Cybercriminals having easy time breaching corporate networks

LAS VEGAS — Verizon today issued its annual Data Breach Investigation Report, timed for the opening day of the giant Black Hat cybersecurity convention here in the Nevada dessert.

It’s not widely known that the telecom giant is home to a crack cybersecurity forensics team. Over the past half dozen or so years, Verizon’s cybersleuths have been retained by large organizations to probe more than 900 separate cases of data theft in which some 900 million records were compromised.

Based on direct evidence from those hands-on probes of real hacks, Verizon’s annual breach report stands apart from other cybersecurity studies, many of which are based on subjective, anecdotal opinions of survey respondents.

For the first time, the U.S. Secret Service contributed information from 84 major cybercriminal cases it investigated in 2009. Combined with findings from 57 private investigations Verizon conducted last year, the report gives a high-definition snapshot of cybercriminal activity.

One big finding: cybercriminals used stolen account logons in 38% of successful data breaches, accounting for 86% of the records compromised in 2009. This dovetails with the relentless rise in phishing attacks that trick people into divulging usernames, passwords and answers to authentication questions, says Wade Baker director of risk intelligence at Verizon Business.

There are some stunning commonalities among the combined 141 breach cases investigated by Verizon and the Secret Service:

  • 98% of all data breached came from hacked servers.
  • 96% of these breaches were avoidable through simple intermediate controls.
  • 85% of these attacks were not considered highly difficult.

“These were breaches of organizations with pretty mature security programs,” notes Baker. “When you talk about large, distributed organizations with massive, diverse IT systems, it is just flat out hard to have a consistent approach to security.”

Cisco also released a first-of-its kind report at Black Hat today. The switching technology giant merged data collected from its IPS line of products with investigative analysis from its IronPort messaging security and ScanSafe web security acquisitions.

For the second quarter of this year, ending June 30, Cisco’s new Quarterly Global Threat Report found:

  • Continuous high-saturation of malicious software circulating on the Internet.
  • Eastern Europe encountered the highest rate of web-based malicious software, followed by South America and China.
  • Cybercriminals acutely intensified attacks against pharmaceutical and chemical companies, as well as energy, oil and gas companies.

By Byron Acohido

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone