Making note of the social unrest which unfolded in 2011, Verizon’s 2012 data breach investigation report(very large pdf) highlights a tumultuous year for computer and network security. Although a couple of numbers were down from previous years, attacks related to hacktivism rose sharply while malware and hacking itself remained prolific.
Incidents involving hacking and malware were both up considerably last year, with hacking linked to almost all compromised records. This makes sense, as these threat actions remain the favored tools of external agents, who, as described above, were behind most breaches. Many attacks continue to thwart or circumvent authentication by combining stolen or guessed credentials (to gain access) with backdoors (to retain access) fewer ATM and gas pump skimming cases this year served to lower the ratio of physical attacks in this report . Given the drop in internal agents, the misuse category had no choice but to go down as well. Social tactics fell a little, but were responsible for a large amount of data loss.
Source: verizonbusiness.com (pdf)
Verizon’s DBIR is an analysis of data collected from numerous contributors encompassing 855 incidents and over 174 million compromised data records.
Personal information (e.g. address, name, SSN, phone number) was by far the most pilfered type of information, accounting for 95 percent of stolen data. Credit cards were a distant second at 3 percent although attempts to steal card information amounted to 48 percent of all network and computer break-ins.
The report determined an overwhelmingly majority (96 percent) of attacks were not difficult to perform and that 94 percent of all data compromised was located on servers, most of which were from database servers and not web servers. Nearly all (97 percent) of attacks could have been avoided through simple, inexpensive measures such as implementing a firewall or changing passwords.
The same percentage of security breaches (97 percent) occurred externally. In the past, inside jobs were just as frequent as intrusions performed by outsiders, but these numbers have changed drastically over the years. The majority of such external attacks now originate from Eastern Europe although in prior years such attacks were more evenly distributed across the globe.
According to the data, hackers also seem to prefer a three-day work week, becoming the most active on Saturday, Sunday and Monday.