//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

2016 Verizon Data Breach Investigations Report (DBIR): Insights from Unit 42


Palo-Alto-Networks-Logo

The ninth annual edition of Verizon’s Data Breach Investigations Report (DBIR) has just been released, and Palo Alto Networks is proud to have contributed data and analysis to help make the report as comprehensive as possible. Palo Alto Networks is committed to sharing threat intelligence across the security industry, exposing the evolving nature of threats, in order for organizations to better protect themselves.

This year we extracted a massive dataset from the AutoFocus threat intelligence service on over 38 million sessions carrying over 2.7 million unique malware samples. We worked with the Verizon team to add context to these samples with AutoFocus tag data, illuminating what campaign or family they were associated with.

Rapidly evolving malware

The DBIR team combined our data with intelligence collected from other contributors, coming to the conclusion that the life span of malicious samples is typically very low (i.e. samples are very rarely used more than a few times). The report found that “99% of malware hashes are only seen for 58 seconds or less,” lending credence to the critical need for constantly updated protections deployed back to the network, lest organizations risk being infected by rapidly changing malware.

DBIR 1

Shifts in Crimeware

In many ways, this report suggests that the threat landscape has not shifted significantly from the 2015 report. However, it does present one compelling insight into the rise of a threat that is top of many people’s minds, ransomware. The graph below is the average price per payment card record in USD over the last 5 years (Source: Intel Security).

DBIR 2

If you were a cyber criminal and had previously focused on stealing credit cards data with malware, the supply of new card numbers into the market in the last few years has made your life very hard. A 76% drop in the price of your offering over 5 years is devastating, and that might make you look for alternative ways to monetize the computers you infect with malware. This graph is a near inverse of the ramp we’ve seen in ransomware attacks between 2013 and today, adding more evidence to suggest cyber criminals may be abandoning certain forms of fraud to focus on their ransomware business model.

Overall, the 2016 DBIR underscores how time-tested techniques for infecting organizations continue to be responsible for the vast majority of breaches. While there may be shifts in monetizing attack, such as moving from stolen credit cards to holding machines for ransom, attackers continue to rely on their old tricks. Primarily motived by profit, we expect cyber attacks to continue going back to highly effective tactics like spearphishing or comprise by infected websites.

[Palo Alto Networks Research Center]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,638 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,533 other followers

Twitter Updates

Archives

April 2016
M T W T F S S
« Mar   May »
 123
45678910
11121314151617
18192021222324
252627282930  
%d bloggers like this: