2012 Verizon DBIR: Hacktivists make impact on data breach statistics

Hacktivists, typically young cybercriminal activists trying to advance political and social objectives, have made a huge effect on data breaches in 2011, in line with the 2012 Verizon Data Breach Investigations Report (DBIR) (.pdf).

Whether it's hacktivists, cybercriminal gangs or a lone attacker with an automatic toolkit, as far because the network perspective is worried, a probe goes to appear like a probe despite whoever is initiating it.

Andrew Brandt, director of threat research, Solera Networks Research Labs

The 2012 Verizon DBIR, which examines 855 breaches and 174 million stolen records, making up the biggest data set ever analyzed by Verizon. As well as the U.S. Secret Service, Verizon includes data breach cases from the Dutch National High Tech Crime Unit and police forces from Australia, Ireland and London. The result of the report are in line with first-hand accounts of Verizon's forensics investigations from 2004 to 2011 with the only concentrate on the 2012 report in line with last year's case load of 90 confirmed data breaches and 765 breaches investigated by law enforcement. 

Verizon cautions that its data and the info of the participating law enforcement agencies contain a undeniable level of sample bias. As an instance, internal threats make up only 4% of breaches, a fact within the report that Verizon acknowledges is probably going underreported. Many breaches go unreported, Verizon said, and other organizations don't yet realize they've been breached.

Although activist groups accounted for about 3% of the 2011 breaches analyzed inside the report, their spoils made up greater than 100 million records, accounting for 58% of all pilfered data, in accordance with Verizon.  “That's almost twice the quantity pinched by all those financially-motivated professionals,” in response to the report.

The cyberactivists typically deploy relatively unsophisticated attack methods, comparable to a convenience store smash-and-grab burglary, breaking into large enterprises and stealing as much data as they could access, said Christopher Porter, a principal with Verizon's RISK team.

“Many times it kind of feels [hacktivists] search for any weaknesses they'll find after which they attack the organization, publish the data and are available back with a reason of why they targeted the organization after the actual fact,” Porter said.

Hactivists don't bother to hide their tracks and because they do not have financial motivation to sell the information at the black market, the stolen data is made publicly available, leading to an embarrassing high-profile breach and costly clean-up costs, Porter said.

In 2011, 79% of attacks represented within the report were opportunistic and the numerous of them involved hacktivists. Of all attacks, 96% weren't highly difficult. Verizon found that a renewed concentrate on fundamental and comparatively inexpensive security features could address the threat posed by hacktivsts, in addition automated attacks from financially motivated cybercriminals.

“When organized crime groups break into a firm they try to stick as quiet as possible to keep access and collect data through the years,” Porter said. “Hacktivists rarely bothered to hide their tracks.”

Rather than using malware, hacktivists target Web application vulnerabilities, Porter said, garnering them access to Web servers behind the website itself. Web applications were the third commonest attack vector overall in 2011 and were related to over a 3rd of total data loss. Web apps was the route utilized in 56% of enormous business breaches, in line with the 2012 Verizon DBIR data breach statistics.

Meanwhile, remote access services were the fave vector of automated attackers, making up 88% of all breaches in 2011, and backdoors were the second one most common hacking-related pathway.

While some financial data was stolen by hacktivists in 2011, personally identifiable information, corporate email, password files and knowledge about how the victim organization's systems are architected made up the majority of the info stolen by hacktivists.

Payment card information was enthusiastic about 48% of the breaches within the 2012 Verizon DBIR analysis, greater than another data type. Authentication credentials made up 42% of breaches within the DBIR data set. Personally identifiable information, consisting of name, email and national IDs comprised only 4% of breaches but made up 95% of the records lost, compared with just one% in 2010.

Andrew Brandt, director of threat research for Solera Networks Research Labs, said organizations shouldn't make major changes to their security strategy in keeping with one potential threat source, such as hacktivism. a safety conscious business will conduct an audit to come to a decision system weaknesses a minimum of annually to estimate the points most in danger, Brandt said. 

“Whether it's hacktivists, cybercriminal gangs or a lone attacker with an automatic toolkit, as far because the network perspective is bothered, a probe goes to peer like a probe irrespective of whoever is initiating it,” Brandt said.  “We've entered this period where everyone is chipping away nonstop and finally someone will make a mistake; either a human error or a technical one, and that becomes a kind of small cases where an attack is successful.”

Hacktivist attacks take their toll on enterprises and up to date breach cases illustrate that fact. The arrest of six hacktivists believed to be members of the AntiSec Movement has yielded new details into the Stratfor data breach and the prices related to the successful hack of the Austin, Texas-based geopolitical intelligence company. The six men face a lot of charges related to a string of cyberattacks against Stratfor, Fox Broadcasting Company, Sony Pictures Entertainment and the Public Broadcasting Service. The attack against Stratfor reportedly cost the corporate at the least $2 million and ended in $700,000 in unauthorized mastercard charges affecting Stratfor clients. 

The attack illustrates how the threat posed by hacktivist groups can escalate beyond website defacements and webserver leaks. Enterprises have to be accustomed to cybercriminals with financial motivations, nation-states trying to pilfer intellectual property, and hacktivists groups hell bent on pilfering systems to make a political statement, said Paul Henry, security and forensics analyst at vulnerability management and endpoint security vendor Lumension Inc.

The Antisec Movement could conceivably turn more financially motivated, Henry said. Hactivist attacks could blend with state-sponsored cyberattacks, he said.

“Nation-states may realize that it's more efficient to take advantage of hacktivists to collect information from their adversaries, so i wouldn't put it past all these governments to somehow sponsor these activists,” Henry said. “Hacktivists could get their voice heard and make several dollars as well.”

Dig Deeper

• Those that read this also read...