The 15 most common attacks in 2009 have been detailed by Verizon Business.
In its ‘An Anatomy of a Data Breach' report, its authors have tapped the company's detailed investigative records to identify, rank and profile the most common attacks. In total, the report details nearly 150 ways to detect and combat security threats.
It listed the top five most common security attacks as: keylogging and spyware; backdoor or command/control; SQL injection; abuse of system access/privileges; and unauthorised access via default credentials.
The following ten were as follows: violation of acceptable use and other policies; unauthorised access via weak or misconfigured access control lists (ACLs); packet sniffing; unauthorised access via stolen credentials; pretexting or social engineering; authentication bypass; physical theft of asset; brute-force attack; RAM scraper; and phising (and other ‘ishing' variations).
Dr. Peter Tippett, vice president of technology and innovation at Verizon Business, said: “This supplemental report seeks to address the thousands of inquiries we've received from companies around the world wanting a more detailed explanation of attacks, as well as requests for additional recommendations for deterring, preventing and detecting breaches.
“This follow-up analysis is aimed at helping organisations better safeguard their organisations by understanding the anatomy of a data breach and how cybercriminals work.”
Steve Hurn, CEO of Secerno, said: “The Verizon report holds few surprises for those of us in the security industry, because we have seen the same threats materialise over the past year. Three of the areas that lead to the most vulnerabilities – SQL injection, international criminal gangs, and threats by third party contractors – will continue to plague businesses in 2010.
“We expect SQL injections to rise in 2010, before the industry places the proper controls in place, and SQL injections could account for 90 per cent of breached records, if controls are not put in place quickly.