Embed Size (px)
Citation preview
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement.
PID#
2013 Data Breach Investigations Report
Christopher Novak Director, Global Investigative Response June 4, 2013
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
`
An ongoing study into the world of cybercrime that
analyzes forensic evidence to uncover how sensitive data is
stolen from organizations, who’s doing it, why they’re
doing it, and, of course, what might be done to prevent it.
Data Breach Investigations Report (DBIR) Series
Please download the full Data Breach Investigations Report: www.verizonenterprise.com/DBIR/2013
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
19 global contributors
47,000+ security incidents 621 confirmed data breaches
2013 Data Breach Investigations Report
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
*Vocabulary for Event Recording and Incident Sharing
Actor – Who did it?
Action – How’d they do it?
Asset – What was affected?
Attribute – How was it affected?
VERIS* is a (open and free) set of metrics designed to provide a common language for describing security incidents (or threats) in a structured and repeatable manner.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
Threat Actor
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Threat Actor
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
Breach Count vs. Victim Industry & Size
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
Variety of Hacking Actions
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
The Inevitability of “The Click”
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
Breach Count by Data Variety & Motive
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
Attack Targeting
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
Attack Difficulty
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
Case Study – DDoS / Data Exfiltration
UDP Traffic with Victim US Corporation
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14
Case Study – DDoS / Data Exfiltration
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15
Case Study – DDoS / Data Exfiltration
TCP Traffic with Victim US Corporation
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16
Variety of Compromised Assets
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17
Timespan of Events
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18
Discovery Methods
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19
Recommendations
• MAKE SECURITY A COMPANY-WIDE EFFORT; YOUR PEOPLE CAN BE YOUR GREATEST ASSET OR YOUR WEAKEST LINK.
• CREATE BETTER AND FASTER DETECTION THROUGH A MIX OF PEOPLE, PROCESSES, AND TECHNOLOGY.
• NEVER UNDERESTIMATE THE TENACITY OF AN ATTACKER.
• EVALUATE YOUR THREAT LANDSCAPE TO PRIORITIZE A CYBER STRATEGY.
• DOWNLOAD AND SHARE THIS KNOWLEDGE WITH PEOPLE IN YOUR ORGANIZATION AND YOUR PARTNERS.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20
Recommendations
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21
Questions & Answers
Christopher Novak Director, Global Investigative Response +1-914-574-2805 [email protected]
Please download the full Data Breach Investigations Report: www.verizonenterprise.com/DBIR/2013
![2011 Data Breach Investigations[1]](https://img.dokumen.tips/doc/110x75/547a0329b4af9fa5158b49a2/2011-data-breach-investigations1.jpg)
