Report: Cyber Attacks go Social

Monday, May 6, 2013 @ 09:05 AM gHale


Social engineering is becoming more of an attack tool as hackers are frequently relying on tactics such as phishing, to compromise computing devices and email accounts.

The proportion of security breaches incorporating social tactics using email, phone calls and social networks to gain information on people was four times higher in 2012 from the previous year, according to the Verizon 2013 Data Breach Investigation Report (DBIR).

RELATED STORIES
Malware Costs Consumers $4B a Year
‘Cyber risk Intelligence’ for Total Security
Firms Don’t Budget to Protect IP
Manufacturing Most Attacked Industry

Twenty-nine percent of security breaches used social tactics, according to the DBIR report, which used data and analysis from 19 global organizations including law enforcement agencies, research institutions, private security firms and national incident-reporting entities.

Companies, even those with tight cyber security, should be wary of the trend. Even tight corporate security programs have suffered bypass as a result of social engineering, the report said. Hackers also have gone after high-value targets in their personal lives, using social tactics like phishing, doxing, and watering hole attacks to compromise personal email accounts and computing devices.

That means back door hackers are increasingly gaining access to personal accounts or company’s system is through the social aspect.

Targeting specific key personnel isn’t a new tactic. But more organizations are now considering extending corporate security into the living rooms of their CEOs, according to the DBIR.

Another troubling trend is that the sophistication level of attacks is growing, most use basic methods that require little or no customization or resources.

Other 2012 highlights from the report:
• More than 47,000 reported security incidents
• 621 confirmed data breaches
• Large-scale financial cybercrime accounted for 75 percent of attacks
• 20 percent of attacks were state-affiliated espionage campaigns, which included cyber threats aimed at stealing intellectual property to further national and economic interests.



Leave a Reply

You must be logged in to post a comment.