FYI...Verizon Investigative Response Caseload Review
Feb 29, 2012 - "Verizon -2011- Investigative Response (IR) Caseload Review* is a preview of their pending larger Data Breach Investigations Report (DBIR).
Analysis: This report indicates that outside attacks towards servers
comprise the largest source of data breach incidents. Financial gain continues to be a motive, however increasing amounts of hacktivism accelerates data breach trends. System penetration and malware are the highest threats, with default and weak passwords and backdoor tools being the highest vectors
. 90% of organizations were alerted by an outside organization, pointing to the fact that internal monitoring systems, if used, were not as useful. Encryption can help reduce the pain of a data breach incident, but much sensitive data is not properly encrypted."
* http://securityblog.verizonbusiness.com/2012/02/29/quick-look-at-2011/(Info below from linked PDF report at URL above - pg. 5)Top 10
threat action varieties by number of breaches
Hacking - Exploitation of default or guessable credentials - 29%
Malware - Backdoor (allows remote access / control) - 26%
Hacking - Use of stolen login credentials - 24%
Hacking - Exploitation of backdoor or command and control channel - 23%
Malware - Keylogger / Form-grabber / Spyware (capture data from user activity) - 18%
Malware - Send data to external site / entity - 17%
Malware - System / network utilities (PsTools, Netcat) - 14%
Hacking - SQL Injection - 13%
Malware - Capture data resident on system (e.g., cache, disk) - 9%
Malware - Download / install additional malware or updates - 9% ...(... pg.6)
"... Among servers involved in breaches in our 2011 cases, point-of-sale servers, web/application servers, and database servers led the pack. Desktops, laptops, and point-of-sale terminals comprised the bulk of compromised end-user devices.
With respect to the data stolen from these assets, criminals got away with a mixed bag. Payment cards, personal information, and authentication credentials were most often compromised, but other types of sensitive organizational data, trade secrets, and copyrighted information were taken..."