Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Web app attacks, PoS intrusions and cyberespionage leading causes of data breaches

Lucian Constantin | April 15, 2015
Phishing attacks continue to be effective, but mobile threats are not a big concern, according to a Verizon report.

Weak or stolen credentials are also the leading cause of point-of-sale compromises and account for over 50 percent of breaches involving Web applications. As such, companies should strongly consider implementing two-factor authentication mechanisms wherever possible.

In this year's report Verizon has again split security incident patterns into nine categories: crimeware, cyberespionage, denial of service, lost and stolen assets, miscellaneous errors, payment card skimmers, point of sale, privilege misuse and Web applications.

It then established relationships between those attack categories and various types of threat actors and targeted organizations. As such, readers can learn that hacktivists favor Web application attacks (61 percent) and denial-of-service attacks (31 percent) while organized crime groups favor crimeware (73 percent) and Web application attacks (20 percent).

Companies in the accommodation, entertainment and retail sectors are more likely to be the victims of point-of-sale intrusions, while those in the financial services sector are more likely to be targeted with crimeware and Web application attacks.

Healthcare institutions are likely to suffer security incidents as a result of errors (32 percent) or privilege misuse (26 percent). Otherwise, cyberspies most frequently target organizations in the manufacturing, professional and information sectors.

As such, companies should prioritize defenses based on the threats they're most likely to face, which, perhaps surprisingly, are almost never mobile-based, according to Verizon.

Data shared for the report by mobile carrier Verizon Wireless, which monitors its network for signs of malware, revealed hundreds of thousands of potential infections. However, it turned out most of them were of the annoying advertising variety.

"An average of 0.03% of smartphones per week -- out of tens of millions of mobile devices on the Verizon network -- were infected with 'higher-grade' malicious code," the Verizon team said.

This echoes a recent report from Google, which found that under 0.1 percent of devices that only allow the installation of apps from Google Play had a potentially harmful application installed. Kindsight Security Labs, a security division of Alcatel-Lucent now called Motive Security Labs, reported a 0.68 percent mobile infection rate for the second half of 2014.

"Mobile devices are not a theme in our breach data, nor are they a theme in our partners' breach and security data," Verizon said. "We feel safe saying that while a major carrier is looking for and monitoring the security of mobile devices on its network, data breaches involving mobile devices should not be in any top-whatever list. This report is filled with thousands of stories of data loss -- as it has been for years -- and rarely do those stories include a smartphone."

Mobile devices should not be ignored, because they can be vulnerable to attacks and can pose risks to enterprise networks, the Verizon team said. However, for now hackers seem to favor other attack methods that don't involve smart phones, so companies should focus on those, while striving to gain visibility into mobile devices in case the threat landscape shifts in the future.

 

Previous Page  1  2  3  Next Page 

Sign up for Computerworld eNewsletters.