Security Report: Web App and POS Attacks Dominated 2013
The annual Verizon security report found that hackers are becoming both more efficient and quicker in their attacks.
According to Verizon, 92 percent of all attacks last year fell into nine basic categories, with the majority relating to Web app attacks and retailer point-of-sale (POS) breaches.
The findings come in Verizon's 2014 Data Breach Investigations Report (DBIR). In it, 50 global companies contributed to a report that studied 1,367 data breach and 63,437 security incidents.
And in those incidents observed, Verizon found that the attackers are getting better at the speed in which a breach occurs and are having higher infiltration success rates than in years before.
"A lot of attackers simply look for vulnerable victims on the Internet and deploy automated attacks," said Paul Pratley, an investigations manager with the RISK Team at Verizon in a statement. "Often it will take seconds to minutes before a network is compromised, but it can take a really long time for an organization to discover it -- weeks to months or even a year. That's something we'd really like to see change."
For those leveraging Web app attacks, the top motivation continues to be ideologically based (65 percent of all Web attacks studied), with financial motivation coming in second (33 percent) and espionage clocking in with 2 percent of all monitored incidents.
What's surprising when looking at Web app attacks is that the overwhelming number (88 percent) of incidents is reported not from internal IT, but from an outside source, whether that be from an affected customer, user or third-party fraud detection service.
Verizon's advice for networks looking to cut down on the number of these types of incidents includes:
- Avoid using single-factor password authentication and mandate that customers use multiple authentication tools and services when using online-based apps.
- IT should adhere to a strict patching process, whether that means setting up an automated patch process that quickly releases fixes to the public or sticking with a stringent manual patching procedure.
- Continue to strengthen processes to internally check for vulnerabilities and make fixing any found flaws an immediate priority.
- Enforce login lockout policies to guard against brute-force attacks.
- Monitor outbound connections for irregularities and make sure that data isn't being sent to suspicious global regions.
The other major trend Verizon found was that retail data breach attacks continue to be a major headache in the security landscape. However, despite major retailer incidents like last year's Target breach, POS-based attacks for the last two years were actually slightly lower than those for the 2010 and 2011.
Still, installing RAM scraper -- malware that is loaded on a POS device to collect data from swiped credit and debit cards -- constitutes the majority (85 percent) of retailer data theft. And then once the data is swiped, all it takes is some time to pull off a brute-force attack for the password.
While the Verizon report repeatedly points out that the sophistication and the number of all-around attacks have been steadily increasing, IT does have the tools to battle today's hackers -- it just needs to take advantage of the technology.
"After analyzing 10 years of data, we realize most organizations cannot keep up with cybercrime -- and the bad guys are winning," said Wade Baker, principal author of the Data Breach Investigations Report series, in a statement. "But by applying big data analytics to security risk management, we can begin to bend the curve and combat cybercrime more effectively and strategically.