Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 1
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
2019 Data Breach Investigations Report
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
This document and any attached materials are the sole property of Verizon and are not to be used
by you other than to evaluate Verizon's service.
This document and any attached materials are not to be disseminated, distributed or otherwise
conveyed throughout your organization to employees without a need for this information or to any
third parties without the express written permission of Verizon.
© 2019 Verizon. All rights reserved. The Verizon name and logo and all other names, logos and
slogans identifying Verizon's products and services are trademarks and service marks or registered
trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United
States and/or other countries.
All other trademarks and service marks are the property of their respective owners.
Proprietary Statement
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
For security practitioners. Written by security practitioners.
Unparalleled reach into breach insights.
3
12 years
86 countries
73 contributors
41,686 security incidents
2,013 data breaches
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
2019 DBIR Contributors (n=73)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Back in 2014 we identified nine incident
patterns that cover most of the threats
likely to be faced.
98.5% of security incidents and 88% of
confirmed data breaches continue to fall
into these across the 2019 report.
Pattern consistency allows security
professionals to prioritize spend when
looking at investments on IT/OT/IoT
Security.
Leveraging our intelligence.Incident Classification Patterns.
5
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
C-level executives
increasingly and proactively
targeted by social breaches
Senior executives are 12x more
likely to be the target of social
incidents, and 9x more likely to be
the target of social breaches than
in previous years – and financial
motivation remains the key drive.
Financially-motivated social
engineering attacks (12%) are a
key topic in this year’s report,
highlighting the critical need to
ensure ALL levels of employees
are made aware of the potential
impact of cybercrime
Hot Topics
6
New analysis from first time
contributor: FBI Internet
Crime Complaint Center
(IC3)
Provides insightful analysis of the
impact of Business Email
Compromises (BECs) and
Computer Data Breaches (CDBs).
When the IC3 Recovery Asset
Team acts upon BECs, and works
with the destination bank, half of
all US-based business email
compromises had 99% of the
money recovered or frozen; and
only 9% had nothing recovered.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Hot Topics
7
Shift in attacker behavior
towards cloud-based
services
Compromise of web-based
email accounts using stolen
credentials (98 percent) is rising
(seen in 60 percent of attacks
involving hacking a web
application
Publishing errors in the cloud
are increasing year-over-year,
exposing at least 60 million
records analyzed in the DBIR
dataset. This (misconfiguration)
accounts for 21 percent of
breaches caused by errors.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• One quarter of all breaches are still associated with
espionage.
• External threat actors are still the primary force behind
attacks (69 percent of breaches) with insiders accounting for
34 percent.
• Chip and Pin payment technology has started delivering
security dividends - the number of payment card web
application compromises is close to exceeding the number of
physical terminal compromises in payment card related
breaches.
Other Key Findings
8
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• Ransomware attacks are still strong, accounting for 24
percent of the malware incidents analyzed; ranking as #2 in
the malware varieties most used.
• Media-hyped crypto-mining attacks were hardly existent -
these types of attacks were not listed in the top 10 malware
varieties, and only accounted for roughly 2 percent of
incidents.
• Attacks on Human Resource personnel have decreased from
last year - findings saw 6x fewer of those professionals
being impacted this year compared to last, correlating with
the W-2 scams almost disappearing from the DBIR dataset.
Other Key Findings (2)
9
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Unbroken Chains – Path-based attack analysis
10
• Most of the successful attacks are short, likely because it is both cheaper and easier for the attacker (or the
breach is simply due to a single error).
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Unbroken Chains – Path-based attack analysis
11
• When you examine the
attack paths, the
“malware” threat action
variety usually doesn't
begin a breach (it is
normally a second or
later step on the
compromise)
• Also, breaches rarely
end with a ‘social’ action,
(so if you see a social
attack, you can expect
more to follow).
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• Accommodation and Food Services
• Educational Services
• Financial and Insurance
• Healthcare
• Information
• Manufacturing
• Professional, Technical & Scientific Services
• Public Administration
• Retail
Details by Vertical
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Accommodation and Food Services
13
• While POS breaches are
often a small business issue,
large hotel and restaurant
chains can learn from this
data, and if they use a
franchise business model--
disseminate this knowledge
to their franchisees.
• In fact, 100 percent of POS
breaches in this industry
were discovered via external
methods. This is a clear
indicator that while there is
work to be done on
preventative controls around
POS compromise, there is
equal room for improvement
in detecting compromise.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Educational Services
14
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Financial and Insurance
15
• In this industry, we acknowledge,
but filter, over 40,000 breaches
associated with botnets to be
analyzed separately.
• Physical attacks against ATMs
have seen a decline from their
heyday of the early 2010’s. We
are hopeful that the progress
made in the implementation of
EMV chips in debit cards,
influenced by the liability shift to
ATM owners, is one reason for
this decline.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Healthcare
16
• Unsurprisingly, Medical data is 18
times more likely to be
compromised in this industry.
• When an internal actor is involved,
is it 14 times more likely to be a
medical professional such as a
doctor or nurse.
• Databases are a favorite for
internal misuse, and those attacks
take longer to discover versus
attacks by external actors.
• Over 70% of all malware in this
vertical was ransomware.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Information
17
• The disparity between external
attackers (56%) and internal
attackers (44%) is less than in
most other industry verticals
represented.
• Information has one of the
highest amounts of the data type
‘Secrets’ (22%) stolen among
industries.
• Error (43%) is one of the top two
causes of data breaches in this
industry.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Manufacturing
18
• For the second year in a row,
financially motivated attacks
outnumber cyber-espionage as
the main reason for breaches in
manufacturing, and this year by a
more significant percentage (40%
difference).
• Speaking to the web application
attacks, this industry shares the
same burden of dealing with stolen
webmail credentials as other
industries did. Most breaches with a
web application as a vector, also
featured a mail server as an
affected asset. From an overall
breach perspective, the use of
stolen credentials and web
applications were the most
common hacking actions and
vector
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Professional, Technical & Scientific Services
19
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Public Administration
20
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Retail
21
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
• While we have observed a definite shift in attacker behavior towards
cloud-based services for email and online payment card processing
systems, this does not indicate that there are necessarily any inherent
weaknesses associated with those environments.
• Instead, we believe this to simply be a result of the attacker changing
tactics and targets to meet the corresponding change in the locations
of valuable corporate assets.
• As the victim organizations increasingly migrate to cloud based
solutions, the attackers must alter their actions in order to access and
monetize those assets.
• The evolving job of the CISO/CSO is to understand how this large-
scale digital relocation changes the landscape, and how they can
make known risk vectors more or less likely.
Wrapping up - DBIR
22
“The more things change, the more they stay the same”.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or
distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Questions?
23
https://enterprise.verizon.com/resources/reports/dbir/