Name: Maina Jeff
ID No.: 652262
Lecturer: Paula MusavaCourse: IST 3050
Review the following recent report: Verizon’s Data Breach Investigations Report 2018
Identify and briefly define the top 10 threat categories mentioned in the report
Identify the statistics on these top 10 reported attacks and losses
Denial of Service – Any attack intended to compromise the availability of networks and systems. Includes both network and application attacks designed to overwhelm systems, resulting in performance degradation or interruption of service. The report shows that a reported 21,490 incidents occurred I picked the following fields from the report that experienced Dos breaches:
Education – Common school networks are a path that can be used to distribute Dos. 292 Incidents with 101 breaches occurred between last year and this year.
Retail – DoS attacks remain a major area of concern for retailers because for those who make their living entirely by their e-commerce site, mitigation plans are a must, not a luxury. 317 Incidents with 169 breaches occurred between last year and this year.
Botnet Infections – Botnets still are to the tune of over 43,000 breaches involving use of customer credentials stolen from botnet infected clients Botnets can affect you in two different ways. The first way users download the bot, it steals their credentials, and then uses them to log in to your systems. The second way organizations are affected involves compromised hosts within your network acting as foot soldiers in a botnet.
Malware – This is any program or file that is harmful to a computer user. According to the report 49 percent of malware was installed via email, 39 percent of malware incidents were ransomware infections. I looked at the report and choose to look at breaches in:
Accommodation and Food Services –In the industry stolen credentials comprise of 81% of the breaches which are often taken from a POS service provider breach and then used to compromise the POS systems of the service provider’s customers
Professional, Technical and Scientific Services – Malware functionalities that are often used to take credentials, in the form of keyloggers and password dumpers.
Ransomware – A malicious program that seeks to block user access into a system until a certain mentioned ransom amount is paid out to the hacker. It can be used in completely opportunistic attacks affecting individuals’ home computers as well as targeted strikes against organizations as well as be deployed across numerous devices in organizations to inflict bigger impacts and thus command bigger ransoms. Within the 1,379 incidents where a specific malware functionality was recorded, ransomware was 56% and is still the top variety of malware found.
Healthcare – Attacks are launched aimed at the department of Health and Human Services threatening to attack confidential patient information.
Phishing – This is the crafting of a message that is sent typically via email and is designed to influence the recipient to drive the user into a trap. The report states that 1,192 incidents occurred in 2017.
Pretexting – This is the creation of a false narrative to obtain information or influence behavior. The report highlights 170 incidents, 114 confirmed data breaches within the past two years stating a rapid growth in the sector.
Due to their similarities the study approached both phishing and pretexting as the same except in some sectors therefore when I chose to read about these attacks in the various areas of attacks in the study I approached them as one.
Education – Both phishing attacks and pretexting begin with school staff. Over half of these incidents experienced at a school within the case study were instances of phishing attacks.
Healthcare – Social attacks such as phishing and pretexting appear in approximately 14% of incidents in Healthcare and are a definite matter for concern.
Cyber Espionage – Incidents in this pattern include unauthorized network or system access linked to state-affiliated actors and/or exhibiting the motive of espionage. Threat actors attributed to state-affiliated groups or nation states combine to make up 93% of breaches, with former employees, competitors, and organized criminal groups representing the rest. Phishing campaigns leading to installation and use of C2 and backdoor malware are still a common event chain found within this pattern. Breaches involving internal actors are categorized in the Insider and Privilege Misuse pattern.