Top Banner
IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge
16

IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

Mar 29, 2015

Download

Documents

Isis Prentis

computer program files

infected program

pristine program

malicious program

different program

program answers

combat computer viruses

computer systems

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 376NOVEMBER 5, 2013

2013 DATA BREACH INVESTIGATIONS REPORTBy The Verizon RISK Team

Research Investigations Solutions Knowledge

Page 2: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

COMPUTER SECURITYCOMPUTERS AND NETWORKS WERE ORIGINALLY DEVELOPED TO FACILITATE ACCESS,

NOT TO RESTRICT IT.

SOFTWARE/HARDWARE SYSTEMS KNOWN AS FIREWALLS ARE OFTEN USED TO PROVIDE “CHOKE POINTS” FOR COMPUTER SYSTEMS.

• THEY PREVENT UNAUTHORIZED LOGINS FROM THE OUTSIDE WORLD.

• THEY AUDIT THE TRAFFIC ENTERING AND EXITING THE SYSTEM.

• THEY MAY BE USED TO BLOCK OUTGOING DATA TO UNAUTHORIZED DESTINATIONS.

IS 37611/5/13PAGE 2

Page 3: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 3

DENIAL OF SERVICE ATTACKS“DENIAL OF SERVICE” ATTACKS CONSIST OF THE CONSUMPTION OF A

LIMITED RESOURCE, USUALLY NETWORK CONNECTIVITY, IN AN EFFORT TO DENY LEGITIMATE ACCESS TO THAT RESOURCE.

IN THIS TYPE OF ATTACK, THE ATTACKER BEGINS THE PROCESS OF ESTABLISHING A CONNECTION TO THE VICTIM MACHINE, BUT DOES IT IN SUCH A WAY AS TO PREVENT THE ULTIMATE COMPLETION OF THE

CONNECTION.

IN THE MEANTIME, THE VICTIM MACHINE HAS RESERVED ONE OF A LIMITED NUMBER OF DATA STRUCTURES

REQUIRED TO COMPLETE THE IMPENDING CONNECTION.

THE RESULT IS THAT LEGITIMATE CONNECTIONS ARE DENIED WHILE THE VICTIM MACHINE IS WAITING TO

COMPLETE BOGUS "HALF-OPEN" CONNECTIONS.

Page 4: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 4

VIRUSESA VIRUS IS A COMPUTER PROGRAM FILE CAPABLE OF ATTACHING TO

DISKS OR OTHER FILES AND REPLICATING ITSELF REPEATEDLY, TYPICALLY WITHOUT USER KNOWLEDGE OR PERMISSION.

SOME VIRUSES ATTACH TO FILES

SO WHEN THE INFECTED FILE EXECUTES, THE

VIRUS ALSO EXECUTES.

OTHER VIRUSES SIT IN A COMPUTER'S

MEMORY AND INFECT FILES AS THE COMPUTER OPENS,

MODIFIES OR CREATES THE FILES.

SOME VIRUSES DISPLAY SYMPTOMS, AND SOME VIRUSES DAMAGE FILES AND COMPUTER SYSTEMS.

Page 5: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 5

HOW DO VIRUSES WORK?A COMPUTER VIRUS PIGGYBACKS ON ANOTHER FILE TO “INFECT” A SYSTEM.

WHEN A USER RUNS AN INFECTED PROGRAM, THE COMPUTER STARTS BY COPYING THE

PROGRAM FROM THE DISK (OR THE WEB), WHERE IT IS STORED AND INACTIVE, INTO

RAM, WHERE IT CAN BE EXECUTED.

THE VIRAL CODE BEGINS RUNNING FIRST, WHILE THE INFECTED

PROGRAM IS STILL QUIESCENT.

THE VIRUS COPIES ITSELF IN A PART OF RAM SEPARATE FROM THE PROGRAM SO THAT IT CAN CONTINUE ITS WORK EVEN AFTER THE USER STARTS RUNNING OTHER SOFTWARE.

ITS INITIAL WORK DONE, THE VIRUS PASSES CONTROL BACK TO THE

INFECTED PROGRAM.

WHEN THE USER RUNS A DIFFERENT PROGRAM, THE DORMANT VIRUS

BEGINS RUNNING AGAIN.

IT INSERTS A COPY OF ITSELF INTO THE PREVIOUSLY UNINFECTED

SOFTWARE SO THAT THE CYCLE OF VIRULENCE CAN REPEAT.

Page 6: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 6

FIGHTING VIRUSESVARIOUS TECHNIQUES HAVE BEEN DEVELOPED TO COMBAT

COMPUTER VIRUSES.

GENERIC ANTIVIRAL PROGRAMFLAGS ACTIVITIES - SUCH AS THE

ALTERATION OF CRITICAL SITES IN RAM OR PARTICULAR FILES ON DISK - THAT ARE LIKELY TO ARISE FROM A

VIRUS IN ACTION. PREVENTING THESE ILLICIT ACTS WILL NOT

ELIMINATE THE VIRUS BUT CAN STOP IT FROM INFECTING ADDITIONAL

PROGRAMS OR INTERFERING WITH THE COMPUTER'S NORMAL

OPERATION.

