Hacktivism leads data breach causes, says Verizon

Tools

Hacktivism, although it accounted for only a small percentage of attacks in an 855 incident sample, was responsible for the majority of stolen records, says an annual data breach report (.pdf) from Verizon.

This year's sample includes information from the Secret Service and other law enforcement agencies from abroad, but Verizon also notes that the report suffers from sample bias. Report authors say they believe that many of their findings can be generalizable, but "we cannot measure exactly how much bias exists."

Within the sample, hacktivism accounted for 3 percent of external attacks, but those attacks accounted for more than 100 million of the 174 million compromised records. That's indicative of a trend, the report says, of hacktivists to no longer content themselves with denial of service attacks or website defacements.

"In other words, 2011 saw a merger between those classic misdeeds and a new 'oh by the way, we're gonna steal all your data too' twist," the report says.

Hacktivists behave differently online than profit-driven hackers, the report also notes. Crooks look for targets of opportunity--relatively low risk attacks made against smaller organizations in what's a high-volume, low-yield business model. Hacktivists target large organizations, meaning that despite the lower frequency of hacktivist data breaches, their impact measured by sheer data stolen was larger.

Verizon doesn't directly name hacktivist groups, such as Anonymous or LulzSec, but it also notes that most of its clients don't maintain sufficient log data that would involve attribution. Eighty-five percent of all data breaches in the sample took weeks or longer to discover, and attribution often cannot be made alone through disk forensics. However, many data-breach victims "do not wish to expand the investigation" once it's been contained, the report notes.

The report also finds that in its sample, 98 percent of all attacks stemmed from external sources, although 4 percent of attacks also implicated insiders. Most of the attacks were not technically difficult to undertake, Verizon also says--97 percent of them could have been avoided through the application of simple or intermediate cybersecurity controls.

For more:   
- download the Verizon 2012 data breach report [Warning: Report includes corporate attempts at jocularity] (.pdf)

Related Articles:
Government applications less resilient than those in other sectors 
FISMA scores show need for cybersecurity improvement 
Judge extends DNSChanger replacement servers