PINDROP BLOG

By the Numbers: Data Breach Attack Tactics

Data breaches once were rare enough that every one was a big story. Remember ChoicePoint? Now they’re so commonplace that consumers hardly blink when they get a data breach notice or new credit card in the mail. It’s a part of modern life.

While these compromises are numbingly frequent, there’s a lot of data being gathered by experts who analyze how the breaches occur, to whom, when, and by whom. Verizon every year publishes a detailed report on data gleaned from its investigations into customers’ breaches. The report is dense and long, so we broke out some of the more interesting data from the most-recent version  of the Verizon Data Breach Incident Report to help fill out the picture.

Type of Attack Technique Seen in Breaches

  • Social engineering 16%
  • Financial pretexting 2%
  • Extortion 9%
  • Insider attack 12%
  • Partner misuse 4%
  • USB infection 33%
  • Peripheral tampering >1%
  • Hacktivists 3%
  • Rogue connection 4%Logic switch 33%
  • SQL injection 23%
  • CMS compromise 46%
  • Backdoor access 51%
  • DNS tunneling >1%
  • Ransomeware 4%
  • Sophisticate malware 32%
  • RAM scraping 55%

Many of these techniques are used in conjunction with one another, so a single breach could involve several of them. Much of that depends upon the kind of attacker, the target organization and applications, and the skill level of the attacker.

The five most frequently seen attacks in the previous three years in the DBIR report are:

1. Phishing—Phishing (or any type of *ishing)

2. Use of stolen creds—Use of stolen credentials

3. RAM scraper—RAM scraper or memory parser (capture data from volatile memory)

4. Brute force—Brute force attack

5. Export data—Export data to another site or system