![Page 1: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/1.jpg)
A study conducted by the Verizon RISK Team with
cooperation from the Australian Federal Police,
2012 Data Breach
Investigations Report
Dutch National High Tech Crime Unit, Irish Reporting
& Information Security Service, Police Central
e-Crime Unit of the London Metropolitan Police, and
United States Secret Service.
![Page 2: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/2.jpg)
PROPRIETARY STATEMENTThis document and any attached materials are the sole property of Verizon and are not to be used by you other than to
evaluate Verizon’s service.
This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout
your organization to employees without a need for this information or to any third parties without the express written
permission of Verizon.
© 2012 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos,
and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 2
and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and
service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other
trademarks and service marks are the property of their respective owners.
![Page 3: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/3.jpg)
Data Breach Investigations Report (DBIR) series
An ongoing study into the world of
cybercrime that analyzes forensic
evidence to uncover how sensitive
data is stolen from organizations,
who’s doing it, why they’re doing it,
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 3
who’s doing it, why they’re doing it,
and, of course, what might be done
to prevent it.
--
Available at: www.verizon.com/enterprise/databreach
Updates/Commentary:
http://www.verizon.com/enterprise/securityblog
![Page 4: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/4.jpg)
Hold on… Wha???Why is my telco investigating breaches?
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 4
![Page 5: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/5.jpg)
RISK Team: More than an acronym
RResearchesearchUncover the who, what, when, how and why behind computer
security incidents.
IInvestigationsnvestigationsStudy and understand the ever-changing risk and threat
environment. It all starts here.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 5
The RISK Team = Risk Intel + Investigative Response + eDiscovery
SSolutionsolutionsLeverage lessons learned from “R” and “I” to create new
products and enhance our existing portfolio.
KKnowledgenowledgeCultivate and disseminate our information resources to make
our people, products, and brand smarter than the competition.
![Page 6: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/6.jpg)
Investigative Response Team Global Reach
London
LeuvenSLC
Amsterdam
NYCNJ
Chicago
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 6
Investigative Response
PS Area of Expertise
Lab / Protected Storage
Escalation Hotline (SOCs)
Sydney
Hong Kong
Melbourne
LADallas
NJ
DC / VA / PALas
VegasTampa Tokyo
Singapore
Canberra
Barcelona
Dubai
![Page 7: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/7.jpg)
2012 DBIR Contributors
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 7
![Page 8: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/8.jpg)
Methodology: Data Collection and Analysis
• DBIR participants use the
Verizon Enterprise Risk and
Incident Sharing (VERIS)
framework to collect and
share data.
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 8
• Enables case data to be
shared anonymously to
RISK Team for analysis
VERIS is a (open and free) set of metrics designed to provide a
common language for describing security incidents (or threats) in a
structured and repeatable manner.
VERIS: https://verisframework.wiki.zoho.com/
![Page 9: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/9.jpg)
2012 DBIR Process
VERIS
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 9
2012 DBIR
![Page 10: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/10.jpg)
Unpacking the 2012 DBIR
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 10
Unpacking the 2012 DBIR
![Page 11: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/11.jpg)
Threat Agents
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 11
![Page 12: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/12.jpg)
Threat Agents: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 12
![Page 13: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/13.jpg)
Threat Agents
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 13
![Page 14: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/14.jpg)
Threat Agents: External
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 14
![Page 15: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/15.jpg)
Threat Actions
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 15
![Page 16: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/16.jpg)
Threat Actions: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 16
![Page 17: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/17.jpg)
Top Threat Actions
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 17
![Page 18: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/18.jpg)
Top Threat Actions: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 18
![Page 19: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/19.jpg)
Compromised Assets
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 19
![Page 20: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/20.jpg)
Most Compromised Assets
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 20
![Page 21: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/21.jpg)
Asset Ownership, Hosting, and Management
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 21
![Page 22: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/22.jpg)
Compromised Data
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 22
Smaller Orgs
![Page 23: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/23.jpg)
Attack Targeting
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 23
![Page 24: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/24.jpg)
Case Study: The 3-Day Workweek
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 24
![Page 25: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/25.jpg)
Timespan of Events
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 25
![Page 26: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/26.jpg)
Timespan of events: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 26
![Page 27: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/27.jpg)
Breach Discovery
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 27
![Page 28: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/28.jpg)
Breach Discovery
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 28
![Page 29: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/29.jpg)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 29
![Page 30: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/30.jpg)
Recommendations: Smaller Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 30
![Page 31: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/31.jpg)
Recommendations: Larger Orgs
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 31
![Page 32: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/32.jpg)
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 32
DBIR: www.verizon.com/enterprise/databreach
VERIS: https://verisframework.wiki.zoho.com/
Blog: http://www.verizon.com/enterprise/securityblog
Email: [email protected]
![Page 33: 2012 Data Breach Investigations Report · Verizon Enterprise Risk and Incident Sharing (VERIS) framework to collect and share data. Confidential and proprietary materials for authorized](https://reader036.vdocument.in/reader036/viewer/2022062507/5fbedd8289a6566ba3162978/html5/thumbnails/33.jpg)
2012 DBIR Puzzle
“email 8trak 2dbir”
• Gold: David Schuetz aka Darth Null
• Silver: Joeri de Gram
• Bronze: John Sullivan
• Fourth place missed out by 39 minutes for the second year in a
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is not permitted to any unauthorized persons or third parties except by written agreement. 33
• Fourth place missed out by 39 minutes for the second year in a
row ����
• 14 steps to win (with no goofs)
• Favourite parts
– Grille cipher
– Chuck Testa (look it up on YouTube)
http://darthnull.org/2012/03/28/2012-verizon-dbir-cover-challenge/