Verizon just released its 2012 Data Breach Investigative Report which contains findings contributed by global agencies such as the U.S. Secret Service, the Dutch High Tech Crime Unit, the Irish Reporting and Information Service, the Australian Federal Police and the London Metropolitan Police. I thought it would be good to put together a quick summary covering application security specific highlights in the report. Enjoy!
81% of attacks utilized some sort of Hacking. Within hacking there is a stark difference between large and small organizations. SQL injection comes in 3rd after use of stolen login credentials and exploitation of backdoor or command and control channel. It is tied with dictionary attacks. This data shows large organizations have much more application security risk than small organizations.
SQL Injection comes in 8th overall for threat action when malware, physical, and social engineering are included.
This breakdown by larger organizations in this year’s DBIR helps highlight our target customer pain much better. 10% of all hacking breaches were web application related for all orgs but 54% for large organizations! How can a large organization not have a web application security program after seeing this data?
Our recommendations will be driven off of Table 8, which is in the Threat Action Overview section, and shows the top ten threat actions against larger organizations. Rather than repeat the whole list here, we’ll summarize the points we think represent the largest opportunities to reduce our collective exposure to loss:
- Keyloggers and the use of stolen credentials
- Backdoors and command control
- Brute force
- SQL Injection
Written by: Chris Wysopal