SIGNATURE SCANNERSEARCHES A USER'S DISKS

LOOKING FOR FRAGMENTS OF PROGRAM CODE THAT APPEAR

IN KNOWN VIRUSES.

ANTIVIRAL SNAPSHOTSCAPTURE MATHEMATICAL

"FINGERPRINTS" OF CRUCIAL PROGRAMS AND DATA. SUBSEQUENT CHANGES

STRONGLY SUGGEST VIRAL INFECTION. ADVANCED

ALGORITHMS CAN USE THE ORIGINAL FINGERPRINTS TO

RECOVER A PRISTINE PROGRAM FROM THE VIRUS-ALTERED

VERSION.

Page 7: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

WORMSWORMS ARE PARASITIC COMPUTER PROGRAMS THAT

REPLICATE, BUT UNLIKE VIRUSES, DO NOT INFECT OTHER COMPUTER PROGRAM FILES.

WORMS CAN CREATE COPIES ON THE SAME COMPUTER, OR CAN SEND THE COPIES TO OTHER

COMPUTERS VIA A NETWORK.

WORMS OFTEN SPREAD VIA E-MAIL OR CHAT APPLICATIONS.

IS 37611/5/13PAGE 7

Page 8: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 8

PROTECTION AGAINST WORMS

STEP ONEA WORM FINDS A TARGET BY SCANNING

INTERNET ADDRESSES AT RANDOM UNTIL IT FINDS ONE LEADING TO A

LOCAL NETWORK.

IT THEN ISSUES REQUESTS TO A LOCAL SERVER PROGRAM, SUCH AS ONE

GOVERNING E-MAIL OR FILE EXCHANGES.

WHEN THE PROGRAM ANSWERS, THE WORM TRIES TO CRAWL IN.

PART ONE: DETECTION

STEP TWOWHEN THE WORM ATTACKS A NETWORK PROTECTED BY A DEDICATED MACHINE USING WORM-DETECTION SOFTWARE, SOME OF ITS RANDOM REQUESTS WILL TARGET THAT MACHINE’S ADDRESSES,

WHICH ARE UNLISTED.

THE MACHINE CAN THUS DETERMINE, WITH HIGH RELIABILITY, THAT THE

REQUESTS ARE HOSTILE.

Page 9: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 9

PROTECTION AGAINST WORMS

STEP THREETHE DEDICATED MACHINE RESPONDS WITH FAKE SERVICES THAT PRESENT

THE WORM WITH THE APPEARANCE OF A NETWORK FULL OF MACHINES AND

SERVICES.

THE FALSE FAÇADE TRICKS THE WORM INTO REVEALING ITS IDENTITY, SO THAT

IT CAN BE TRACKED TO EVERY MACHINE IN THE NETWORK.

PART TWO: DISINFECTION

STEP FOURONCE THE WORM IS CORNERED,

ADMINISTRATORS ISOLATE INFECTED MACHINES, CLEAN THEIR FILES OF EVERY TRACE OF THE WORM, AND PATCH THE OUTER WALL

OF THE NETWORK SO THAT THE SAME KIND OF WORM CAN NEVER PENETRATE THAT FAR

AGAIN.

Page 10: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 10

TROJAN HORSESA TROJAN HORSE IS A MALICIOUS PROGRAM

THAT PRETENDS TO BE A BENIGN APPLICATION.

A TROJAN HORSE PROGRAM PURPOSEFULLY DOES SOMETHING THE

USER DOES NOT EXPECT.

TROJAN HORSES ARE NOT VIRUSES SINCE THEY DO NOT REPLICATE, BUT THEY CAN BE

JUST AS DESTRUCTIVE.

ONE TYPE OF TROJAN HORSE, KNOWN AS A LOGIC BOMB, IS SET TO EXECUTE WHENEVER A SPECIFIC EVENT OCCURS

(E.G., A CHANGE IN A FILE, A PARTICULAR SERIES OF

KEYSTROKES, A SPECIFIC TIME OR DATE).

Page 11: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 11

PORT SCANNERSA NETWORKED COMPUTER

GENERALLY HAS ONE PHYSICAL CONNECTION (E.G., A CABLE)

CONNECTING IT TO THE NETWORK.

BEFORE CLOGGING THE NETWORK WITH HEAVY TRAFFIC,

TRANSMITTING MACHINES WILL SEND A SHORT MESSAGE TO MAKE

SURE THAT THE RECEIVING MACHINE WILL ACCEPT THE TYPE OF MESSAGE BEING SENT, I.E., TO SEE IF

THE RECEIVER’S PORT FOR THAT TYPE OF MESSAGE IS “OPEN”.

