Data breaches on the rise as attacks get more complex

New crimeware attack pattern emerges, which combines Web loggers, DDoS attacks, and spamming to target organisations

There were 1361 confirmed data breaches reported worldwide in the first calendar quarter of 2014, up 119 per cent on the 621 breaches during the same period last year, according to Verizon.

The networking firm's 2014 Data Breach Investigations Report also found that there were over 63,000 security incidents during the quarter, up from 47,000 a year earlier.

Verizon Australia senior solutions consultant Aaron Sharpe said the reason data breaches have “got worse” since last year is that the types of breaches and sophistication of these attacks has become more “complex and extensive.”

For example, a pattern which the vendor has labelled crimeware has emerged. Crimeware brings together Web loggers, distributed denial of service (DDoS) attacks and spamming to target companies for financial gain, he said.

“The primary goal of crimeware is to gain control of systems as a platform for stealing credentials, launching distributed denial of service (DDoS) attacks or spamming. When Web loggers and other software is chained together, it can lead to a breach or security incidence.”

According to the Verizon report, there were 12,535 reported incidents of crimeware globally.

Sharpe said organisations should keep anti-virus software and Web browsers up to date and consider implementing configuration change monitoring to reduce their risk.

Meanwhile, there were 16,554 incidents due to miscellaneous errors, the majority of these were due to human error such as people sending sensitive emails or documents to the wrong person. Another common mistake was posting private information to a public folder or even an external website.

He recommended that organisations consider implementing data loss prevention software to reduce instances of sensitive documents getting sent by email.

“People should also tighten up processes around posting documents to internal and external websites and scan the Web for non-public data,” he added.

Insider and privilege misuse was also a big trend with 11,698 incidents reported.

Sharpe said this misuse can be caused by system administrators or people from outside who are paying off staff that have access to key information.

“It could also be an employee who is ticked off or angry with the organisation and wants to cause some damage.”

The corporate local area network (LAN) was used to steal information in 85 per cent of reported cases, the report said. Top targets including the public sector, real estate, transportation, manufacturing and mining companies.

Sharpe recommended that companies and government agencies review user accounts.

“Having identified who has access to sensitive data, implement a process for revoking access when employees give notice or are dismissed. IT staff should also set up controls or watch for data transfer out of the organisation.”

Lost and stolen assets, such as laptops accidently left at airports, continued to be a problem for organisations with 9704 cases reported globally. The report suggested that organisations should encrypt devices.

“Considering how often assets go missing, encryption is as close to a no-brainer as it gets. While it won’t affect the changes of an asset going missing, it can save a lot of financial and reputation damage,” read the report.

Finally, there were 3937 Web application attacks reported during the quarter. These attacks occur when vulnerabilities in applications are exploited. Three out of four Web application attacks were attributed to activist groups such as Anonymous.

“They typically exploit some weakness in the application and then go to the press and say `Look what we have done,’” Sharpe said.

Organisations should patch their content management system (CMS) to try and stop these attacks, Sharpe said.

“If you’re committed to an active platform such as WordPress, set up an automated patch process. If this isn’t possible, develop one and stick to it. Consider switching to a static CMS. Instead of executing code to generate this content for every request, this will pre-generate pages and reduce the opportunity for exploits.”

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia