Hacktivism booms but SMBs still pwned by robots

Powered by SC Magazine
 

Hactivism more prolific than cybercrime, Verizon says.

Hacktivism was responsible for more 'breaches' than financially-motivated cybercrime last year, accounting for more than 100 million of the total 174 million records stolen and tracked in the 2012 Verizon Data Breach Investigation Report released today.

The report said hacktivist groups like Anonymous had stepped up attacks to steal and publish sensitive records like mail records rather than launch comparatively harmless denial of service attacks. 

Countries housing breached organisations

“That’s almost twice the amount pinched by all those financially-motivated professionals. Although ideological attacks were less frequent, they sure took a heavy toll,” the report said.

“This re-imagined and re-invigorated spectre of hacktivism rose to haunt organisations around the world … Doubly concerning for many organisations and executives was that target selection by these groups didn’t follow the logical lines of who has money or valuable information.

“Enemies are even scarier when you can’t predict their behaviour.”

The report (pdf) logged a total of 855 incidents and 174 million compromised records using information supplied by Verizon's RISK team, the Australian Federal Police, the Dutch National High Tech Crime Unit, Ireland's Computer Emergency Response Team (CERT), Police Central e-Crime Unit, and the United States Secret Service.

The number of compromised records logged in the report had exploded compared to the four million stolen records crunched in Verizon's 2011 research. 

The "surprising" increase in the number of records stolen from large organisations was "mainly the result of a few very large breaches that hit organisations in these industries in 2011".

"We suspect the attacks affecting these organisations were directed against their brand and for their data rather than towards their industry," the report stated.

Easy targets

Cybercriminals, however, were automating attacks against easy targets, namely small businesses within the hospitality and retail sectors, notably by targeting point of sale (PoS) systems.

Some 79 percent of recorded attacks against organisations with fewer than 1000 employees were opportunistic, Verizon said, while only 16 percent were targeted.

Last year, Visa revealed to SC Magazine it had identified some 40,000 small businesses which were at high risk of fraud. Those businesses could process up to 20,000 e-commerce transations a year, yet lacked the resources or knowledge to adequately protect their systems.

Visa said integrated PoS systems owned by those higher risk businesses were the most insecure because they often ran older wi-fi and Bluetooth networks with little or no security. Many were also found to have outdated firewalls in place for up to a decade and multiple unpatched systems.

Nearly three quarters of the opportunistic attacks hit the combined retail and trade, and accommodation and restaurant sectors.

Attacks against restaurants and a small number of hotels accounted for 54 percent of all breaches noted in the report.

Attacks against larger organisations with more than 1000 employees were far less opportunistic with only 35 percent of attacks labelled opportunistic, and half considered targeted.

The ratio of targeted to opportunistic attacks were similar to the 2011 report, however, authors noted that opportunistic attacks generally hit small businesses while targeted attacks hit large financial and IT firms.

“These observations would seem to support the conclusion we’ve drawn … that large-scale automated attacks are opportunistically attacking small-to-medium businesses and PoS systems frequently provide the opportunity,” the report stated.

Attacks against the financial and insurance industry dropped from 22 percent in 2010 to about 10 percent last year. The report authors said it was “suffice to say” that the cybercrime industrialisation trend had continued to worsen.

Keeping it clean

Verizon had received criticism in recent years for combining data from small and large businesses that had been breached.

There were far more small businesses breached than large organisations, and it was argued this harmed the relevance of the report to enterprises.

The report authors acknowledged the criticism and have this year included distinctions between sectors.

“One of the problems with looking at a large amount of data for a diverse range of organisations was that averages across the whole are just so 'average',” it read.

“We’ve made the conscious decision to study all types of data breaches as they affect all types of organisations, and if small businesses are dropping like flies, we’re not going to exclude them because they infest our data.”

Results from the report were based on “first-hand evidence collected during paid external forensic investigations conducted by Verizon from 2004 to 2011” of which last year was the “primary analytical focus”.

Of the 250 “engagements” conducted by Verizon's RISK team last year, 90 involved confirmed data compromise and were included in the report.

Some contributors supplied data using the Verizon Enterprise Risk and Incident Sharing (VERIS) framework which has been made public.

Authors said they had “no way of knowing what proportion of all data breaches are represented” because many were unreported and unknown to victims.

“What we do know is that our knowledge grows along with what we are able to study and that grew more than ever in 2011 . At the end of the day, all we as researchers can do is pass our findings on to you to evaluate and use as you see fit.”

Risk doctor

Threat grids produced by the VERIS framework provided insight into the types of breaches that affected large and small firms. 

Many more threats were recorded on grids for small - rather than large - organisations. But the report authors said this was likely because there were fewer breaches against big business, and not less threats per se.

External hacking of servers was a major threat to both large and small organisations. Social engineering was ranked the third most pressing threat for big business, and user device confidentiality took third spot for small organisations.

"Malware and hacking against servers and user devices are burning brighter than ever," the authors wrote. 

The report encouraged security professionals to use the VERIS framework to provide clarity into their own threats.

"Over time, a historical dataset is created, giving you detailed information on what’s happened, how often it’s happened, and what hasn’t happened within your organisation.

"Unknowns and uncertainties begin to recede . You give it to your data visualization guy who cranks out a grid for your various business groups.Hotspots on the grid focus your attention on critical problem areas and help to properly diagnose underlying ailments . "From there, treatment strategies to deter, prevent, detect, or help recover from recurring (or damaging) threat events can be identified and prioritised."

The framework would allow the effectiveness of mitigation efforts to be measured.

Copyright © SC Magazine, Australia


Hacktivism booms but SMBs still pwned by robots
 
 
 
Top Stories
Hockey flags billion-dollar Centrelink mainframe replacement
Claims 30 year-old tech is holding Govt back.
 
Ombudsman wants to monitor warrantless metadata access
Requests ability to report publicly.
 
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  20%
 
Bankwest
  9%
 
CommBank
  12%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1514

Vote