PORT SCANNER SOFTWARE IS USED TO DETERMINE WHETHER A MACHINE HAS ANY

OPEN PORTS AND, IF SO, A MALICIOUS SENDER CAN EXPLOIT THAT VULNERABILITY

BY FLOODING THE PORT WITH TRAFFIC, CAUSING A BUFFER OVERFLOW IN THE

RECEIVER’S MEMORY, WHICH CAN CAUSE THE MACHINE’S MEMORY TO BE OVERWRITTEN WITH BITS THAT CAN ALTER THE MACHINE’S

BEHAVIOR.

HOWEVER, THE MACHINE HAS SEVERAL NETWORK PORTS, 16-BIT

PREFIXES THAT INDICATE WHAT KIND OF MESSAGES ARE BEING

COMMUNICATED (E-MAIL, FILE TRANSFER, WEB PAGE, ETC.).

Page 12: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 12

PACKET SNIFFERS ARE SOFTWARE PROGRAMS THAT INTERCEPT

AND LOG TRAFFIC PASSING OVER A NETWORK.

PACKET SNIFFERS

COMMONLY USED BY NETWORK ADMINISTRATORS TO ANALYZE NETWORK TRAFFIC PROBLEMS AND TO DETECT ATTEMPTS AT

NETWORK INTRUSION, THEY CAN ALSO BE USED TO GAIN INFORMATION TO ASSIST SOMEONE WHO WISHES TO INTRUDE, TO

SPY ON OTHER NETWORK USERS, AND TO COLLECT SENSITIVE INFORMATION (E.G., PASSWORDS).

Page 13: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 13

2013 DATA BREACH REPORT - A4 Threat Overview: ACTORS

Page 14: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 14

2013 DATA BREACH REPORT - A4 Threat Overview: ACTIONS

Page 15: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 15

2013 DATA BREACH REPORT - A4 Threat Overview: ASSETS

Page 16: IS 376 NOVEMBER 5, 2013 2013 DATA BREACH INVESTIGATIONS REPORT By The Verizon RISK Team Research Investigations Solutions Knowledge.

IS 37611/5/13PAGE 16

2013 DATA BREACH REPORT - A4 Threat Overview: ATTRIBUTES


Related Documents
2019 Data Breach Investigations Report · Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this

2019 Data Breach Investigations Report · Confidential and....

Category: Documents
Insider Collusion Attack on Privacy-Preserving Kernel ... › ~hchsiao › pub › 2016_IEEE_access.pdf‘‘2015 Verizon Data Breach Investigations Report,’’ [1] attacks from

Insider Collusion Attack on Privacy-Preserving Kernel ......

Category: Documents
Breach Investigations Report - SOVA · Verizon 2016 Data Breach Investigations Report 6 Breach trends Playing a part on the blue team in information security can, to a very small

Breach Investigations Report - SOVA · Verizon 2016 Data...

Category: Documents
2019 Verizon Data Breach Investigations Report2019/10/16  · Verizon confidential and proprietary. Unauthorized disclosure, reproduction or other use prohibited. 2 73 CONTRIBUTING

2019 Verizon Data Breach Investigations Report2019/10/16...

Category: Documents
docs.fcc.gov€¦  · Web viewComments invited on application of Verizon California Inc., Verizon Delaware LLC, Verizon Maryland Inc., Verizon New Jersey Inc., Verizon New York Inc.,

docs.fcc.gov€¦  · Web viewComments invited on...

Category: Documents
SQL Injection Myths and Fallacies - O'Reilly Mediaassets.en.oreilly.com/1/event/36/SQL Injection Myths and Fallacies... · 2009 Data Breach Investigations Report Verizon Business

SQL Injection Myths and Fallacies - O'Reilly...

Category: Documents
Secure Application to Application Password Management€¦ · According to the 2016 Verizon Data Breach Investigations report, 63% of confirmed data breaches involved weak, default

Secure Application to Application Password...

Category: Documents
Security incidents, weaknesses and vulnerabilitiesnew.dcs.fmph.uniba.sk/files/biti/l01-weaknesses-2018.pdf · Verizon – 2017 Data Breach Investigations Report (1) I summary of 2016,

Security incidents, weaknesses and...

Category: Documents
Verizon FiOS TV User Guide - My Verizon Email - Verizon News and

Verizon FiOS TV User Guide - My Verizon Email - Verizon News...

Category: Documents
Self-governing compliance doesn’t work here anymore...Verizon Data Breach Investigations Report 2015 Confirmed Serious Incidents With Card Losses Verizon Data Breach Investigations

Self-governing compliance doesn’t work here...

Category: Documents
Advanced Threat Protection€¦ · Verizon 2015 Data Breach Investigations Report, April 2015 Gartner. Designing an Adaptive Security Architecture for Protection From Advanced Attacks.

Advanced Threat Protection€¦ · Verizon 2015 Data Breach...

Category: Documents
Reviewing the 2017 Verizon DBIR - Robert Hurlbut...What is the Verizon DBIR? The Verizon Data Breach Investigations Report (DBIR) was first released in 2008 with data breach data from

Reviewing the 2017 Verizon DBIR - Robert Hurlbut...What is.....

Category: Documents