12 Scary Data-Breach Scenarios from Verizon

We've summarized 12 of Verizon's data-breach scenarios for you in our latest gallery — with advice to help fight them.

Channel Partners

March 9, 2017

Hacker
  • 12 Scary Data-Breach Scenarios from Verizon

    Laid-off employees, IoT botnets and ransomware. These are just few of the forces that can infiltrate a company’s cybersecurity.

    Last month, Verizon rolled out its Data Breach Digest, a 100-page piece of literature that’s chock full of security stories. Verizon compiled the various types of data-breach threats into four main categories: the human element, conduit devices, configuration exploitation and malicious software. The Digest gives anecdotes and mitigation strategies for each of the 16 scenarios that fall within those four categories.

    The Data Breach Digest is considered a companion to the Verizon Data Breach Investigations Report (DBIR), which contains statistics about cybersecurity incidents.

    We’ve summarized 12 of the data breach scenarios for you in our latest gallery — with advice to help fight them.

    Follow associate editor @JamesAndersonCP on Twitter.

  • Scary Data Breaches: Financial Pretexting

    3bb07f7df87f4482bc6ce14799f9ad4d.jpg

    Category: The Human Element

    Nickname: The Golden Fleece

    Key Verticals Victim: Financial, Information, Retail

    Method: The perpetrator uses social mediums like phishing emails, phone calls and even in-person meetings that play on human emotions (fear, compassion, curiosity, etc.) in order to acquire money.

    Example: A phishing email prompted a company to send a wire transfer. The perpetrator registered an email domain that was almost identical to that of the company’s chief information officer, whose job it was to approve transfers. The company’s network would have caught the fake email domain, but the accountant involved with the transaction had been working from a home network.

    Mitigation: Require two-step authentication for email access. Designate external emails. Require VPN access for telecommuters.

  • Scary Data Breaches: Hacktivist Attack

    dbeffafa015647db88034b88998797b6.jpg

    Category: The Human Element

    Nickname: The Epluribus Enum

    Key Verticals Victim: Financial, Public, Information

    Method: The hacktivist generally operates without a financial motive and with the intention of embarrassing the victim and furthering a cause. The exact method may vary from backdoor to DDoS attacks.

    Example: Hacktivists took aim at a company that had recently undergone a restructuring. They targeted the personal information of two executives and attempted DDoS attacks on the organization. Hackers eventually redirected one of the company’s websites to an accusatory message on another server. The company’s security apparatus defended most of the DDoS attacks and the attack eventually faded from media attention. Security workers created anonymous accounts on dark web forums to discover the sharing of executives’ personal information.

    Mitigation: Stay away from hackers’ radars, develop detection mechanisms and response capabilities, and protect social media accounts.

  • Scary Data Breaches: Partner Misuse

    05bd16a829be46cd926ec2b9272d2abc.jpg

    Category: The Human Element

    Nickname: The Indignant Mole

    Key Vertical Victim: Accommodation, Financial, Retail, Health Care

    Method: An insider mishandles data or abuses privileges out of a grudge.

    Example: SMB customers of a regional water supplier suffered compromised accounts and the subsequent transferring of refunds into incorrect bank accounts. Security workers traced the problem back to a third-party call center in India and later to a single user in the call center.

    Mitigation: Keep an eye on sensitive data and changes in employee behavior, and network activity.

  • Scary Data Breaches: Disgruntled Employee

    c5b260524e6d4a9c8cbd73d42c81971b.jpg

    Category: The Human Element

    Nickname: The Absolute Zero

    Key Vertical Victims: Public, Financial, Health Care

    Method: An employee disables controls or abuses data from inside a company.

    Example: A worker with administrative access knew he would be fired and decided to log onto the company’s application server. He collected data for future job interviews and disrupted workflow for his former team.

    Mitigation: Hold restructuring information closely and increase monitoring for affected employees.

  • Scary Data Breaches: C2 Takeover

    96635d9e43cf4d3db0e83a9778ba3d09.jpg

    Category: Conduit Devices

    Nickname: The Broken Arrow

    Key Vertical Victims: Information, Financial, Public, Administrative, Manufacturing

    Method: Attackers use Command and Control (C2) infrastructure to manipulate comprised or unmonitored systems.

    Example: Threat actors conducted reconnaissance on domains they judged as compromised, with the intention of turning servers into C2 platforms.

    Mitigation: Be aware of threat-actor tactics and monitor file-system changes on production servers.

