Verizon Report – Findings From The Data Breach Digest

Posted: Mar 17, 2016
Share This:

A recent report published by Verizon, ‘Data breach digest – Scenarios from the field’ has revealed some interesting statistics about data breaches. The report looks at 18 data breach scenarios, which were selected due to their prevalence and/or lethality.

Of these 18 scenarios, 12 were chosen as they are the most common types of data breach, and the other six scenarios, while less common, met the lethality criterion to be included. The report contains real-life examples of data breaches investigated by Verizon, with useful information about the scenario, as well as how to identify it, remedy it, and prevent it from happening again.

According to the report, the incident classification patterns involving confirmed data breaches, in order of frequency, over the past three years were:

  1. Point-of-sale (POS) intrusions—POS application/system related attacks.
  2. Web app attacks—web application related stolen credentials or vulnerability exploits.
  3. Cyberespionage—state-affiliated, targeted attacks.
  4. Crimeware—malware used to compromise systems.
  5. Insider and privilege misuse—unauthorized insider related activity.
  6. Payment card skimmers—physically installed malicious card readers.
  7. Miscellaneous errors—any mistake that compromises security.
  8. Physical theft and loss—physical loss or theft of data/IT related assets.
  9. Denial of service (DoS) attacks—non-breach related attacks affecting business operations.

Only the first 6 patterns were used in this digest report.

VZ post 1


Common Data Breach Scenarios

Each scenario in the report has been assigned an ‘attack/defend card’ which is broken down into four categories:

Data breach scenario

  • Frequency, sophistication, composition

Incident pattern

  • Pattern, time to discovery, time to containment

Threat actor

  • Motive, disposition, tactics and techniques

Targeted victims

  • Industries, attributes, countermeasures


VZ post 2

With malicious data breaches on the rise, particularly in the healthcare sector, this report helps organizations understand where these risks are coming from, and what the intention of the perpetrator might be.

Around 20% of confirmed data breaches invested by Verizon’ RISK Team over the last 8 years involved manipulating users in one way or another, often targeting authorized users to gain access to data. However, over the last three years, abuse of legitimate privileges accounted for nearly one in ten (9%) of the breaches that we investigated.

In addition to this, just two vulnerabilities play a part in 80% of data breaches. These are both simple weaknesses in authentication: stealing credentials, either by tricking users into revealing them, or allowing users to set passwords that can be easily cracked. Worst of all, techniques to combat both of these types of threat are well-established and are often inexpensive.

Malware plays a huge part in data breaches, with some form present in more than half of the data breaches that were investigated as part of the report. There are many way it can be used; from forming part of the initial compromise, to capturing valuable data and credentials, to leapfrogging into other systems, and finally, for extracting the information and covering the attacker’s tracks. Malware is so versatile that it is hardly surprising that it’s an integral part of almost every sophisticated data breach.

This report provides an excellent overview of what to do if your organization finds itself responding to a cybersecurity incident. The ‘attack/defend’ cards  used throughout the report –  which Verizon have presented in an easily digestible format help organizations to understand the cause of a data breach – allow them to shed some light on the causes of a data breach quickly.

The examples in the report which detail the evidence and methods of a data breach demonstrates how the investigation can progress quickly to containment and recovery once your organization can identify what type of attack they are dealing with. Furthermore, this report may help organizations to identify where they have weaknesses in their security and act upon it before it is too late.

Read the report in full here.