Verizon Data Breach Report Shows Hackers Are Up to Old Tricks

Written by: |
 
The recently-released 2015 Verizon Data Breach Investigations Report (DBIR), one of the industry's most comprehensive studies, shows that hackers are using long-established tactics and decade-old software bugs to cause data breaches. 
 
Phishing attacks and crimeware—two well-known cybercrimes—are rising in popularity. More alarming is that the majority of software bugs being exploited to cause breaches are old bugs that companies have failed to patch, a mistake that offers a perfect opportunity for hackers.
 
"Any adversary that is determined and persistent is particularly hard to avoid. If they poke around long enough, they'll find a hole," says Wade Baker, vice president of strategy and risk analytics at ThreatConnect and a contributor to the DBIR.
 
Data breaches frequently expose sensitive data, putting consumers at risk for identity theft. Here are some of the threats detailed in the 2015 DBIR:

Verizon Data Breach Report Shows Hackers Are Up to Old Tricks

Threat 1: Phishing and social engineering are more successful.

If you open a phishing email and click on its link, you may inadvertently install malware onto your device or network. The DBIR reports that of those users who open phishing messages and click on the links, 50 percent do so within the first hour, which doesn't leave a lot of time for someone to intercept the attack before the damage is done. 
 
"Humans are inherently curious and trusting," says Baker. After years of being trained to click on links that appear interesting, most users do not pause to consider how harmful these links can be, he says.
 

Threat 2: Old bugs are still compromised.

Software vulnerabilities, or "bugs," are errors in programs and applications, and they're a favorite target of cybercriminals. The Heartbleed bug put users at risk of having their secure data and passwords stolen, while the ShellShock bug allowed outsiders to gain access to protected systems. When these bugs are discovered, software makers release patches to protect your devices, but as the DBIR shows, some businesses fail to get them.
 
According to Baker, companies fail to install patches either because of neglect or because they use a legacy system that might not work with the new patches. But by not addressing these fixable problems, they leave their systems vulnerable to cyberattacks.
 

Crimeware accounts for 25 percent of all breaches.

Crimeware is malware designed specifically to aid in stealing money or confidential information. It includes ransomware, which blocks access to a computer system and holds it for ransom, and massive malware strains like the Gameover Zeus botnet, which stole banking credentials from computers until the FBI and Department of Justice interrupted it in 2014.  
 
Consumers whose devices become infected with crimeware risk having their financial data stolen or all of their digital data held for ransom until they pay to get it back. If your financial information is compromised, your bank accounts could be emptied and debts run up in your name. If you refuse to pay a ransom to get your files back, anything that you didn't save externally could be lost. 
 
Staying clear of malicious links and phishing is nearly impossible, but, according to Baker, a smart user can make a big difference. 
 
"To infect a system, crimeware typically exploits a software vulnerability or exploits the user in some way," he says. "Thus, being careful and keeping systems, operating systems, browsers, etc., up to date is important."
 
When you see a message asking for your personal information, do your research before clicking a link or responding.
 
According to a report on a major Verizon data breach, hackers are still using the same old tactics to steal financial information. $portalUtil.addPageDescription($seo-description.getData(), $request) verizon data hack, crimeware malware, phishing email $portalUtil.addPageKeywords($seo-keywords.getData(), $request)

Buy Now

Medical Identity Theft

Protect yourself from medical identity theft. Learn how to detect and prevent your personal identity from being used for unauthorized medical services.

How Secure is Your Email?

If an outsider were to gain access to your email account, he or she could use the information stored within it to abuse your identity.

"I definitely feel like someone stole something from me...I felt very much violated."

Catalog and 1-800 orders quickly pile up when Pat's identity is stolen.

Common Questions

What is identity theft? How do criminals use your personal information against you? Find out here.