Verizon Data Breach Scenarios Stress Identity Management with Multi-Factor Authentication

Verizon Data Breach Scenarios Stress Identity Management with Multi-Factor Authentication

Strong authentication is cybersecurity’s best defense.

The Verizon Data Breach Digest, Scenarios from the Field summarizes over 500 cybersecurity investigations. The Digest informs organizations about security attacks, the methods used and victims. It shows a limited number of techniques describe most incidents. In fact, twelve scenarios represent over 60% of all investigations.

The report groups the data breach scenarios into the following categories:

  • The Human Element— human threats or targets.
  • Conduit Devices— Device misuse or tampering.
  • Configuration Exploitation— Reconfigured or misconfigured settings.
  • Malicious Software—Sophisticated special-purpose illicit software.

Identity Management and The Human Element

Generally, humans are considered the weakest link in an information security strategy. Exploiting professionals for access enabled almost 30% of data breaches last year. For The Human Element, phishing (72%) represent a majority of attacks. Scenarios 1 to 6 identify people and trusted roles as the threat.

The report points out the top two methods take advantage of weak authentication. All total, 80% of breaches result from stolen, weak, default or guessable passwords. Weak authentication, passwords, and unsafe password protection also allow foster greater damage. To mitigate human risks, Verizon recommends user education, audits checks, and strong authentication combined with identity and access management.

In thirteen scenarios, multi-factor authentication would limit or prevent the breach altogether. Multi-factor authentication makes using stolen credentials more difficult. It also should be implemented for financial system access and combat credentials.

Top Cybersecurity Incidents, Frequency and Industries

The Verizon Data Breach Scenarios prescribe prevention, mitigation, and response controls. The following lists the Scenarios, their Frequency, and Industry focus.

1. Social Engineering16%Manufacturing, professional services, public,
information, utilities
2. Financial Pretexting7%Financial services, accommodation, retail
3. Digital Extortion9%Financial services, public
4. Insider Threat12%Financial services, accommodation, healthcare, public
5. Partner Misuse4%Financial services, accommodation, healthcare, public
6. USB Infection33%Manufacturing, professional services, public
7. Peripheral Tampering<1%Financial services, retail
8. Hacktivist Attack3%Information, public, financial services
9. Rogue Connection4%All
10. Logic Switch53%Financial services, information, healthcare, public, education, retail
11. SQL Injection23%Utilities, manufacturing, public, education, retail,
financial services
12. CMS Compromise46%Financial services, public, retail
13. Backdoor Access51%Accommodation, financial services, public, professional
14. DNS Tunneling<1%Retail
15. Data Ransomware4%All
16. Sophisticated Malware32%All
17. RAM Scraping55%Accommodation, retail
18. Credential Theft42%Financial services, public, retail, professional
services, information

*NOTE: Frequency total exceeds 100%, because typically two or more methods are used. For instance, Social Engineering (16%) sets up Backdoor Access (51%) to launch Sophisticated Malware (32%).

Verizon Cybersecurity Scenario Descriptions

1. Social Engineering—the Hyper Click: Phishing and scams tricking people to disclose information, click hyperlinks, or open attachments.

2. Financial Pretexting—the Slick Willie: Social engineering duping victims into performing financial transactions or provide privileged data.

3. Digital Extortion—the Boss Hogg: Personal information, company secrets, and customer data targeted to damage reputation or steal identities.

4. Insider Threat—the Rotten Apple: Financially motivated users with Personally Identifiable Information (PII) and privileges commit most insider breaches.

5. Partner Misuse—the Busted Chain: Trusted relationships with partners and vendors leverage logical or physical access for unauthorized access.

6. USB Infection—the Porta Bella: USB drives spoof company letterhead and branding to deliver malware to specific targets.

7. Peripheral Tampering—the Bad Tuna: Physically manipulating Personal Identification Number (PIN) and Personal Entry Devices (PEDs).

8. Hacktivist Attack—the Dark Shadow: Attacks motivated by ideology disrupt and embarrass specific corporations, organizations, and governments.

9. Rogue Connection—the Imperfect Stranger: Unmanaged devices, wireless access points and personal laptops connected to corporate networks.

10. Logic Switch—the Soup Sammich: Manipulation of account balances and withdrawals often referred to as the "pump and dump".

11. SQL Injection—the Snake Bite: Targets application and database interaction by using non-validated inputs to modify queries for unintended results.

12. CMS Compromise—the Roman Holiday: Content management systems (CMS) add security vulnerabilities for backdoor malware.

13. Backdoor Access—the Alley Cat: Enables footholds into internal networks for post-compromise propagation, malware, and intelligence gathering.

14. DNS Tunneling—the Rabbit Hole: Domain Name System (DNS) allows miscreants an opportunity to siphon sought-after data.

15. Data Ransomware—the Catch 22: Malware that prevents users from accessing their system, file shares or files and holds the data for “ransom”.

16. Sophisticated Malware—the Flea Flicker: Custom malware that challenges the most mature organizations and security controls.

17. RAM Scraping—the Leaky Boot: Malware that extracts data from physical memory used in 95% of POS server breaches.

18. Credential Theft—the Poached Egg: Keylogger attacks introduce unauthorized software or hardware to record user and system information.

identity management analysts white paper. Get the Free KuppingerCole Identity Management Analyst White Paper

Learn the role IT automation and business driven self-service administration play in creating lean operations. KuppingerCole’s Assignment Management — Think Beyond Access describes the shift in IT operations from tightly controlled identity management processes to workflow enabled administration.

Request the White Paper

Written by Thomas Edgerton

Thomas Edgerton, Avatier's MVP award-winning Market Analyst and Performance Consultant in information technology, IT security, instructional technology and human factors, blogs on topics ranging from leadership to national security, innovation and deconstructing the future.​