  • Scary Data Breaches: Mobile Assault

    557316b6c0da49c3acf615031cf047ba.jpg

    Category: Conduit Devices

    Nickname: The Secret Squirrel        

    Key Vertical Victims: Professional, Administrative, Information, Manufacturing, Financial

    Method: Employees suffer this threat at the hands of state-affiliated or organized crime perpetrators while traveling abroad. Extracting data, swapping out hardware and rogue access points are all methods.

    Example: A chief security officer noticed odd activity on his cellphone. He had left his phone in his hotel room while travelling and used a wireless access point at a coffee shop. Someone had physically downloaded an exploit kit onto his laptop and likely used a code-injection attack on one of the smartphone’s third-party applications.

    Mitigation: Give specific travel devices to employees, train them to handle their devices and data when abroad, and don’t give them administrative access to install apps on them.

  • Scary Data Breaches: IoT Calamity

    5bd659270a504822b14e6f797b9727ee.jpg

    Category: Conduit Devices

    Nickname: The Panda Monium

    Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing

    Method: State-affiliated or activist hackers take advantage of compromised or otherwise unprepared IoT devices.

    Example: A botnet brute-forced its way into IoT devices and initiated about 5,000 DNS lookups that significantly slowed a university’s network connectivity.

    Mitigation: Change default passwords for IoT devices, put IoT devices in IT asset inventory.

  • Scary Data Breaches: USB Infection

    69952575948b48f3b6aece8827e7d1ee.jpg

    Category: Conduit Devices

    Nickname: The Hot Tamale

    Key Vertical Victims: Accommodation, Financial, Manufacturing

    Method: Threat actors physically access work systems using USB devices or other portable media to introduce malware.

    Example: Following a janitorial company’s announcement of a large pay cut, an individual offered janitors money if they brought a USB flash drive into work and plugged it into different systems. Security officials caught the perpetrator and reversed the problem before the threat actor could extract privileged information.

    Mitigation: Employ host-based USB device access, disable auto-run functionality and enhance host-based alerts.

  • Scary Data Breaches: DDoS Attack

    26f6651c64644357bdf9f4a6877332d7.jpg

    Category: Configuration Exploitation

    Nickname: The 12000 Monkeyz

    Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing, Retail

    Method: A computer floods a network connection with traffic and disrupts network operations.

    Example: The threat actor targeted a software-as-a-service company in order to disrupt a holiday week and prevent it from handling an influx of users. The attackers used four forms of DDoS to disrupt the network.

    Mitigation: Automate prefix routing to the DDoS mitigation provider so that it can deal with the incoming traffic.

  • Scary Data Breaches: Cloud Storming

    2e130b01d56647f6b0b3ece0558d9560.jpg

    Category: Configuration Exploitation

    Nickname: The Acumulus Datum                                 

    Key Vertical Victims: Utilities, Public, Manufacturing, Transportation

    Method: State-affiliated or organized crime parties take advantage of outsourced cybersecurity flaws taking care of data in the cloud.

    Example: Threat actors impacted an e-commerce site so that customers entering credit card info would get a failure notice before being redirected to see a completed transaction. The hacker had created a fake payment page that captured credit-card information. The affected company had to work with its third-party web developer and its Indian cloud services provider in order to address the problem.

    Mitigation: Ensure that third-party service providers have the architecture for audits and investigations.

  • Scary Data Breaches: Crypto Malware

    baaa2a6ead5946ccbe65b5e6afb1ec45.jpg

    Category: Malicious Software

    Nickname: The Fetid Cheez

    Key Vertical Victims: Varying

    Method: Crypto malware encrypts the data of users in order to hold it ransom so that they must pay to access it.

    Example: Hackers put a company’s business-critical applications offline and left ransom notes. This stemmed from a network administrator opening an email attachment that unleashed ransomware. The company failed to recover all of the files and ultimately decided to not pay the criminals.

    Mitigation: Validate backup processes, block particular email attachments and patch third-party applications.

  • Scary Data Breaches: Sophisticated Malware

    fcdb8f4d2ae842408a9ca302ce2b5bd4.jpg

    Category: Malicious Software

    Nickname: The Pit Viper

    Key Vertical Victims: Public, Manufacturing, Transportation, Information

    Method: Evolved malware activities include backdoor, C2, Rootkit and exploit vulnerability.

    Example: Sophisticated malware varies widely, but typically are difficult to detect and disrupt business-critical functions.

    Mitigation: Use centralized log sources to track suspicious activity, keep anti-virus software updated.

  • 12 Scary Data-Breach Scenarios from Verizon

    Please click here for more Channel Partners galleries.

Read more about:

Agents
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like