3 > 4 > 5 6

2010 Data Breach Investigations Report RESULTS & ANALYSIS 2010 Verizon. All Rights Reserved. PTE14626 07/10

8 Threat Agents

9 Threat Agents

10 External Agents

11 Internal Agents

12 Partner Agents

13 Threat Actions

14 Threat Actions Verizon

15 Threat Actions USSS

16 Malware Infection Vector

17 Malware Functionality

18 Malware Customization

19 Hacking Types

Hacking Paths 20 Patchable vulnerabilities: 0

21 Social Types

22 Misuse Types

23 Assets & Data

24 Attack Difficulty & Targeting

25 Time Span of Events

26 Discovery Methods

27 Unknown Unknowns

28 PCI DSS

Conclusion & Recommendations Overall USSS cases afforded more complete picture of breaches Further confirmation on what we already observed New insight from pieces of the picture we were missing Agents External small majority of breaches, dominates overall data loss Largely due to organized crime Internal up because of USSS cases Partner down again in both datasets Actions Two most-common scenarios Exploit error, gain access to network/systems, install malware (External) Exploit privilege, abuse access and/or embezzle funds/data (Internal) Still not highly difficult or targeted though slightly more than before 29

Conclusion & Recommendations 30 Assets Most data compromised from servers & apps Desktops/laptops increasing; related to stolen credentials Most criminals interested in cashable forms of data Discovery & Response Discovery still takes a long time and is largely due to third parties Response and containment slow and prone to mishap Mitigation The basics if done consistently are sufficient in most cases Keep outsiders out; they are increasingly difficult to control once in Restrict and monitor insiders; disable access when they leave Maintain adequate resources for detection; make better use of logs Plan, prepare, train, and test for a timely and effective response

DBIR http://www.verizonbusiness.com/databreach VERIS https://verisframework.wiki.zoho.com/ Blog http://securityblog.verizonbusiness.com Email dbir@verizonbusiness.com Thijs Bosschert thijs.bosschert@verizonbusiness.com 31

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information