In the previous blog post on the current state of data breaches, you were introduced to the Verizon® Annual Data Breach Investigations Report (DBIR) and the top five attack classifications. Those represented the five most frequent types of attacks seen from the DBIR’s impressive sample size of breach data.
In this article, we’ll look at the bottom five. While they represent attack types that are less likely to happen, each of them is prevalent in specific industries or types of equipment. So, it’s important to read about them and see if any might apply to your organization. As with the first part of this blog series, under each attack classification you’ll get a brief description followed by recommendations to help prevent this type of attack.
In this scenario, we’re generally talking about state-affiliated groups seeking the very same outcome as hackers (to access and, usually, exfiltrate data). Manufacturing and public sector are the predominant industry verticals where this threat most applies. The tactics are similar—phishing, hacking, and malware all top the list of threat actions. Proper responses are fairly straightforward, given the attack vectors. Like crimeware, you need a robust malware strategy at the endpoint and at malware gateways, plus you need to use application whitelisting and attachment sandboxing. All this is critical to keep these malicious actors from gaining a foothold in your organization.
Mostly impacting retail and food services, the aim of these intrusions is to obtain credit card data. Key tactics include RAM scraping and keylogging, both of which have been around for ages but are still in use today. Limiting remote access, as well as putting powerful anti-malware protection and application whitelisting in place can strengthen the security of these devices, helping to keep card data out of attackers’ hands.
Here, we’re talking about the physical placement of a card skimmer—so this applies mostly to ATMs, gas pumps, POS terminals, and the like. It’s tempting to think the new “Chip and PIN” EMV tech, this is less of a problem, but even the mighty chip has been shown to be hackable.
Relatively low-tech responses such as surveillance of outdoor terminals and use of tamper-evident tape are necessary tactics for awareness about whether machines are being interfered with.
The DBIR classifies this as “misdelivery of information in either electronic or paper format.” In essence, you email the wrong person or leave something on the printer. This happened to me once. I was given “my” receipt of a visit to an urgent care center, but when I got home, it was someone else’s—complete with their social security number. Topping the list is misdelivery, publishing errors (like that when the British breakdown cover company, The AA, left 117K records exposed), and disposal errors. Documenting procedures on proper disposal of paper records, default security policies keeping anything from being reached on the web, and even putting a DLP (data loss prevention) solution in place are some measures that can help mitigate risk.
In this smaller category of breach classifications, where there are too few of a given attack method or vector for each to deserve their own classification. This is where we see a combination of social engineering, a bit of phishing, and a dash of hacking—all with so little investigative data that it’s hard to classify them and hence, hard to provide an overarching recommendation. The key takeaway is that none of the breaches in this classification was using any new or innovative tactics, serving as an important reminder to double-down on everything covered earlier in this blog and in part 1.
The data in the DBIR is outstanding—tens of thousands of incidents provide statistically relevant data from which we all can make better decisions. It’s one of the reasons I look forward to this report every year (usually released in March or April, by the way).
Take the data found in this report to heart and diligently apply the lessons learned by other companies to your security strategy. By doing so, you can help keep your customers from falling prey to the same attacks that have plagued so many other organizations.
Nick Cavalancia has over 20 years of enterprise IT experience and is an accomplished executive, consultant, trainer, speaker, and columnist. He has authored, co-authored and contributed to over a dozen books on Windows®, Active Directory®, Exchange™ and other Microsoft® technologies. Nick has also held executive positions at ScriptLogic®, SpectorSoft® and Netwrix® and now focuses on the evangelism of technology solutions.
Follow Nick on Twitter® at @nickcavalancia
Click here to find out more about SolarWinds® MSP's layered security offering and how it can help you secure your clients’ business.
© 2017 SolarWinds MSP UK Ltd. All rights reserved.
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.