Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

Takeaways from the Verizon 2017 Data Breach Investigation Report

The annual Verizon Data Breach Investigations Report (DBIR) was released earlier this month to much anticipation, hitting a big milestone with its tenth-anniversary edition. And once again, it’s proving to be one of the most referenced data breach reports in the cyberworld and a must-read for industry leaders and security professionals across the globe.  


For this year’s DBIR, data was collected from nearly 2,000 confirmed breaches and 42,000 security incidents from 20 different industries, spanning across 84 countries. Verizon security experts analyzed the submitted data and put together an extensive look at today’s cyber-universe.



The report opened with this quote: “Hope is the pillar of the world” – Pliny the Elder, and then took us on a 70+ page ride of what went wrong, but with a tiny glimmer of hope shining throughout. Hope that you may view this report as a way to learn and understand the different threats to your industry, how they will impact your organizations, and how to support your ongoing security efforts. Read on to find out Checkmarx’s key takeaways from the Verizon 2017 Data Breach Investigations Report report.


The trouble continues for the financial industry

Yet for another consecutive year, financial organizations still rank as top targets for cyberattacks, with 24% of the total reported breaches hitting the financial sector. Financial, along with healthcare and public sector organizations accounted for more than half of the breaches analyzed in this report.


Some of 2016’s biggest breaches – Yahoo, AdultFriendFinder, and Dropbox to name a few – show where the most victims came from: sites that are used by millions, with simple logins, and where users provide personal information such as email addresses, names, phone numbers, and sometimes even payment information. These mega sites are, without question, precisely what cybercriminals are after, due to the mass amounts of data that can be collected with a single breach.


Methods and tactics

To start, it is important to bear in mind that a mind boggling 88% of breaches analyzed for this year’s DBIR all fall into one of nine patterns Verizon recognized in 2014, including web-app attacks, Denial of Service, payment card skimmers, human errors and cyber-espionage.


It’s interesting to see that web apps are still leading the list of attack vectors. Though, it’s quite understandable when considering the fact that web (and mobile) apps have a direct communication channel with businesses infrastructures, including users databases and billing platforms. Leveraging weaknesses in web apps allows cybercriminals to spare efforts on infiltrating the first (and sometimes the second) lines of defence, including firewalls, IPS and web application firewalls.


Verizon found that 80% of hacking-related breaches leveraged weak, stolen or compromised credentials, and over half of the analyzed breaches included a form of malware. And with over one billion credentials stolen last year, weak, stolen or compromised credentials stand as a leading security vulnerability.


An additional conclusion by Verizon shows how social engineering has become an effective method used by cybercriminals, as 43% of breaches started on social media.


Gone phishing

We often preach that security awareness is key; we must encourage teams across organizations to be vigilant and constantly aware of potential attacks in order to avoid them. A great example from this DBIR shows that 1 in 14 users (in an average company with over 30 employees) fell for a phishing scam by clicking on an unverified link or downloading a suspicious attachment. Furthermore, 25% of those very victims were tricked yet a second time. This only strengthens the obvious need for security awareness across the board.





From this DBIR, it’s stated that 7.3% of users were successfully phished, from either a link or an email attachment. We also learn that 95% of the successful phishing attacks were followed by a software installation that led to a breach, in addition to that malicious email attachments are the cause of 66% of malware installed on victim’s devices.


Ransomware on the rise

Ransomware is now the fifth most popular in the malware club, and is a common result of successful phishing attacks. This growth is, in part, due to new and improved ransomware technology and methods, and that these methods are more widely available than ever before, making this type of malware easy enough for nearly anyone to use.





In the chart above, the growth of ransomware in 2016 heightened in the first two quarters, before dropping slightly in the third quarter and dropping significantly in the fourth quarter.


The expansion of cyber-espionnage

Out of the nearly 2,000 breaches analyzed for this year’s DBIR, 300 of them were espionage-related. In large, this report concludes that cyber-espionage is the most common form of attack on manufacturing, education, and public sector organizations. It’s also important to note that many of these cyber-espionage attacks started as phishing emails. DBIR analysis attribute this to “proliferation of proprietary research, prototypes and confidential personal data”.


Web Application Attacks

The Web Application Attacks section of the 2017 DBIR consisted of 6,502 incidents with 571 confirmed data breaches. The total number of reported incidents has been on the rise steadily for the past couple of years, though the number of breaches from these incidents is lower. The usage of stolen credentials and SQL Injections are among the most commonly used attack methods in web application attacks.


The main takeaway from this section of the DBIR is that the main attack vector is insecure applications, and organizations across the board underestimate the significance of web apps. Web apps are notoriously known to be filled with vulnerabilities and weaknesses due to flaws in the code and a serious lack of security testing, showing a big need for improvement on that front.


Denial of Service

The number one incident clarification pattern found in the 2016 DBIR was miscellaneous errors, and it was officially been dethroned by Denial of Service (DoS) attacks in this year’s report, with 11,246 reported incidents and five confirmed data breaches. Large organizations were targets of 98% of DoS attacks, and the industries hit by the most attacks were Finance, Information, Professional Services, and Entertainment.
It’s right to observe that the average size of DoS attacks has decreased; most attacks don’t last more than a few days, and the vast majority of attacks did not result in a breach. That being said, some of the DoS attacks in 2016 were some of the strongest ever, most notable was Mirai’s DoS attack against Dyn in October 2016.






Talk to us about your code’s security

Jump to Category