Verizon details breaches they were called in to investigate
If at all possible, organizations like to keep details of the breaches they suffered under wraps, mostly to safeguard their reputation and to minimize legal trouble.
As Verizon Enterprise Solutions’ Clare Ward recently noted, this plays to the advantage of cybercriminals, enabling them to reuse successful breach tactics time and time again on new, unsuspecting organizations. That’s why the company chooses to share stories about different breaches its Threat Research Advisory Center team was called to investigate.
Last year, it released a Data Breach Digest that gathered 16 cybercrime case studies. This year, each of the 18 case studies has been released separately.
The case studies
Each story is told from a different perspective, and from a different business sector. Each of them details the lessons learned and offers advice on detection, response, mitigation and prevention.
Some tell the by-now familiar stories of a business losing money to BEC scammers and social engineering attacks hitting the IT help desk.
Other studies deal with cyberespionage, cryptojacking, PoS intrusions, ICS attacks, complex identity theft scenarios, and more.
For example, the The Card Shark study details a payment card data compromise involving unauthorized ATM withdrawals that ended up unearthing poor physical security, a rogue system connected to the network, network design and digital security posture flaws, and a SIEM that did the job but there was no one tasked with reviewing and investigating alerts.
The Flutterby Effect tells the tale of “frozen pages” when customers attempted to submit payment on the company’s checkout webpage that turned out to be an effect of payment card data-slupring and exfiltration code inserted into the production environment.
The Eclectic Slide describes an attack against an organization in the energy sector that started with a spear phishing email carrying a Microsoft Word document that downloaded a malicious payload and ended with the company identifying a number of improvements that can help them be more prepared for future attacks.
The Slivered Lining details a years-long enterprise compromise by an known APT group who got in after compromising a Managed Service Provider used by the target.
The rest of the studies can be downloaded here.
“By opening up Verizon’s cybercrime files via the Data Breach Digest scenarios, we are offering a panoramic insider’s view of the cyber threat activities in an effort to share what we have seen with other organizations around the global. Our hope is that we can learn together – and in doing so, better equip ourselves in the fight against cybercrime,” Ward explained.