The Verizon Breach Report – 4 Things Learned

Shimrit Tzur-David | May 27, 2019

Telecom giant Verizon Wireless recently released their annual Data Breach Investigation Report for 2019.

The Report lays out a data-driven assessment of threat trends and other stats on information-breach incidents over the previous year.

Looking over the Report’s 78 pages, several important realities about the state of authentication security come to light.

Stolen Passwords are Still #1 Threat

The 2019 report concludes that the use of stolen credentials accounts for the lion’s share of all data breaches from the past year. This should come as no surprise considering the data compiled in earlier Verizon studies. The company’s 2017 report famously made headlines throughout the world of IT when it revealed that 81 percent of data breaches were the result of compromised passwords. The current stats continue to hover around that figure, offset only slightly by the prevalence of other methods such as privilege abuse by employees.

This year’s report detailed that stolen credentials were obtained by primarily two methods, split pretty much down the middle in terms of commonality: phishing campaigns that convinced users to hand over their passwords, and hard hacking methods in which cybercriminals were able to penetrate a system and exfiltrate credential sets. This data demonstrates the dual vulnerability passwords present to systems. First, passwords are a factor users can be manipulated into revealing through social engineering. Second, even when users remain vigilant and protect credentials, their very existence gives hackers something which can be targeted for theft. These threats are unfortunately permanent features of credential-based authentication.

Human Tendency = Human Error

Verizon researchers make a strong point of highlighting the human error factor in exposing networks. For instance, the report underscores the fact that large numbers (perhaps the majority) of hacks could be prevented by implementing two-factor (2F) authentication. However, this relatively easy-to-use tool is often overlooked simply due to the inconvenience it causes users.

Along the same lines, the report also cites password reuse as a common violation employees commit with their credentials. This of course results in the exposure of one of the users accounts leading to the compromise of some or all of the others.

Bringing home the theme of human error, the Verizon report advises administrators to “monitor processes” used by employees for authentication to ensure that “a single mistake doesn’t result in a breach.” As we’ve highlighted several times on this blog, to err is human. Thus entrusting the keys to a system into human hands is setting up a security scheme for failure. Users will resort to all types of negligent practices to remember and keep track of passwords. In addition to those laid out by Verizon such as password reuse, users will do everything from write passwords on exposed post-its to creating overly simple, easy to guess passwords that are just asking to be hacked.

The Fatal Flaw: Remote Access and its Vulnerabilities

Due to today’s dynamic business environment, Remote Access Protocols have become central technological tools for many companies. However, making network access more accommodating doesn’t come without its risks. The Verizon report goes along way to emphasize just how compromising these protocols have been for many hacking victims. Highlighting the risks of remote access, Verizon cites several trends in data incidents over the past year. First is the pattern of hackers using remote access as an attack vector for digital Points of Sale, or POSs. Verizon asserts that the risk posed by remote access to POS servers is so great, that it is worth it for administrators to restrict this access despite the chance of this potentially compromising business needs. Second is the practice of hackers using remote access as a means of getting targeted data out of the system. After illicit access to a system is obtained, it has “become common” according to Verizon, for prized information to be exfiltrated 

by tunneling via a remote access protocol.

Third, and perhaps the most telling, is the significant increase in phishing attacks specifically designed to convince users to install remote access tools. Once the protocols are loaded onto a system, they help cybercriminals establish footholds within a network for a variety of attacks.

Verizon’s treatment of remote access and its risks points out the unique challenges with implementing this technology. Remote Access Protocols may be the single greatest example of how economic and logistical considerations often come in conflict with those of security. Opening the door for remote access may make it easier for employees to operate, but it also opens a slew of new opportunities for system breach.


Credential Stealing Hacks and Malware

Data compiled by Verizon points to the prevalence of attacks designed specifically to capture credentials. One particularly disconcerting point is the dramatic rise in victims of banking Trojans or other “credential-stealing malware.”  Furthermore, many hacks begun to be identified in which cybercriminals use advanced techniques to reach “restricted directories” including “private keys and password files.”

In fact, as Verizon’s research reveals, credentials were the second most common form of data stolen during system hacks in 2018.

The incredible vulnerability posed to networks by password-based authentication has been recognized by experts for years. Beyond all the opportunities passwords lay at the feet of would-be hackers, Verizon’s research points to a new danger, namely the crafting of penetration tools and techniques with the intended purpose of stealing credentials. This trend proves the point we’ve been hammering away at here on the Octopus Blog: as long as there is something for hackers to steal, they will find a way to obtain it.