observations on modern cyber crime and espionage - wade baker, verizon
DESCRIPTION
Based on forensic evidence collected while investigating some of the largest data breaches in history, Wade Baker will present a rare view into the world of cyber crime & espionage. Over the last seven years, Baker and his colleagues have compiled one of the largest and most detailed security incident repositories in the world. Their research has been used by law enforcement agencies around the world to prosecute criminals as well as by numerous organizations to assess and improve their security program. The presentation will discuss the evolution of cybercrime & espionage and delve into the people, methods, and motives that drive it today. See Wade Baker's Edge Presentation: http://www.akamai.com/html/custconf/edgetv.html#wade-baker The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013. Learn more at http://www.akamai.com/edgeTRANSCRIPT
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
Are modern threats so advanced,
diverse, and unpredictable that we
can’t mount any meaningful defense
against them?
> Let’s explore that question today
An ongoing study that analyzes forensic
evidence to uncover how sensitive data is
stolen from organizations, who’s doing it,
why they’re doing it, and what might be
done to prevent it.
Data Breach Investigations Report
• Australian Federal Police
• CERT Insider Threat Center
• Consortium of Cybersecurity Action
• Danish Ministry of Defence
• Danish National Police
• Deloitte
• Dutch Police
• Electricity Sector ISAC
• European Cyber Crime Center
• G-C Partners, LLC
• Guardia Civil
• Industrial Control Systems CERT
• Irish Reporting & InfoSec Service
• Malaysia CERT
• National Cybersecurity &
Communications Integration Center
• ThreatSim
• US CERT
• US Secret Service
• Verizon
--------------------------------------------------------------2013 CONTRIBUTORS--------------------------------------------------------------
Adware , Backdoor , Brute force , Capture app data , Capture stored data , Client-side , C2 , Destroy data ,
Disable controls , DoS , Downloader , Exploit vuln , Export data , Packet sniffer , Password dumper , Ram
scraper , Ransomware , Rootkit , Scan network , Spam , Spyware , SQL injection , Utility , Worm , Abuse of
functionality , Brute force , Buffer overflow , Cache poisoning , Credential/session prediction , Cross-site
request forgery , Cross-site scripting , Cryptanalysis , Denial of service , Footprinting and fingerprinting ,
Forced browsing , Format string attack , Fuzz testing , HTTP request smuggling , HTTP request splitting , HTTP
response smuggling , HTTP Response Splitting , Integer overflows , LDAP injection , Mail command injection ,
Man-in-the-middle attack , Null byte injection , Offline cracking , OS commanding , Path traversal , Remote
file inclusion , Reverse engineering , Routing detour , Session fixation , Session replay , Soap array abuse ,
Special element injection , SQL injection , SSL injection , URL redirector abuse , Use of backdoor or C2 , Use of
stolen creds , XML attribute blowup , XML entity expansion , XML external entities , XML injection , XPath
injection , XQuery injection , Baiting , Bribery , Elicitation , Extortion , Forgery , Influence , Scam , Phishing ,
Pretexting , Propaganda , Spam , Knowledge abuse , Privilege abuse , Embezzlement , Data mishandling ,
Email misuse , Net misuse , Illicit content , Unapproved workaround , Unapproved hardware , Unapproved
software , Assault , Sabotage , Snooping , Surveillance , Tampering , Theft , Wiretapping , Classification error ,
Data entry error , Disposal error , Gaffe , Loss , Maintenance error , Misconfiguration , Misdelivery ,
Misinformation , Omission , Physical accidents , Capacity shortage , Programming error , Publishing error ,
Malfunction , Deterioration , Earthquake , EMI , ESD , Temperature , Fire , Flood , Hazmat , Humidity ,
Hurricane , Ice , Landslide , Lightning , Meteorite , Particulates , Pathogen , Power failure , Tornado , Tsunami ,
Vermin , Volcano , Leak , Wind
All threat actions defined within VERIS
Top 20 threat actions observed across 2000+ data breaches
47%
41%
29%
28%
23%
21%
19%
12%
10%
10%
9%
9%
8%
7%
7%
6%
4%
4%
4%
4%
Brute force (Hacking)
Spyware (Malware)
Use of stolen creds (Hacking)
Export data (Malware)
Backdoor (Malware)
Use of backdoor or C2 (Hacking)
Tampering (Physical)
Disable controls (Malware)
Capture stored data (Malware)
Phishing (Social)
C2 (Malware)
Downloader (Malware)
Password dumper (Malware)
Unknown (Hacking)
Rootkit (Malware)
Unknown (Malware)
Privilege abuse (Misuse)
Adminware (Malware)
Embezzlement (Misuse)
Unapproved hardware (Misuse)
Overall
9%
19%
23%
22%
27%
23%
42%
8%
13%
21%
23%
21%
17%
6%
11%
1%
8%
4%
1%
2%
Larger orgs
Computer and Electronic Product Man ufacturing (334)
Transportation Equipment Manufacturing (336)
Food and Beverage Stores (445)
Health and Personal Care Stores (446)
Gasoline Stations (447) Clothing and Clothing Accessor ies Stores (448)
Miscellaneous Store Retailers (453)
Nonstore Retailers (454)
Pipeline Transportation (486)
Publishing Industries (except Internet) (511)
Telecommunications (517)
Data Processing, Hosting, and Related Ser vices (518)
Other Information Services (519)
Credit Intermediation and Related Activities (522)
Professional, Scientific, and Technical Services (541)
Administrative and Support Services (561)
Ambulatory Health Care Services (621)
Accommodation (721)
Food Services and Drinking Places (722)
Executive, Legislative, and Other General Government Support (921)
Cluster analysis measuring similarity of incidents across industries
Top threat scenarios observed across 2000+ data breaches
Something else
State espionage
Insider misuse
Web app hacks
Skimming devices
POS intrusions43%
22%
9%
9%
6%
11% 26%
24%
19%
19%
19%
15%
13%
13%
11%
11%
11%
11%
11%
9%
7%
7%
7%
6%
4%
4%
Spyware (Malware)
Backdoor (Malware)
Brute force (Hacking)
Export data (Malware)
Use of stolen creds (Hacking)
C2 (Malware)
Capture app data (Malware)
Downloader (Malware)
Client-side (Malware)
Extortion (Social)
Other (Hacking)
Phishing (Social)
Use of backdoor or C2 (Hacking)
Pretexting (Social)
Capture stored data (Malware)
Other (Malware)
Theft (Physical)
Unknown (Hacking)
Adminware (Malware)
Destroy data (Malware)
< or >
Threats to your data?
47%
41%
29%
28%
23%
21%
19%
12%
10%
10%
9%
9%
8%
Brute force (Hacking)
Spyware (Malware)
Use of stolen creds…
Export data (Malware)
Backdoor (Malware)
Use of backdoor or C2…
Tampering (Physical)
Disable controls…
Capture stored data…
Phishing (Social)
C2 (Malware)
Downloader (Malware)
Password dumper…