Top data breach trends in 2016 — Phishing, skimming rise; hacking holds ground
In a year marked by massive data breaches, trends report finds skimming and phishing made waves in 2016.When news broke in December of a massive data breach at Yahoo, it was met with a collective “This, again? Didn’t they just report a breach?” The company had, in fact, reported a record-breaking breach of 500 million user accounts three months earlier, but it was dwarfed by the December breach, which impacted over 1 billion records.That pair of record breaking breaches was a fitting way to cap off a year marked by massive data breaches. As security intelligence provider Risk Based Security (RBS) points out in its newly-released 2016 Data Breach Trends report, “six 2016 breaches have taken their place on the Top 10 List of All Time Largest Breaches.”By many measures, and not surprisingly, the data breach trend story for 2016 is one of explosive growth in the number of records exposed, from 822 million in 2015 to over 4.2 billion in 2016 — and “approximately 3.2 billion more records than the previous all-time high exposed in 2013.”■ RELATED: The 15 worst data security breaches of the 21st century
While the number of records exposed was far higher in 2016 than the year prior, the RBS report found that the total number of incidents declined from 4,326 in 2015 to 4,149 in 2016. Inga Goddijn, executive vice president of Risk Based Security, offered a couple of explanations for the decline in one measure and the growth in the other.
One explanation is that attackers were more targeted in their efforts. “[W]e also saw a number of successful targeted attacks using fairly straightforward methods, like the wave of phishing attacks targeting W2 data. Phishing is nothing new but scammers refined their approach — quite successfully — targeting HR personnel during the height of tax data preparation season. Over 100 companies and their employees were victims of this type of scam, resulting in data being used in fake tax return schemes,” said Goddijn.
Another explanation, however, is that year by year counts are inherently tricky and are as much an accident of categorization as anything. “This year, there were a handful of data thefts that occurred in prior years but only came to light in this year,” says Goddijn. “The two incidents at Yahoo are good examples. The first breach, impacting 500 million records, originated from an intrusion taking place at least as far back as 2014. The second event, compromising over 1 billion records, is believed to have resulted from an intrusion taking place in 2013 or possibly earlier. What is alarming about these types of events is that they were not detected earlier. In fact, the second, larger breach at Yahoo may not have been discovered at all had the first incident not triggered a deeper investigation.”
Phishing, skimming rise; hacking holds ground
In its 2015 report, RBS found that hacking was by far the top breach type, accounting for 2,540 incidents. Again in 2016 hacking took the top spot with 2,213 incidents, but it ceded some ground to other types of breaches.
For example, phishing, which was used in just 36 incidents in 2015 (not even making the top 10 list), was the third most common breach type in 2015, with 203 incidents.
“One of our key findings this year is if you go looking for the breach, chances are you will find it,” says Goddijn.
Goddijn says skimming is a good example of this. RBS’s 2015 report noted that skimming at gas pumps was rising and impacting the energy sector. That year skimming was the second most common breach type, used in 270 incidents. In 2016, skimming was again the second most common breach type, but had increased its share to 482 incidents.
“Several states launched investigations into skimming activity, sending investigators into the field to inspect gas pumps. That played a role in the increase number of skimming reports we saw this year,” says Goddijn. “Close inspection of pumps led to more skimming device discoveries. Clearly, a skimming event isn’t quite on par with responding to a large network intrusion, but it does illustrate the point that really, any organization that has data of value can be targeted.”
Table 1: Top 10 incidents by breach type
Taking a second swing
In 2016, 123 organizations reported multiple data breaches, Yahoo and Mossack Fonseca among them.
United States: Data Breach Trends — 2016: The Year Of Ransomware
Over the past year, the BakerHostetler Incident Response team has closely monitored data breach trends, and we are confident in concluding that 2016 was the year of ransomware. Nothing has had a greater impact or has been as widespread in 2016 than ransomware.
From a hospital in California to a police department in Massachusetts, ransomware has been a plague for organizations large and small. And yet, despite being around for years, 2016 was the year ransomware became an epidemic. Security firm Kaspersky Labs estimates that in the third quarter of 2016, a ransomware infection was occurring every 30 seconds, and a November 2016 study by SentinelOne found that half of all companies surveyed reported a ransomware attack in the past 12 months. With the FBI announcing that ransomware was on track to be a billion-dollar criminal enterprise, it’s no secret that money has been fueling this outbreak.
