Get a behind-the-scenes look at cyber investigations

Verizon data breach investigation
ID:119191184

The cyber investigations report shows how to identify signs of a data breach and ways to quickly investigate, contain and recover from a breach

In the secretly-shrouded world of data breach investigations, few know what goes on in the field. Verizon has unveiled its first Data Breach Digest, a behind-the-scenes look at cyber investigations that tell the stories behind the Data Breach Investigations Report (DBIR), developed by Verizon Enterprise Solutions.

The new report from Verizon’s Research, Investigations, Solutions and Knowledge (RISK) Team details 18 real-world data breach scenarios based on their prevalence and/or lethality in the field. 12 of the cases represent more than 60% of the 1175 cases investigated by the RISK team over the past three years while the other six are less common but more lethal.

For each scenario, you go through a detailed analysis of how the attack occurred, level of sophistication, threat actors involved, tactics and techniques used and recommended countermeasures. All data is categorized according to the standardized VERIS – Vocabulary for Event Recording and Incident Sharing – Framework used to compile the DBIR.

The report will help businesses and government organizations understand how to identify signs of a data breach, important sources of evidence and ways to quickly investigate, contain and recover from a breach.

‘The research suggests that at any given time, the vast majority of incidents fall into a small number of actual breach scenarios,’ said Bryan Sartin, managing director, the RISK Team, Verizon Enterprise Solutions. ‘There is tremendous commonality in the breaches we see and investigate on behalf of our clients.’

The report groups the 18 scenarios into four different types of breaches and gives each a personality, including these select examples:

The human element

  • Social engineering – The Hyper Click
  • Partner misuse – The Busted Chain

Conduit devices

  • Peripheral tampering – The Bad Tuna
  • Hacktivist attack – The Dark Shadow

Configuration exploitation

  • Backdoor access – The Alley Cat
  • CMS compromise – The Roman Holiday

Malicious software

  • Data ransomware – The Catch 22
  • RAM scraping – The Leaky Boot

In an effort to preserve anonymity, Verizon has modified/excluded certain details of each real-world situation including changing names, geographic locations, quantity of records stolen and monetary loss details. Everything else has been imported straight from Verizon’s case files.

The Verizon RISK Team performs cyber investigations for hundreds of commercial enterprises and government agencies across the globe. In 2015, the RISK team investigated more than 500 cybersecurity incidents in more than 40 countries.

In 2008, the results of this team’s field investigations were the genesis of the first Data Breach Investigations Report, an annual publication that dissects real-world data breaches with the goal of enlightening the public about the nature of threat actors behind the attacks, the methods they use, including the data they seek and the victims they target.

To access the full digest, visit: http://verizonenterprise.com/databreachdigest

Verizon data breach report