The world of money and espionage: Not Bond, but data breaches
By Benjamin Cher June 8, 2016
- No mandatory disclosure in Asia means this is just the tip of the iceberg
- 10yr+ vulnerabilities remain avenue for cybercriminals to exploit
DATA breaches are on the rise according to the Verizon Data Breach Investigations Report 2016, and the majority (89%) have financial or espionage motives behind them.
“We are seeing that while cyber-espionage continues to maintain its presence, financial motives are seeing an uplift coming in from 2015,” Ashish Thapar, Verizon managing principal of investigative response, told Digital News Asia (DNA) in Singapore.
This is because the datasets that cybercriminals get their hands on are often cardholder or personally identifiable information (PII) that can be milked for financial gains.
Other motives such as ideology, fun (pranksters) or grudges still play a role, but barely make a mark compared with financial and espionage motives, the Verizon report found.
According to Ashish, the company covered over 100,000 security incidents this year alone.
“In terms of data breaches, it was over 2,000 incidents last year, and this year, it has already crossed the 3,000 mark,” he said.
“The numbers keep going up and down because we keep augmenting our contributors … we keep churning data,” he added.
The Verizon Data Breach Investigations Report 2016 pools together data from over 100,000 security incidents from over 60 contributors across various industries in 82 countries, including Singapore, Malaysia and Indonesia.
READ ALSO: APAC countries especially vulnerable to malware: Microsoft
Stolen credentials are still a preferred method of entry for threat actors, with 63% of confirmed data breaches involving leaked or stolen credentials.
Phishing attacks work with surprising effectiveness even today, according to Ashish (pic).
“30% of phishing messages were opened and 13% of the targets went on to open the attachment,” he said. “It took less than four minutes for a phishing campaign to get its first click.”
Humans are not the only weak link – there are also vulnerabilities that are more than a decade old which are still being successfully exploited.
“85% of successful exploit attacks we saw were through the top 10 vulnerabilities, some of which go back more than 10 years – which is a bit of a shame because the patches have been there for so long, yet have not been implemented,” said Ashish.
These vulnerabilities are from the early 2010s to just before the turn of the century, which is “disturbing,” he added.
Even worse, while data breaches have been going up, successful internal detection has been going down.
“About 40% of breaches are discovered by law enforcement or third-parties,” said Ashish. “This is a big, disturbing number because it is external detection and not internal detection.”
The detection deficit, or the time between compromise and detection, is growing and the good guys need to catch up, he urged.
“The time of compromise versus time of discovery … the gap is now at 84% [compared with 62% in 2015],” said Ashish, adding that the gap had actually closed last year before widening again this year.
Next Page: Hey governments, what are you guys doing?