The majority of cyberespionage attacks (87%) were attributed to state-affiliated actors, but organised crime played a role too, accounting for 11% of incidents. The most common attack vectors for this type of breach were malicious email attachments and web-based drive-by downloads launched from compromised legitimate web sites visited by the intended targets.
The largest number of cyberespionage-related breaches were in the public, manufacturing, professional and technical sectors since the attackers responsible were primarily interested in stealing internal corporate data, trade secrets and classified information.
Eighty-five percent of breaches that resulted from cyberespionage attacks were discovered by external parties, not the victim organisations, and in 62% of cases the breach discovery took place months after the compromise.
Point-of-sale (POS) intrusions were also a significant threat and resulted in 14% of all breaches. However, their number has actually declined compared to previous years, in particular 2010 and 2011.
While large, well-publicised payment card data breaches involving compromised POS systems were reported over the past five months at Target and other retailers, such incidents have affected small and medium-sized businesses for years.
POS attacks are driven by financial motives and most of them can be attributed to organised criminal groups operating out of Eastern Europe, Verizon said in the report. “Such groups are very efficient at what they do; they eat POSs like yours for breakfast, then wash ’em down with a shot of vodka.”
Brute forcing remote access connections and using stolen credentials remained the primary vectors for POS intrusions in 2013 according to the report, but an interesting development last year was the resurgence of RAM-scraping malware.
RAM scrapers were the fifth-most-common threat action in 2009, but then fell to the bottom of the top 20 list until last year, when they rose to the number four position.
Once installed on a POS terminal, RAM-scraping malware programs monitor the system’s random access memory (RAM) for transaction data in clear text, before such information is processed and encrypted.
In almost all cases of POS-related data breaches in 2013 the intrusion was reported to the victim organisations by third parties, with notifications by law enforcement and external fraud detection systems being the leading causes of discovery. This means organisations typically learn about POS breaches after attackers begin exploiting the stolen data for financial gain.
Such groups are very efficient at what they do; they eat POSs like yours for breakfast, then wash ’em down with a shot of vodka
Compared to previous years, the new edition of Verizon’s Data Breach Investigations Report is more actionable. The company has included recommended security controls for each of the nine major incident patterns it has identified: POS intrusions, Web application attacks, insider misuse, physical theft and loss, miscellaneous errors, crimeware, card skimmers, denial-of-service attacks and cyberespionage. This could help organisations in different industry sectors prioritise certain defences depending on the attacks they’re more likely to face.
For example, companies from the accommodation and retail sectors will learn from the report that they are likely to be the target of POS intrusion attempts and could focus on the recommended controls for that threat. Those include restricting remote access to POS systems and enforcing strong password policies; prohibiting web browsing, email and social media use on POS terminals; installing antivirus programs on POS systems; monitoring network traffic to and from POS terminals, and using two-factor authentication for authenticating third-party and internal users to such systems.
Lucian Constantin, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers