Computer network breach or botnet

Nine out of 10 attacks effective in minutes

Pro
Image: Stockfresh

26 April 2016

In more than nine out of 10 (93%) cases it took attackers minutes or less to compromise target systems.

That is the stark headline from the 2016 Verizon Data Breach Investigations report. It is, unfortunately, backed up by the worrying fact that it takes the majority of compromised organisations (83%) weeks or more to discover attacks, and in the majority of cases, it is still a third party that informs the victim organisation a breach has taken place.

Neal Maguire, investigations manager with the Verizon RISK Team speaking to TechPro, said that the breach investigations report, now in its ninth year, “is the ongoing study of security failures and the lessons learned”.

“We try to boil down all of the data into actionable intelligence,” said Maguire, “to try to keep organisations out of the breach headlines.”

“It is meant to be educational, driving out that knowledge to key stakeholders so they have the knowledge and the situational awareness to incorporate the lessons into their security strategy and roadmap.”

Not a survey
Maguire highlighted the fact that the report is not a survey, but is based on real data, confirmed data breaches and security incidents, as well as looking at the tools, techniques and strategies of the threat actors.

“We try to boil down all of the data into actionable intelligence,” said Maguire, “to try to keep organisations out of the breach headlines.”

However, other key findings from the report do not paint a good picture of general security stances. The report found that 63% of confirmed data breaches still involved leveraging weak, default or stolen passwords.

“Often the reason why criminals were so quick at breaking in was that they already had the key. Social engineering remains worryingly effective — ‘click here to reset your banking password’. We found that almost a third (30%) of phishing messages were opened — up from 23% in 2014. And 12% of targets went on to open the malicious attachment or click the link — about the same as 2014 (11%),” says the report.

These phishing attacks, of various types from mass mailers to targeted attacks, are on the rise. When asked why, Maguire was unequivocal.

“Why do cybercriminals send out phishing emails? Because they work,” said Maguire.

Out of almost 10,000 phishing attacks that were documented, nearly 1,000 led to a breach, Maguire said.

Perhaps most worryingly, the median time to open a phishing email and click on the attachment is less than 5 minutes.

Nine patterns of attack
In an overall context, the report found that 95% of breaches, and 86% of security incidents, are covered by just nine patterns of attack. Of these the top three were miscellaneous errors (17.7%), followed by insider and privilege abuse (16.3%) and physical theft and loss (15.1%). Perhaps oddly, denial of service at 15% is only fourth in the list, followed by crimeware (12.4%), web application attacks (8.3%) and point of sale intrusions (0.8%).

Maguire said the overarching lesson to be learned from this that organisations need to be more aware of what he called the ‘cybercrime playbook’. By knowing the kinds of attacks that are most common, and why they are effective, organisations can then begin to understand their own particular vulnerabilities.

Maguire said that by understanding where an attack might be focused, as well as the likely tactics, would allow organisations to better target their own resources to mitigate those risks. This informed and focused approach would mean that the resources available to the organisation are best deployed to meet the risks. He said organisations cannot mitigate all risks, but by understanding the ones that are most pertinent to them, they had the best chance of mitigation.

Impact understanding
Maguire also advised that employees be educated not only to recognise and guard against the likes of phishing emails and poor password security, but also the potential impact on their organisations. Maguire believes that by understanding the potential damage and very real existential threat to the organisation, employees would be better motivated to protect themselves and the organisation.

When this level of awareness is combined with two-factor authentication and focused resource deployment, organisations have the best chance to make themselves the least attractive target for attackers.

However, despite this advice, the report also found that espionage continues to be an issue. Public sector, manufacturing and financial services continue to top the hit list for cyberespionage, with business secrets and desirable information being the most popular targets, Maguire said. Again, phishing scams are most commonly employed to gain persistent backdoors for such attacks.

 

 

 

 

TechCentral Reporters

Read More:


Back to Top ↑

TechCentral.ie