Businesses belonging to the financial industry are the targeted victims in 10 of the 18 data breach scenarios identified by a new report by Verizon Enterprise Solutions.
Verizon has released its first ever Data Breach Digest after investigating more than 500 cyber security incidents occurring in over 40 countries in 2015.
The report details 18 real-world data breach scenarios, 12 of which represent more than 60% of the 1,175 cases investigated by the company over the past three years
For each scenario, the report provides detailed analysis of how the attack occurred, the level of sophistication, the threat actors involved, the tactics and techniques used and the recommended countermeasures.
The report found that financial services are the targeted victims in 10 of the 18 data breach scenarios:
- Financial pretexting – the use of false pretences to dupe a victim into performing a financial transaction or providing privileged data
- Digital extortion
- Insider threat - involves threat actors with some level of trust and privilege causing a data breach through malicious intent
- Partner misuse - vendors and business partners may also control legitimate logical or physical access for unsanctioned access to data
- Peripheral tampering - involves any tampering or physically manipulating a hardware device that connects to a computer system
- Logic switch - the manipulation of account balances and withdrawal limits to create non-existent funds, bypass security measures and cash out quickly
- SQL injection - methods of abusing an application’s interaction with its back-end database
- CMS compromise -targeting and using content management system vulnerabilities as a foothold to install backdoor programs
- Backdoor access - dropping additional malware to perform a myriad of tasks, including capturing keystrokes, that lead to compromised accounts, escalated privileges, and movement to other areas in the victim’s network
- Credential theft - spyware/keylogger attacks involving unauthorized software or hardware introduced to a system to record user and system-generated information
Verizon expects that the report will help businesses and government organizations understand how to identify signs of a data breach, the important sources of evidence and ways to quickly investigate, contain and recover from a breach.