April 15, 2015
In the best-known annual study of data breaches that was released today, namely the “2015 Data Breach Investigations Report”, Verizon Communications Inc. found that more than two-thirds of the 290 electronic espionage cases it learned about in 2014 involved phishing, the security industry's term for trick emails. Because so many people click on tainted links or attachments, sending phishing emails to just 10 employees will get hackers inside corporate gates 90 percent of the time, Verizon found.
"There's an overarching pattern," said Verizon scientist Bob Rudis. Attackers use phishing to install malware and steal credentials from employees, then they use those credentials to roam through networks and access programs and files, he said.
Verizon's report also includes its own business investigations and data from 70 other contributors, including law enforcement. It found that while major new vulnerabilities such as Heartbleed are being used by hackers within hours of their announcement, more attacks last year exploited patchable vulnerabilities dating from 2007, 2010, 2011, 2012 and 2013.
Another section of the Verizon report could help security executives make the case for bigger budgets. The researchers produced the first analysis of the actual costs of breaches derived from insurance claims, instead of survey data.
Verizon said the best indicator of the cost of an incident is the number of records compromised, and that the cost rises logarithmically, flattening as the size of the breach rises.
According to the new Verizon model, the loss of 100,000 records should cost roughly $475,000 on average, while 100 million lost records should cost about $8.85 million.
The Verizon full report can be reached on the following link :
In a related event, Symantec Corp, has released today its annual security report, the “2015 Internet Security Threat Report - Volume 20“, and in which Symantec found that state-sponsored spies also used phishing techniques because they work and because the less-sophisticated approach drew less scrutiny from defenders.
Once inside a system, however, the spies turned fancy, writing customized software to evade detection by whatever security programs the target has installed, Symantec said.
"Once I'm in, I can do what I need to," said Robert Shaker, an incident response manager at Symantec. The report drew on data from 57 million sensors in 157 countries and territories.
Another troubling trend Symantec found involves the use of "ransomware," in which hackers encrypt a computer's files and promise to release them only if the user pays a ransom. (Some 80 percent of the time, they do not decrypt the files even then). The new twist comes from hackers who encrypt files, including those inside critical infrastructure facilities, but do not ask for anything. The mystery is why: Shaker said it is not clear whether the attackers are securing the information for resale to other spies or potential saboteurs, or whether they plan on making their own demands in the future.
The Symantec full report can be reached at the following link:http://www.symantec.com/security_response/publications/threatreport.jsp?inid=us_ghp_hero1_cybercrime-new-tricks