In the secretly shrouded world of data breach investigations, few know what goes on in the field. Today Verizon unveiled its first Data Breach Digest, a behind-the-scenes look at cyber investigations that tell the stories behind the Data Breach Investigations Report (DBIR), developed by Verizon Enterprise Solutions.
The new report from Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team details 18 real-world data breach scenarios based on their prevalence and/or lethality in the field. Twelve of the cases represent more than 60 percent of the 1,175 cases investigated by the RISK team over the past three years while the other six are less common but more lethal.
For each scenario, you go through a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures. All data is categorized according to the standardized VERIS (Vocabulary for Event Recording and Incident Sharing) Framework used to compile the DBIR.
The report will help businesses and government organizations understand how to identify signs of a data breach, important sources of evidence and ways to quickly investigate, contain and recover from a breach.
“The research suggests that at any given time, the vast majority of incidents fall into a small number of actual breach scenarios,” said Bryan Sartin, managing director, the RISK Team, Verizon Enterprise Solutions. “There is tremendous commonality in the breaches we see and investigate on behalf of our clients.”
The report groups the 18 scenarios into four different types of breaches and gives each a personality, including these select examples:
- The human element
- Social engineering – The Hyper Click
- Partner misuse – The Busted Chain
- Conduit devices
- Peripheral tampering – The Bad Tuna
- Hacktivist attack – The Dark Shadow
- Configuration exploitation
- Backdoor access – The Alley Cat
- CMS compromise – The Roman Holiday
- Malicious software
- Data ransomware – The Catch 22
- RAM scraping – The Leaky Boot
In an effort to preserve anonymity, Verizon has modified/excluded certain details of each real-world situation including changing names, geographic locations, quantity of records stolen and monetary loss details. Everything else has been imported straight from Verizon’s case files.
The Verizon RISK Team performs cyber investigations for hundreds of commercial enterprises and government agencies across the globe. In 2015, the RISK team investigated more than 500 cybersecurity incidents in more than 40 countries. In 2008, the results of this team’s field investigations were the genesis of the first Data Breach Investigations Report, an annual publication that dissects real-world data breaches with the goal of enlightening the public about the nature of threat actors behind the attacks, the methods they use, including the data they seek and the victims they target.
To access the full digest, visit: http://verizonenterprise.com/databreachdigest
