6--数据泄露报告

©2010Verizon.AllRightsReserved.PTE1462607/102010DataBreachInvestigationsReport3MethodologyDataSource•VerizonBusinessInvestigativeResponseTeam•NEW:UnitedStatesSecretService(USSS)CollectionandAnalysis•VERISframeworkusedtocollectdataafterinvestigation•Casedataanonymizedandaggregated•RISKIntelligenceteamprovidesanalyticsDataSample•6yearsofforensicinvestigations(notinternalVerizonincidents)•900breaches,900millionstolenrecordsincombineddataset4VERISFrameworkTheIncidentClassificationsectionemploysVerizon’sA4threatmodel12345IncidentasachainofeventsAsecurityincident(orthreatscenario)ismodeledasaseriesofevents.Everyeventiscomprisedofthefollowing4A’s:Agent:WhoseactionsaffectedtheassetAction:WhatactionsaffectedtheassetAsset:WhichassetswereaffectedAttribute:Howtheassetwasaffected©2010Verizon.AllRightsReserved.PTE1462607/102010DataBreachInvestigationsReportRESULTS&ANALYSIS6Assets&Data7Demographics8ThreatAgents9ExternalAgents910ExternalAgents1011InternalAgents12PartnerAgents13ThreatActions14HackingTypes15HackingPathways16MalwareInfectionVector17MalwareFunctionality18MalwareCustomization20MisuseTypes21TimelineofEvents22Assets&Data23Assets&Data24Conclusions&Recommendations25Conclusions&RecommendationsAssetsMostdatacompromisedfromservers&appsDesktops/laptopsincreasing;relatedtostolencredentialsMostcriminalsinterestedincashableformsofdataDiscovery&ResponseDiscoverystilltakesalongtimeandislargelyduetothirdpartiesResponseandcontainmentslowandpronetomishapMitigationThebasics–ifdoneconsistently–aresufficientinmostcasesKeepoutsidersout;theyareincreasinglydifficulttocontrolonceinRestrictandmonitorinsiders;disableaccesswhentheyleaveInmonitoringevents:lookoutforhaystacks–notneedlesPlan,prepare,train,andtestforatimelyandeffectiveresponse26DBIR:::securityblog.verizonbusiness.comEmail:dbir@lists.verizonbusiness.com