12 Scary Data-Breach Scenarios from Verizon
We've summarized 12 of Verizon's data-breach scenarios for you in our latest gallery — with advice to help fight them.
March 9, 2017
Already have an account?
12 Scary Data-Breach Scenarios from Verizon
Laid-off employees, IoT botnets and ransomware. These are just few of the forces that can infiltrate a company’s cybersecurity.
Last month, Verizon rolled out its Data Breach Digest, a 100-page piece of literature that’s chock full of security stories. Verizon compiled the various types of data-breach threats into four main categories: the human element, conduit devices, configuration exploitation and malicious software. The Digest gives anecdotes and mitigation strategies for each of the 16 scenarios that fall within those four categories.
The Data Breach Digest is considered a companion to the Verizon Data Breach Investigations Report (DBIR), which contains statistics about cybersecurity incidents.
We’ve summarized 12 of the data breach scenarios for you in our latest gallery — with advice to help fight them.
Follow associate editor @JamesAndersonCP on Twitter.
Scary Data Breaches: Financial Pretexting
Category: The Human Element
Nickname: The Golden Fleece
Key Verticals Victim: Financial, Information, Retail
Method: The perpetrator uses social mediums like phishing emails, phone calls and even in-person meetings that play on human emotions (fear, compassion, curiosity, etc.) in order to acquire money.
Example: A phishing email prompted a company to send a wire transfer. The perpetrator registered an email domain that was almost identical to that of the company’s chief information officer, whose job it was to approve transfers. The company’s network would have caught the fake email domain, but the accountant involved with the transaction had been working from a home network.
Mitigation: Require two-step authentication for email access. Designate external emails. Require VPN access for telecommuters.
Scary Data Breaches: Hacktivist Attack
Category: The Human Element
Nickname: The Epluribus Enum
Key Verticals Victim: Financial, Public, Information
Method: The hacktivist generally operates without a financial motive and with the intention of embarrassing the victim and furthering a cause. The exact method may vary from backdoor to DDoS attacks.
Example: Hacktivists took aim at a company that had recently undergone a restructuring. They targeted the personal information of two executives and attempted DDoS attacks on the organization. Hackers eventually redirected one of the company’s websites to an accusatory message on another server. The company’s security apparatus defended most of the DDoS attacks and the attack eventually faded from media attention. Security workers created anonymous accounts on dark web forums to discover the sharing of executives’ personal information.
Mitigation: Stay away from hackers’ radars, develop detection mechanisms and response capabilities, and protect social media accounts.
Scary Data Breaches: Partner Misuse
Category: The Human Element
Nickname: The Indignant Mole
Key Vertical Victim: Accommodation, Financial, Retail, Health Care
Method: An insider mishandles data or abuses privileges out of a grudge.
Example: SMB customers of a regional water supplier suffered compromised accounts and the subsequent transferring of refunds into incorrect bank accounts. Security workers traced the problem back to a third-party call center in India and later to a single user in the call center.
Mitigation: Keep an eye on sensitive data and changes in employee behavior, and network activity.
Scary Data Breaches: Disgruntled Employee
Category: The Human Element
Nickname: The Absolute Zero
Key Vertical Victims: Public, Financial, Health Care
Method: An employee disables controls or abuses data from inside a company.
Example: A worker with administrative access knew he would be fired and decided to log onto the company’s application server. He collected data for future job interviews and disrupted workflow for his former team.
Mitigation: Hold restructuring information closely and increase monitoring for affected employees.
Scary Data Breaches: C2 Takeover
Category: Conduit Devices
Nickname: The Broken Arrow
Key Vertical Victims: Information, Financial, Public, Administrative, Manufacturing
Method: Attackers use Command and Control (C2) infrastructure to manipulate comprised or unmonitored systems.
Example: Threat actors conducted reconnaissance on domains they judged as compromised, with the intention of turning servers into C2 platforms.
Mitigation: Be aware of threat-actor tactics and monitor file-system changes on production servers.
