author photo
By SecureWorld News Team
Fri | Apr 28, 2017 | 2:43 PM PDT

Verizon recently released its 10th annual Data Breach Investigations Report, and it's packed with diagrams, statistics, and insights about our not-so-favorite cyber criminals.

It's a whopping 74 pages in total, and recounts incidents, reports, and investigations from 2016. However, all of this information was recounted into one specific framework in order to produce a cohesive dataset to give us an overview of the past year, and how that might transcend into the cyber crimes of 2017.

An overview of the DBIR 

A bird's eye view of the data shows us that the most common threat scenario is outside attackers using hacking, malware, and weak passwords to inflict damage.

Organized hacking groups, malicious emails, and social engineering are also extremely common. 

The study is broken down into nine incident classification patterns. The report also goes into detail about eight different industries commonly targeted through these nine types of incidents.

On top of these sections, there are two separate sections devoted entirely to the issues of social engineering and ransomware. For the sake of streamlining, I'll give a high-level overview of each (giving you the opportunity to comb through the report at your leisure!).

Social attacks = sophistication 

Social attacks were involved in 43% of all breaches reported in 2016. Of those, 99% were conducted by outside actors, and 93% of incidents involved a phishing attack.

Alarmingly, 25% of phishing attacks were due to a state-sponsored operation attempting to spy on their recipients. Manufacturing and Public Administration were the two most heavily targeted industries.

However, the Education sector jumped ahead this year, into fourth place. One possible explanation for this is that cyber spies are going after new technologies being developed at universities across the country.

It's not just enough to send out a phishing link and hope for the best though. Cyber criminals are increasingly using tactics the report refers to as 'pretexting' to learn as much as they can about a target before launching their attack. This explains why cyber espionage is so heavily involved in this vector.

Ransomware isn't going away

In the 2014 DBIR, ransomware was the 22nd most common threat. It has since jumped all the way up to 5th place.

Beginning 2015, ransomware has steadily climbed to the top, netting big bucks for cyber criminals.

However, as you can see from the graph, the frequency in ransomware attacks experienced a sharp decline in the last part  of 2016. This 70% decline is due to efforts made against the Locky and CryptoWall variants, as well as a general increase in ransomware detections.

2016 saw both a heavy increase in experimentation, with cyber crooks testing out new ways to further encrypt files and make it harder to forgo payment, while deployment became much cheaper and easier to execute through the use of Ransomware-as-a-Service.

Still, we can be hopeful at the sharp decline in Q4, as law enforcement and sites like nomoreransom.org gain traction in preventing ransomware from spreading.

Certain industries are hurting more than others

For the first time ever, this year's version of the DBIR places a much greater emphasis on the analysis of individual industries.

The figure below outlines the eight different industries represented split into incidents (left column) and breaches (right column) by the frequency of incidents outlined on the X axis.

DBIRindustries.jpg

You can use this graph to determine which areas are particularly harmful to your industry; for example, hacking is a higher threat to the financial sector than to the retail sector.

The Public Administration sector had by far the most number of cyber incidents reported, over any other industry. However, of the 21,239 incidents, only 239 had confirmed data breach disclosures.

The Healthcare industry has a particular challenge in keeping massive amounts of extremely sensitive data private, while also making it quickly accessible to medical practitioners. However, almost 30% of healthcare breaches are due to misdeliveries, disposal errors, and loss of files.

Sifting through incident classification patterns

Verizon has divided attacks into nine key patterns, with 88% of this years' data falling under these 'classic' scenarios.

Although the data is skewed by massive botnet attacks we saw in 2016, such as Mirai, Web Application Attacks are the most common threat vector, according to the report.

breaches.jpg

According to the data, the top industries affected by Web Application Attacks are the Finance, Public Administration, and Information industries.

Cyber Espionage is the second highest modus operandi, which accounts for a huge proportion of social attacks, as mentioned earlier. These types of attacks are much more specific, drawn-out, and targeted. 

Without the skewed data of botnets, cyber espionage would be at the top of the chart. We can expect to see more of this arise in 2017, after major incidents such as election hacking came to a head in 2016.

The report reminds us on page 38, "The real value of the incident patterns is not in how they compare to each other, but as guidance on what is most likely to negatively impact your organization. For example, if you are in the Accommodation industry your main areas of concern center on POS intrusions. On the other hand, retailers have less of a worry about espionage than manufacturers. Does that mean that those are the only areas that you should protect against if you find yourself in one of those demographics? Of course not, but understanding these areas of concern goes a long way to help struggling security professionals gain insight on where and how to invest their limited resources."

In conclusion

Even though statistics are drastic and security outlooks may look bleak, the report concludes in reminding us, "At the end of the day, we are stronger together than any one of us is alone," page 60. 

If we continue to collaborate and share our ideas, success stories, and failures, surely we stand a chance against cyber criminals who are generally acting solo.

By consolidating data throughout the year, and then looking at overall trends spanning a decade, we can hope to properly allocate our resources into the most effective solutions for our businesses. 

Comments