12 Scary Data-Breach Scenarios from Verizon

Laid-off employees, IoT botnets and ransomware. These are just few of the forces that can infiltrate a company’s cybersecurity.

Last month, Verizon rolled out its Data Breach Digest, a 100-page piece of literature that’s chock full of security stories. Verizon compiled the various types of data-breach threats into four main categories: the human element, conduit devices, configuration exploitation and malicious software. The Digest gives anecdotes and mitigation strategies for each of the 16 scenarios that fall within those four categories.

The Data Breach Digest is considered a companion to the Verizon Data Breach Investigations Report (DBIR), which contains statistics about cybersecurity incidents.

We’ve summarized 12 of the data breach scenarios for you in our latest gallery — with advice to help fight them.

Follow associate editor @JamesAndersonCP on Twitter.

Category: The Human Element

Nickname: The Golden Fleece

Key Verticals Victim: Financial, Information, Retail

Method: The perpetrator uses social mediums like phishing emails, phone calls and even in-person meetings that play on human emotions (fear, compassion, curiosity, etc.) in order to acquire money.

Example: A phishing email prompted a company to send a wire transfer. The perpetrator registered an email domain that was almost identical to that of the company’s chief information officer, whose job it was to approve transfers. The company’s network would have caught the fake email domain, but the accountant involved with the transaction had been working from a home network.

Mitigation: Require two-step authentication for email access. Designate external emails. Require VPN access for telecommuters.

Category: The Human Element

Nickname: The Epluribus Enum

Key Verticals Victim: Financial, Public, Information

Method: The hacktivist generally operates without a financial motive and with the intention of embarrassing the victim and furthering a cause. The exact method may vary from backdoor to DDoS attacks.

Example: Hacktivists took aim at a company that had recently undergone a restructuring. They targeted the personal information of two executives and attempted DDoS attacks on the organization. Hackers eventually redirected one of the company’s websites to an accusatory message on another server. The company’s security apparatus defended most of the DDoS attacks and the attack eventually faded from media attention. Security workers created anonymous accounts on dark web forums to discover the sharing of executives’ personal information.

Mitigation: Stay away from hackers’ radars, develop detection mechanisms and response capabilities, and protect social media accounts.

Category: The Human Element

Nickname: The Indignant Mole

Key Vertical Victim: Accommodation, Financial, Retail, Health Care

Method: An insider mishandles data or abuses privileges out of a grudge.

Example: SMB customers of a regional water supplier suffered compromised accounts and the subsequent transferring of refunds into incorrect bank accounts. Security workers traced the problem back to a third-party call center in India and later to a single user in the call center.

Mitigation: Keep an eye on sensitive data and changes in employee behavior, and network activity.

Category: The Human Element

Nickname: The Absolute Zero

Key Vertical Victims: Public, Financial, Health Care

Method: An employee disables controls or abuses data from inside a company.

Example: A worker with administrative access knew he would be fired and decided to log onto the company’s application server. He collected data for future job interviews and disrupted workflow for his former team.

Mitigation: Hold restructuring information closely and increase monitoring for affected employees.

Category: Conduit Devices

Nickname: The Broken Arrow

Key Vertical Victims: Information, Financial, Public, Administrative, Manufacturing

Method: Attackers use Command and Control (C2) infrastructure to manipulate comprised or unmonitored systems.

Example: Threat actors conducted reconnaissance on domains they judged as compromised, with the intention of turning servers into C2 platforms.

Mitigation: Be aware of threat-actor tactics and monitor file-system changes on production servers.

Category: Conduit Devices

Nickname: The Secret Squirrel        

Key Vertical Victims: Professional, Administrative, Information, Manufacturing, Financial

Method: Employees suffer this threat at the hands of state-affiliated or organized crime perpetrators while traveling abroad. Extracting data, swapping out hardware and rogue access points are all methods.

Example: A chief security officer noticed odd activity on his cellphone. He had left his phone in his hotel room while travelling and used a wireless access point at a coffee shop. Someone had physically downloaded an exploit kit onto his laptop and likely used a code-injection attack on one of the smartphone’s third-party applications.

Mitigation: Give specific travel devices to employees, train them to handle their devices and data when abroad, and don’t give them administrative access to install apps on them.

Category: Conduit Devices

Nickname: The Panda Monium

Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing

Method: State-affiliated or activist hackers take advantage of compromised or otherwise unprepared IoT devices.

Example: A botnet brute-forced its way into IoT devices and initiated about 5,000 DNS lookups that significantly slowed a university’s network connectivity.

Mitigation: Change default passwords for IoT devices, put IoT devices in IT asset inventory.

Category: Conduit Devices

Nickname: The Hot Tamale

Key Vertical Victims: Accommodation, Financial, Manufacturing

Method: Threat actors physically access work systems using USB devices or other portable media to introduce malware.

Example: Following a janitorial company’s announcement of a large pay cut, an individual offered janitors money if they brought a USB flash drive into work and plugged it into different systems. Security officials caught the perpetrator and reversed the problem before the threat actor could extract privileged information.

Mitigation: Employ host-based USB device access, disable auto-run functionality and enhance host-based alerts.

Category: Configuration Exploitation

Nickname: The 12000 Monkeyz

Key Vertical Victims: Entertainment, Professional, Educational, Administrative, Information, Manufacturing, Retail

Method: A computer floods a network connection with traffic and disrupts network operations.

Example: The threat actor targeted a software-as-a-service company in order to disrupt a holiday week and prevent it from handling an influx of users. The attackers used four forms of DDoS to disrupt the network.

Mitigation: Automate prefix routing to the DDoS mitigation provider so that it can deal with the incoming traffic.

Category: Configuration Exploitation

Nickname: The Acumulus Datum                                 

Key Vertical Victims: Utilities, Public, Manufacturing, Transportation

Method: State-affiliated or organized crime parties take advantage of outsourced cybersecurity flaws taking care of data in the cloud.

Example: Threat actors impacted an e-commerce site so that customers entering credit card info would get a failure notice before being redirected to see a completed transaction. The hacker had created a fake payment page that captured credit-card information. The affected company had to work with its third-party web developer and its Indian cloud services provider in order to address the problem.

Mitigation: Ensure that third-party service providers have the architecture for audits and investigations.

Category: Malicious Software

Nickname: The Fetid Cheez

Key Vertical Victims: Varying

Method: Crypto malware encrypts the data of users in order to hold it ransom so that they must pay to access it.

Example: Hackers put a company’s business-critical applications offline and left ransom notes. This stemmed from a network administrator opening an email attachment that unleashed ransomware. The company failed to recover all of the files and ultimately decided to not pay the criminals.

Mitigation: Validate backup processes, block particular email attachments and patch third-party applications.

Category: Malicious Software

Nickname: The Pit Viper

Key Vertical Victims: Public, Manufacturing, Transportation, Information

Method: Evolved malware activities include backdoor, C2, Rootkit and exploit vulnerability.

Example: Sophisticated malware varies widely, but typically are difficult to detect and disrupt business-critical functions.

Mitigation: Use centralized log sources to track suspicious activity, keep anti-virus software updated.