Scary Data Breaches: Mobile Assault
Category: Conduit Devices
Nickname: The Secret Squirrel
Key Vertical Victims: Professional, Administrative, Information, Manufacturing, Financial
Method: Employees suffer this threat at the hands of state-affiliated or organized crime perpetrators while traveling abroad. Extracting data, swapping out hardware and rogue access points are all methods.
Example: A chief security officer noticed odd activity on his cellphone. He had left his phone in his hotel room while travelling and used a wireless access point at a coffee shop. Someone had physically downloaded an exploit kit onto his laptop and likely used a code-injection attack on one of the smartphone’s third-party applications.
Mitigation: Give specific travel devices to employees, train them to handle their devices and data when abroad, and don’t give them administrative access to install apps on them.
Scary Data Breaches: IoT Calamity
Category: Conduit Devices
Nickname: The Panda Monium
Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing
Method: State-affiliated or activist hackers take advantage of compromised or otherwise unprepared IoT devices.
Example: A botnet brute-forced its way into IoT devices and initiated about 5,000 DNS lookups that significantly slowed a university’s network connectivity.
Mitigation: Change default passwords for IoT devices, put IoT devices in IT asset inventory.
Scary Data Breaches: USB Infection
Category: Conduit Devices
Nickname: The Hot Tamale
Key Vertical Victims: Accommodation, Financial, Manufacturing
Method: Threat actors physically access work systems using USB devices or other portable media to introduce malware.
Example: Following a janitorial company’s announcement of a large pay cut, an individual offered janitors money if they brought a USB flash drive into work and plugged it into different systems. Security officials caught the perpetrator and reversed the problem before the threat actor could extract privileged information.
Mitigation: Employ host-based USB device access, disable auto-run functionality and enhance host-based alerts.
Scary Data Breaches: DDoS Attack
Category: Configuration Exploitation
Nickname: The 12000 Monkeyz
Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing, Retail
Method: A computer floods a network connection with traffic and disrupts network operations.
Example: The threat actor targeted a software-as-a-service company in order to disrupt a holiday week and prevent it from handling an influx of users. The attackers used four forms of DDoS to disrupt the network.
Mitigation: Automate prefix routing to the DDoS mitigation provider so that it can deal with the incoming traffic.
Scary Data Breaches: Cloud Storming
Category: Configuration Exploitation
Nickname: The Acumulus Datum
Key Vertical Victims: Utilities, Public, Manufacturing, Transportation
Method: State-affiliated or organized crime parties take advantage of outsourced cybersecurity flaws taking care of data in the cloud.
Example: Threat actors impacted an e-commerce site so that customers entering credit card info would get a failure notice before being redirected to see a completed transaction. The hacker had created a fake payment page that captured credit-card information. The affected company had to work with its third-party web developer and its Indian cloud services provider in order to address the problem.
Mitigation: Ensure that third-party service providers have the architecture for audits and investigations.
Scary Data Breaches: Crypto Malware
Category: Malicious Software
Nickname: The Fetid Cheez
Key Vertical Victims: Varying
Method: Crypto malware encrypts the data of users in order to hold it ransom so that they must pay to access it.
Example: Hackers put a company’s business-critical applications offline and left ransom notes. This stemmed from a network administrator opening an email attachment that unleashed ransomware. The company failed to recover all of the files and ultimately decided to not pay the criminals.
Mitigation: Validate backup processes, block particular email attachments and patch third-party applications.
Scary Data Breaches: Sophisticated Malware
Category: Malicious Software
Nickname: The Pit Viper
Key Vertical Victims: Public, Manufacturing, Transportation, Information
Method: Evolved malware activities include backdoor, C2, Rootkit and exploit vulnerability.
Example: Sophisticated malware varies widely, but typically are difficult to detect and disrupt business-critical functions.
Mitigation: Use centralized log sources to track suspicious activity, keep anti-virus software updated.
12 Scary Data-Breach Scenarios from Verizon
Please click here for more Channel Partners galleries.
Read more about:
AgentsAbout the Author
You May Also Like