2012 data breach investigations report · verizon enterprise risk and incident sharing (veris)...
TRANSCRIPT
A study conducted by the Verizon RISK Team with
cooperation from the Australian Federal Police,
2012 Data Breach
Investigations Report
Dutch National High Tech Crime Unit, Irish Reporting
& Information Security Service, Police Central
e-Crime Unit of the London Metropolitan Police, and
United States Secret Service.
PROPRIETARY STATEMENTThis document and any attached materials are the sole property of Verizon and are not to be used by you other than to
evaluate Verizon’s service.
This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout
your organization to employees without a need for this information or to any third parties without the express written
permission of Verizon.
© 2012 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos,
and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and
service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other
trademarks and service marks are the property of their respective owners.
Data Breach Investigations Report (DBIR) series
An ongoing study into the world of
cybercrime that analyzes forensic
evidence to uncover how sensitive
data is stolen from organizations,
who’s doing it, why they’re doing it,
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
who’s doing it, why they’re doing it,
and, of course, what might be done
to prevent it.
--
Available at: www.verizon.com/enterprise/databreach
Updates/Commentary:
http://www.verizon.com/enterprise/securityblog
Hold on… Wha???Why is my telco investigating breaches?
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
RISK Team: More than an acronym
RResearchesearchUncover the who, what, when, how and why behind computer
security incidents.
IInvestigationsnvestigationsStudy and understand the ever-changing risk and threat
environment. It all starts here.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
The RISK Team = Risk Intel + Investigative Response + eDiscovery
SSolutionsolutionsLeverage lessons learned from “R” and “I” to create new
products and enhance our existing portfolio.
KKnowledgenowledgeCultivate and disseminate our information resources to make
our people, products, and brand smarter than the competition.
Investigative Response Team Global Reach
London
LeuvenSLC
Amsterdam
NYCNJ
Chicago
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Investigative Response
PS Area of Expertise
Lab / Protected Storage
Escalation Hotline (SOCs)
Sydney
Hong Kong
Melbourne
LADallas
NJ
DC / VA / PALas
VegasTampa Tokyo
Singapore
Canberra
Barcelona
Dubai
2012 DBIR Contributors
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
Methodology: Data Collection and Analysis
• DBIR participants use the
Verizon Enterprise Risk and
Incident Sharing (VERIS)
framework to collect and
share data.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
• Enables case data to be
shared anonymously to
RISK Team for analysis
VERIS is a (open and free) set of metrics designed to provide a
common language for describing security incidents (or threats) in a
structured and repeatable manner.
VERIS: https://verisframework.wiki.zoho.com/
2012 DBIR Process
VERIS
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
2012 DBIR
Unpacking the 2012 DBIR
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
Unpacking the 2012 DBIR
Threat Agents
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
Threat Agents: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
Threat Agents
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
Threat Agents: External
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14
Threat Actions
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15
Threat Actions: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16
Top Threat Actions
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17
Top Threat Actions: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18
Compromised Assets
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19
Most Compromised Assets
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20
Asset Ownership, Hosting, and Management
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21
Compromised Data
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22
Smaller Orgs
Attack Targeting
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23
Case Study: The 3-Day Workweek
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24
Timespan of Events
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25
Timespan of events: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 26
Breach Discovery
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 27
Breach Discovery
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 28
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 29
Recommendations: Smaller Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 30
Recommendations: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 31
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 32
DBIR: www.verizon.com/enterprise/databreach
VERIS: https://verisframework.wiki.zoho.com/
Blog: http://www.verizon.com/enterprise/securityblog
Email: [email protected]
2012 DBIR Puzzle
“email 8trak 2dbir”
• Gold: David Schuetz aka Darth Null
• Silver: Joeri de Gram
• Bronze: John Sullivan
• Fourth place missed out by 39 minutes for the second year in a
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 33
• Fourth place missed out by 39 minutes for the second year in a
row ����
• 14 steps to win (with no goofs)
• Favourite parts
– Grille cipher
– Chuck Testa (look it up on YouTube)
http://darthnull.org/2012/03/28/2012-verizon-dbir-cover-challenge/