Know thy cyber enemy: Who's attacking and what they want

Verizon security study shows most attacks made by external parties, primarily based in China and Romania, using wide variety of threat actions

1 2 Page 2
Page 2 of 2

Broken down by country, 30 percent of external attacks came out of China, and most were focused on espionage. Meanwhile, 28 percent of worldwide external attacks stemmed from Romania, and they were evidently financially motivated. The United States spawned the third highest percentage of attacks at 18 percent, most of which were financially motivated.

Fewer inside jobs
Fourteen percent of data breaches came from the inside in 2012. Most were financially motivated, though "not all insiders are about malice and money. Inappropriate behaviors such as 'bringing work home' via personal e-mail accounts or sneakernetting data out on a USB drive against policy also expose sensitive data to a loss of organizational control."

At small organizations (those with 1,000 or fewer employees), cashiers and tellers were the primary insider culprits. At large organizations, administrators topped the list at 31 percent -- though "their role was accidental in eight out of the 13 incidents" pointing to "how scary human error is." End-users were responsible for 24 percent of the data breaches. ("Regular users should seize the opportunity afforded here to start grumbling about the 'stupid admins' for a change," the report suggests.)

Tools of the data-breach business
As to cyber criminals' preferred method of attack, the report found that they used some form of hacking in 52 percent of all data breaches. In 48 percent of those instances, malicious hackers simply used stolen credentials. "[I]t really comes as no surprise that authentication-based attacks (guessing, cracking, or reusing valid credentials) factored into about four of every five breaches involving hacking in our 2012 dataset. Nor is it all that surprising that we see this year after year," according the report. "If we could collectively accept a suitable replacement, it would've forced about 80 percent of these attacks to adapt or die."

Malicious hackers used backdoor or C&C tactics in 44 percent of all instances. Brute-force attacks comprised 34 percent of hack attacks -- mostly against small organizations.

Attackers used malware in 40 percent of the reported data heists. Seventy-four percent of the time, they managed to install malware directly onto a target system. Meanwhile, 47 percent of malware came via email attachment. ("Keep in mind that these vectors are not mutually exclusive," the report noted. "In many cases, an actor may gain initial entry using a malicious e-mail attachment, and then install additional malware on that and other systems throughout the environment.")

Know thy cyber enemy: who's attacking and what they want

As to malware type, spyware and keyloggers were used in 75 percent of malware deployments; backdoor malware was used in 66 percent. Malware capable of exporting data was present 63 percent of the time.

Also of note: The proportion of breaches incorporating social tactics like phishing was four times higher in 2012, used in 29 percent of data breaches. "Credit the rise of this challenger to its widespread use in targeted espionage campaigns," the report said.

Set your defense
As for mitigations, there are plenty of steps organizations can and should take. The report recommends that organizations starting by familiarizing themselves with the Center for Strategic and International Studies' 20 Critical Security Controls for Effective Cyber Defense. They include creating an inventory of your organizations authorized and unauthorized hardware and software; securely configuring hardware and software; embracing continuous vulnerability assessment and remediation; deploying various malware defenses (antivirus, sandboxing, and so on); investing in application-security software; controlling use of admin privileges; creating boundary defenses; and maintaining, monitoring, and analyzing security-audit logs.

This story, "Know thy cyber enemy: Who's attacking and what they want," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
How to choose a low-code development platform