Verizon: Hacks are sophisticated, but use old methods

Cyberattacks are becoming increasingly sophisticated, but many criminals still rely on decades-old techniques such as phishing and hacking, a new report shows.

According to Verizon’s “2015 Data Breach Investigations Report,” released today, the bulk of the cyberattacks (70 per cent) use a combination of these techniques and involve a secondary victim, adding complexity to a breach.

Many existing vulnerabilities remain open, as security patches that have long been available were never implemented, it says in the report.

Many of the vulnerabilities are traced back eight years to 2007, and could be prevented through a more vigilant approach to cybersecurity.

The report indicates that mobile threats are overblown, and that the number of exploited security vulnerabilities across all mobile platforms is negligible.

However, a new threat has emerged in the form of machine-to-machine security, something which wasn’t covered in earlier reports. This year it’s said that organisations need to make security a high priority when rolling out next-gen intelligent devices.

Verizon security researchers explained that the bulk (96 per cent) of the nearly 80,000 security incidents analysed this year can be traced to nine basic attack patterns that vary from industry to industry.

They include: miscellaneous errors, such as sending an email to the wrong person; crimeware (various malware aimed at gaining control of systems); insider/privilege misuse; physical theft/loss; web app attacks; denial-of-service attacks, cyber-espionage; point-of-sale intrusions and payment card skimmers.

This year’s report found that, 83 per cent of security incidents by industry involve the top three threat patterns, up from 76 per cent in 2014.

The report also suggests various recommendations on how to increase security, including the need for increased vigilance, making people the first line of defence, keeping data on a “need-to-know” basis, prompt patching, encryption, two-factor authentication, and physical security.

The full 2015 Data Breach Investigations Report, can be found on the DBIR Resource Center.