Forgot your password?
typodupeerror
Security IT

Fewer Hacked Records Does Not Mean Better Security 23

Posted by CmdrTaco
from the but-i-saw-a-chart dept.
snydeq writes "The total number of compromised records has dropped substantially over the past couple of years, but not because organizations have come up with a superior recipe for defending their networks, InfoWorld reports. Instead, attackers are continually employing more focused forms of attack, looking for company intellectual property and financial data. Moreover, the low hack rate is also indicative of increasing ambition on the part of criminals. 'Today's APT (advanced persistent threat) attacks are aimed at taking over entire companies. At that level, individual data records just aren't that interesting.'"
This discussion has been archived. No new comments can be posted.

Fewer Hacked Records Does Not Mean Better Security

Comments Filter:
  • by Toe, The (545098) on Tuesday April 26, 2011 @05:10PM (#35946980)

    ftfy

  • by afidel (530433) on Tuesday April 26, 2011 @05:11PM (#35946986)
    I think the PSN and Epsilon hacks from this quarter are about as big as anything I can remember (including the TJX hack) as far as number of users affected. The PSN one is huge because they didn't just get account names and CC numbers but also answers to challenge questions, data of birth, address, and unhashed passwords (wtf?), basically everything except SSN that you'd need to complete identity theft.
  • by internerdj (1319281) on Tuesday April 26, 2011 @05:14PM (#35947004)
    when you can just troll for all the information on facebook...
    • Because that only gets you onezies and twozies. Why not crack into the Sony network and get more juicy pickings, lots of them, and while you're at it, disrupt gamers and drive them mad?

      Facebook has few to no credit cards. If you brought them down, it would just mean people lost weight by getting some real exercise for a change.

  • by swanzilla (1458281) on Tuesday April 26, 2011 @05:18PM (#35947040) Homepage
    Verizon: Check out this report.

    InfoWorld: Meh. It could use thirty links and multiple pages.

  • by ivandavidoff (969036) on Tuesday April 26, 2011 @05:20PM (#35947058)
    From Verizon's 2011 Data Breach Investigations Report (p. 26)

    Table 8. Top 15 Threat Action Types by number of breaches and number of records

    Category Threat Action Type Short Name Breaches Records

    1 Malware Send data to external site/entity SNDATA 297 1,729,719
    2 Malware Backdoor (allows remote access / control) MALBAK 294 2,065,001
    3 Hacking Exploitation of backdoor or command and control channel HAKBAK 279 1,751,530
    4 Hacking Exploitation of default or guessable credentials DFCRED 257 1,169,300
    5 Malware Keylogger/Form-grabber/Spyware (capture data from user activity) KEYLOG 250 1,538,680
    6 Physical Tampering TAMPER 216 371,470
    7 Hacking Brute force and dictionary attacks BRUTE 200 1,316,588
    8 Malware Disable or interfere with security controls DISABL 189 736,884
    9 Hacking Footprinting and Fingerprinting FTPRNT 185 720,129
    10 Malware System/network utilities (PsTools, Netcat) UTILITY 121 1,098,643
    11 Misuse Embezzlement, skimming, and related fraud EMBZZL 100 37,229
    12 Malware RAM scraper (captures data from volatile memory) RAMSCR 95 606,354
    13 Hacking Use of stolen login credentials STLCRED 79 817,159
    14 Misuse Abuse of system access/privileges ABUSE 65 22,364
    15 Social Solicitation/Bribery BRIBE 59 23,361


    Honorable Mention at #16
    16 Hacking SQL Injection SQLINJ 54 933,157
  • That article will become invalid once the PS3 Network Hack is completely revealed.

    • by Nyder (754090)

      That article will become invalid once the PS3 Network Hack is completely revealed.

      You mean why the PSN is currently down? It seems, Sony, in it's infalliable wisdom, decided that since they PS3 could NOT get hacked, they made it so they didn't check CC# on the dev network. Apparently they made it so you could make Sony think your machine was a dev machine, and once on the dev network, they discovered other stuff, like Sony doesn't check CC#, they assume because you are on their network, you belong there.

      It's like leaving your keys in the car, locking the doors, but leaving a window o

      • by Nyder (754090)

        That article will become invalid once the PS3 Network Hack is completely revealed.

        You mean why the PSN is currently down? It seems, Sony, in it's infalliable wisdom, decided that since they PS3 could NOT get hacked, they made it so they didn't check CC# on the dev network. Apparently they made it so you could make Sony think your machine was a dev machine, and once on the dev network, they discovered other stuff, like Sony doesn't check CC#, they assume because you are on their network, you belong there.

        It's like leaving your keys in the car, locking the doors, but leaving a window open. And of course, you didn't noticed the window open until peeps were joyriding in your car, and stealing your CD's.

        Or, it's like having a cellphone that can pay your bills, turn your car on, etc, and you leave it somewhere. oh, and you don't password protect the cell phone.

        Sorry, the car example is wrong. Instead of a window down, it's like having a side window that doesn't lock, and you know the keys are in the car, but figured eveyone else will think it's locked since they shouldn't know about the broken lock on the window.

  • But I guess temporary blips in data make for lots of article writing.

  • They got in twice... Fix it Sony!

No amount of genius can overcome a preoccupation with detail.

Working...