Hacking Pays

By: Becky Bracken

The hackers are winning. From taking over CNN's Twitter account to compromising Target's payment systems over the busy holiday shopping season, attacks are becoming more frequent, more sophisticated and more devastating. And the stakes continue to push ever higher. The December 2013 customer data breach is likely what cost Target's CEO Gregg Steinhafel his job when he was forced to step down in May 2014.

Enterprises and the service providers which power their information and communications systems are under enormous pressure to stay one step ahead of the hackers. But they're losing. Why? Because hackers are, by nature, collaborative, which is perhaps counter-intuitive on its face. Hackers have developed clandestine means to share information and piggyback off one another's efforts, according to Araceli Treu Gomes the Manager of Cybersecurity Solutions Engineering at Verizon. This is what those in the industry working feverishly to combat these threats need to figure out: how to collaborate and share information without exposing sensitive information. Collaboration without exposure, that's what Gomes and her colleagues at Verizon wanted to work to provide to network security professionals, and they're off to a strong start. 

“The bad actors are collaborating together better than [we] are," Gomes says. “And they're outpacing our ability to keep up.”

To help service providers and enterprises level the collaborative-information-sharing field, Verizon launched the Vocabulary for Event Recording and Incident Sharing (VERIS), which aims to help to provide a common language for describing security incidents in a way that's easy to measure and track. VERIS is free for public use. Launched in 2013, the VERIS Community Database (VCDB) project uses volunteers from the security community to try and record all publicly-disclosed security incidents. That shared data is analyzed and used to create a Verizon report that tries to find patterns, predict where future attacks will hit, from where they will originate and, most significantly, how to protect against them.

In April, Verizon released its 2014 Data Breach Investigations Report (DBIR), based on much of the information collected in the VCDB, and contributed to by 50 global organizations representing 95 countries, to provide a snapshot of the year's notable security developments. The breakthrough in the research this year shows a specific pattern of security attacks. In fact, the report reveals that over the last three years, 95 percent of breaches can be put into nine specific categories: 

  1. Miscellaneous errors - such as sending an email to the wrong person; 
  2. Crimeware - various malware aimed at gaining control of systems; 
  3. Insider/privilege misuse - internal exploitation of access, information and systems;
  4. Physical theft/loss - the loss of physical systems, equipment, and the information or access to information contained therein;
  5. Web app attacks - the exploitation of web code or web site vulnerabilities;
  6. Denial of service attacks - the attempt to make a machine, network or website unavailable;
  7. Cyber Espionage - nation- or state-sponsored attacks with the intent to gather information from other governments, enterprise trade secrets, or economic market advantages;
  8. Point-of-sale (POS) intrusions - data-stealing software installed on retail POS devices to relate payment card information, and 
  9. Payment card skimmers - physical devices affixed to or installed inside of payment card machines such as ATMs and gasp pumps intended to swipe payment data from unsuspecting users.

The report adds that, although Target and other POS data security attacks garner a lot of attention, the total number of attacks of that flavor are down. POS attacks, though less frequent, now are fewer in number, but more devastating. Indeed the hackers are getting more efficient in their efforts.

“Given recent headlines, some may be surprised to find that POS intrusions are trending down over the last several years,” according to the report. “That’s mainly because we’ve seen comparatively fewer attack sprees involving numerous small franchises. Brute forcing remote access connections to POS still leads as the primary intrusion vector. A resurgence of RAM scraping malware is the most prominent tactical development in 2013.”

Additionally, 2014 saw a three-fold increase in cyber espionage compared with the 2013 DBIR. As it did last year, China still leads as the location of the most cyber espionage activity; but the other regions of the world are certainly represented, including Eastern Europe with more than 20 percent. 


Latest Updates

Subscribe to our YouTube Channel