If you haven’t experienced a ransomware infection, don’t worry, you will. And while the impact of ransomware on your organization could be catastrophic, with advance preparation, it doesn’t have to be. The key is solid employee training, proper network segmentation and backups that are complete, up-to-date and regularly tested. Organizations that have prepared for an infection may find that ransomware is little more than a nuisance, much the way computer viruses and worms were back in the ’90s and early 2000s.
But don’t expect this threat to go quietly (or anytime soon). Ransomware has been surprisingly resilient. The phishing emails that propagate ransomware have become more sophisticated with some variants that have been known to target backup systems. Two trends that we expect to continue into 2017 include the use of full disk encryption by ransomware to deny access to the entire system and the use of ransomware as a method of monetizing hacking activities.
First, ransomware that utilizes full disk encryption denies access to both the files and the computer system it infects. This becomes an added pressure point because the infection impacts other aspects of the organization. For example, the San Francisco Transportation Authority experienced this type of ransomware firsthand when ransomware infected its ticketing system in November.
The second trend we expect to see in 2017 is the use of ransomware to monetize hacking activities. Some organizations do not take information security as seriously as they should, either because of a lack of resources or because they do not see themselves as a target due to the lack of valuable data, e.g., credit card information or financial data. These organizations might have experienced a breach in the past but might not have been aware because the attack did not affect their systems or operations. Ransomware provides an easy way for attackers to profit from their hacking activities. Small to medium-size businesses that are not prepared will be hurt the most by this trend.
Top Five Data Breach Trend Predictions for 2017
Aftershock password breaches will expedite the death of the password.
- What and Why: Companies will face the consequences of previous data breaches, as username and password information breached years prior (and often from an unrelated company) is continued to be sold through darknet markets.
- The Takeaway: Companies should consider (1) using multi-factor authentication to verify users to help solve the password reuse problem; (2) accounting for aftershock breaches in their data-breach response plans; and (3) educating customers about resetting their passwords and about the broader risk associated with password reuse across websites.
Nation-state cyberattacks will move from espionage to war.
- What and Why: Cyberattacks by hackers sponsored by foreign nations will likely continue to increase and escalate. Although these attacks are motivated by the desire to gain intelligence, they will lead to collateral damage to consumers and businesses through widespread outages or exposure of personal information.
- The Takeaway: Businesses should prepare for large-scale attacks, particularly if they are a part of critical infrastructure, by staying vigilant about their security measures and by considering purchasing proper insurance protection.
Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging.
- What and Why:
- Medical identity theft will remain cybercriminals’ top target, as medical information is lucrative and easy to exploit.
- Experian predicts that in the new year mega breaches will move on from focusing on healthcare insurers to distributed hospital networks, which might have more security challenges compared to centralized organizations.
- Experian also predicts that electronic health records (EHRs) will likely be a primary target for attackers, since EHRs are widely used and are likely to touch a compromised computer.
- The top breach vector will likely be ransomware because a disruption of healthcare system operations could be catastrophic and most organizations would rather opt to simply pay the ransom than fight the attack. According to the recent Office of Civil Rights (OCR) guidance, depending on the facts, ransomware attacks may be classified as breaches and require notification under the HIPAA Breach Notification Rule, in accordance with 45 CFR 164.404.
- The Takeaway: Healthcare organizations need to ensure they have proper, up-to-date security measures in place, including data-breach response plans in the event of a ransomware attack and adequate employee training about the importance of security.
Criminals will focus on payment-based attacks despite the EMV shift taking place over a year ago.
International data breaches will cause big headaches for multinational companies.
Thanks CSO, Mondaq, Lexology and for reading Breach Trends 2016
This Site is Blocked By Some Browsers, WOT And Parental Controls Triggered By TERMS and TOPICS of Internet Crime; Child Porn, Pornography Addiction, Sexting, Sextortion, Sexual Harassment. Children as young as nine years old are Watching Porn and Sexting.
Use the POWER of Social Media SHARING to HELP INCREASE AWARENESS of these important topics for Parents, Friends and our Children