Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks

Verizon Business Issues 2009 Supplemental Data Breach Report
  • 15 December, 2009 12:05

<p>Verizon Business Issues 2009 Supplemental Data Breach Report Profiling 15 Most Common Attacks</p>
<p>‘Anatomy of a Data Breach’ Sheds New Light on How and Why Attacks Occur</p>
<p>Sydney, AUSTRALIA – 9 December 2009 – The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold.</p>
<p>In its “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” Verizon Business security experts tap the company’s detailed investigative records to identify, rank and profile the most common attacks. For each type of attack, the report provides real-world scenarios, the warning signs, how the attack is orchestrated, how attackers got in, what information they took, what assets the attackers targeted, what industries are commonly affected, and what countermeasures are effective. In total, the report details nearly 150 ways to detect and combat security threats.</p>
<p>This latest installment in Verizon’s data breach study series is based on the “2009 Verizon Business Data Breach Investigations Report,” issued in April. That landmark study analysed more than 90 forensic investigations involving 285 million compromised records.</p>
<p>(NOTE: To download high-resolution images relating to the supplemental report, visit:</p>
<p>“This supplemental report seeks to address the thousands of inquiries we’ve received from companies around the world wanting a more detailed explanation of attacks, as well as requests for additional recommendations for deterring, preventing and detecting breaches,” said Dr. Peter Tippett, vice president of technology and innovation, Verizon Business. “This follow-up analysis is aimed at helping organisations better safeguard their organisations by understanding the anatomy of a data breach and how cybercriminals work.”</p>
<p>Top 15 Most Common Security Attacks</p>
<p>The 2009 Verizon Business Supplemental Data Breach Report identified and ranked by frequency the following top 15 types of attacks:</p>
<p>1. Keylogging and spyware: Malware specifically designed to covertly collect, monitor and log the actions of a system user.</p>
<p>2. Backdoor or command/control: Tools that provide remote access to or control of infected systems, or both, and are designed to run covertly.</p>
<p>3. SQL injection: An attack technique used to exploit how Web pages communicate with back-end databases.</p>
<p>4. Abuse of system access/privileges: Deliberate and malicious abuse of resources, access or privileges granted to an individual by an organisation.</p>
<p>5. Unauthorised access via default credentials: Instances in which an attacker gains access to a system or device protected by standard preset (widely known) usernames and passwords.</p>
<p>6. Violation of acceptable use and other policies: Accidental or purposeful disregard of acceptable use policies.</p>
<p>7. Unauthorised access via weak or misconfigured access control lists (ACLs): When ACLs are weak or misconfigured, attackers can access resources and perform actions not intended by the victim.</p>
<p>8. Packet Sniffer: Monitors and captures data traversing a network.</p>
<p>9. Unauthorised access via stolen credentials: Instances in which an attacker gains access to a protected system or device using valid but stolen credentials.</p>
<p>10. Pretexting or social engineering: A social engineering technique in which the attacker invents a scenario to persuade, manipulate, or trick the target into performing an action or divulging information.</p>
<p>11. Authentication bypass: Circumvention of normal authentication mechanisms to gain unauthorised access to a system</p>
<p>12. Physical theft of asset: Physically stealing an asset.</p>
<p>13. Brute-force attack: An automated process of iterating through possible username/password combinations until one is successful.</p>
<p>14. RAM scraper: A fairly new form of malware designed to capture data from volatile memory (RAM) within a system.</p>
<p>15. Phishing (and endless “ishing” variations): A social engineering technique in which an attacker uses fraudulent electronic communications (usually e-mail) to lure the recipient into divulging information.</p>
<p>In addition to the extensive threat catalogue, the supplemental report includes an appendix that compares Verizon’s caseload with DataLossDB, a public database of reported incidents worldwide.</p>
<p>To access the Verizon Business 2009 Supplemental Report, click below:</p>
<p>A complete copy of the 2009 Data Breach Investigations Report is available at:</p>
<p>To blog about this report, visit us at: .</p>
<p>About Verizon Business</p>
<p>Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world’s most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today’s extended enterprises of widespread and mobile customers, partners, suppliers and employees – enabling them to increase productivity and efficiency and help preserve the environment. Many of the world’s largest businesses and governments – including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions – rely on our professional and managed services and network technologies to accelerate their business. Find out more at</p>
<p>VERIZON'S ONLINE NEWS CENTRE: Verizon news releases, executive speeches and biographies, media contacts, high-quality video and images, and other information are available at Verizon's News Centre on the World Wide Web at To receive news releases by e-mail, visit the News Centre and register for customised automatic delivery of Verizon news releases.</p>
<p>Note to Editor: Phone interview opportunities are available with Verizon Business’ Melbourne based spokesperson, Mark Goudie, managing principal, Forensics Practice, Verizon Business Asia Pacific.</p>
<p>Media Contact:</p>
<p>Gabriel Wong</p>
<p>Max Australia</p>
<p>+ 61 2 9954 3492</p>

Most Popular

Editor's Recommendations

Solution Centres


View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release