Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Verizon 2014 Data Breach Report - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Verizon 2014 Data Breach Report

Verizon have released their 2014 Data Breach Report which is classified in 9 attack patterns, each have their own section grouped by industries. Their 60 pages reports provides some interesting statistics that are well illustrated, for example: servers are still the primary target because actors know that is where the data is likely to be. This isn't really a surprise that "They plainly show that attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade."[3]

The report can be downloaded here.

[1] http://www.verizonenterprise.com/DBIR/2014/
[2] http://www.verizonenterprise.com/DBIR/gfx/chart.png
[3] http://www.verizonenterprise.com/DBIR/2014/reports/rp_Verizon-DBIR-2014_en_xg.pdf

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Guy

424 Posts
ISC Handler
Interesting, a company that colludes with others to get data is writing about it? Hummm So who is monitoring the monitor? I will use the "onion" when visiting their site or other means to block their "widgets and beacons"


Quote:Debra Lewis, a Verizon Wireless spokeswoman, explained to me that when a customer registers on the company's "My Verizon" website to see a bill or watch TV online, a "cookie," or tracking software, is downloaded onto the customer's home computer.

Most cookies are benign, allowing websites to provide better service to frequent visitors.

Quote:Verizon Wireless' cookie allows a data-collection company working on Verizon's behalf — Lewis declined to name which one — to gather information on which sites you visit after you leave "My Verizon."


That information is "anonymized," Lewis said, to mask the Verizon customer's identity and is then shared with marketers, which can use the info to provide ads on the customer's Verizon Wireless device that match his or her home-computer interests.
ICI2Eye

52 Posts Posts
It's cool that they reference the SANS Critical Security Controls! Page 50
John

88 Posts Posts

Sign Up for Free or Log In to start participating in the conversation!