What tools are hackers using to access businesses’ networks?

Highlights from the 2016 Verizon Breach Investigations Report (Part 2 of 3)

On our previous post regarding what puts a business at risk of a data breach, we showed you that regardless of the business’ size, location or industry, many of them are targets to hackers.

So how are hackers getting into these businesses’ networks and stealing data?

There are 3 items to focus on before we speak about the type of incidents that lead to a breach: vulnerabilities, phishing and credentials.

It is important to understand what these 3 items mean as they are usually present in many of the attacks that are classified as breaches in the Data Breach Investigation Report.

• Vulnerabilities:

  These weaknesses in a network are what every business should protect themselves from.

  However, according to the report, many existing vulnerabilities remain open. Older vulnerabilities are still being targeted and businesses are not pursuing a permanent procedure to fix these vulnerabilities.

• Phishing:

  These are ways in which hackers will deceive malware through mediums such as an email, attachment or an ad. Once the recipient opens or clicks on one of these malicious links, the recipient becomes the next hacker’s victim.

  A perfect example of this is ransomware which has been and continues to affect many businesses, especially in the healthcare and financial sector.

• Credentials:

  We can’t stress enough the importance of strong and Two-Factor Authentication passwords.

  Stolen credentials continue to be the main causes of breaches. In fact, 63% of confirmed breaches in 2015, involved weak, default or stolen passwords.

With that said, let’s dig into the some of the patterns on the DBIR that caused breaches in 2015:

• Web App attacks

  Web App attacks were the number one cause of breaches in 2015.

  This is due to vulnerabilities in the application as well as weak credentials which mostly affected the finance, information and retail industries. The application layer is after all, the hardest for businesses to defend.

  The reality is that businesses need to keep up with their customers’ wants and needs. In today’s world, a customer will expect to do quite everything through a website: request info, pay online, order online, view information, submit their own information, view records, etc.

  Hence, businesses are creating this great complex infrastructure that is then making the web application servers a target for any hacker.

• Point-of-Sale Intrusions

  Point-of-Sale Intrusions follow right under Web App attacks with the most breaches in 2015. Remote attacks to these systems is the main occurrence, followed by actual physical tampering or swapping out devices.

  If a business takes credit cards, it is important to know that merchant is responsible for securing the POS environment and protecting credit card information. It is not the POS Company’s responsibility.

• Payment Card Skimmers

  As if taking care of the POS environment isn’t enough of a task… Payment card skimmers made the list of top causes of breaches in 2015 as well.

  When a POS device has a skimming device implanted to it, is called tampering. This skimming device will then read the magnetic stripe data from any payment card that is swiped and steal all the credit card information they need.

  Hence, a bit of physical security will be needed here.

• Cyber-espionage

  The last pattern to touch upon from the DBIR is Cyber-espionage. This is mainly any unauthorized access to a network or system with the purpose of espionage. Hence it is mostly common in the public, information, and manufacturing industry.

  The use of phishing leads hackers to use malware as the entry point. If phishing isn’t used, then the browser or plug-in vulnerabilities are the next options for hackers.

  A secure and monitored internal environment is key to preventing hackers from doing this to any business.

These are only a few ways a hacker can access a business’ data. We have provided a few of the patterns explained in the DBIR, however, businesses must understand that these can be prevented with the correct team and procedure in place.

Next week, we will discuss solutions that a business can do to prevent each of these threats.

It is important to keep in mind, that if a business does not have the IT staff to fully manage a network, a third party with experience can always help. Let our team give you a hand! At Netsurion, we have years of experience in managing network security to prevent any of the incidents explained earlier.