Top 11 Data Breaches of 2011

2,285 views

Published on

Every year, motivations, tactics, and technologies shift as defenses change and attackers are forced to readjust. This presentation investigates what made 2011 data breaches different, novel, and innovative. The presentation examines the top eleven data breaches of 2011, compares data breach trends in 2011 versus 2010, and provides guidance for 2012 data security initiatives based on lessons from 2011.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,285
On SlideShare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
65
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Top 11 Data Breaches of 2011

  1. 1. Top 11 Ground-Breaking Data Breaches of 2011 Robert Rachwald Director, Security Strategy, Imperva
  2. 2. Agenda Compare data breach trends in 2011 versus 2010 Examine the top eleven data security breaches of 2011 Provide guidance for 2012 data security initiatives based on lessons from 2011
  3. 3. Today’s PresenterRob Rachwald, Dir. of Security Strategy, Imperva Research + Directs security strategy + Works with the Imperva Application Defense Center Security experience + Fortify Software and Coverity + Helped secure Intel’s supply chain software + Extensive international experience in Japan, China, France, and Australia Thought leadership + Presented at RSA, InfoSec, OWASP, ISACA + Appearances on CNN, SkyNews, BBC, NY Times, and USA Today Graduated from University of California, Berkeley
  4. 4. Looking Back
  5. 5. Volume of Stolen Data 250,000,000 200,000,000Volume of Data Taken 150,000,000 100,000,000 50,000,000 0 2009 2010 2011 Source: privacyrights.org
  6. 6. Volume of Stolen Data 250,000,000 200,000,000 VA BreachVolume of Data Taken 150,000,000 Heartland 100,000,000 Payment Systems Breach 50,000,000 0 2009 2010 2011 Source: privacyrights.org
  7. 7. Number of Data Breach Incidents 500 450Number of Data Breach Incidents 400 350 300 484 250 424 200 150 250 100 50 0 2009 2010 2011 Source: privacyrights.org
  8. 8. Volume of Stolen Data by Type 3,000,000 2,500,000 2,000,000Volume of Data Taken 2009 1,500,000 2010 2011 1,000,000 500,000 0 Insider Physical Loss Stationary Unknown Payment Device Fraud Source: privacyrights.org
  9. 9. Volume of Stolen Data by Type 140,000,000 120,000,000Volume of Data Taken 100,000,000 80,000,000 2009 60,000,000 2010 40,000,000 2011 20,000,000 0 Hack Portable Device Source: privacyrights.org
  10. 10. The Insider Threat Hacker Malicious Insider 29% 33% Non Malicious Insider 38%Source: Securosis 2010 Data Security Survey
  11. 11. Data Records Taken by Vertical I 140,000,000 120,000,000 100,000,000Volume of Data Taken 2009 80,000,000 2010 60,000,000 2011 40,000,000 20,000,000 0 Financial/Insurance Government Source: privacyrights.org
  12. 12. Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
  13. 13. Data Records Taken by Vertical II 14,000,000 12,000,000 10,000,000Volume of Data Taken 8,000,000 2009 2010 6,000,000 2011 4,000,000 2,000,000 0 Medical Education Other Retail Nonprofit Source: privacyrights.org
  14. 14. Number of Data Breach Incidents by Vertical 500 450Number of Data Breach Incidents 400 350 300 250 200 2009 150 2010 100 2011 50 0 Source: privacyrights.org
  15. 15. Software Security Spend Growth $16.50 $16.00 11% increase $15.50Billion $USD $16.50 $15.00 $14.50 $14.80 $14.00 $13.50 2009 2010 Source: Imthishan Giado. “Global security spend to blast past $16 billion.” ITP.net. 23 Aug 2010.
  16. 16. Cyber Crime Milestones
  17. 17. #1: In 2010, Digital Theft Exceeded Physical “Reported thefts of information and 1.7 1.8 electronic data have 1.6 1.4 risen by half in the 1.4 past year and for the 1.2 Digital first time have 1 Physical Assets Assets surpassed physical 0.8 property losses as the 0.6 biggest crime problem 0.4 for global 0.2 companies…” 0 Cost per $1BSource: Brooke Masters and Joseph Menn. “Data theft overtakes physical losses.” FT.com.18 Oct. 2010.
  18. 18. #2: Enterprises in the Cross Hairs “The bad guys have figured out that rather than getting $500 from 1,000 accounts you can get $500,000 from one corporate account in one go…”Source: Brooke Masters and Mary Watkins. “Hackers turn attention to corporate data theft.”FT.com. 18 Oct. 2010.
  19. 19. #3: Hacktivism Goes Corporate Lulzsec: team of hackers focused on breaking applications and databases Hacking for profit: strong similarity to the attacks employed by Lulzsec during their campaign Lulzsec used: + SQL injection (SQLi) + Cross-site scripting (XSS) + Remote file inclusion (RFI)
  20. 20. #4: Automation is Prevailing “investigators noticed a higher proportion of automation with respect to attack methods…”Source: Verizon Data Breach Report, 2010
  21. 21. #4: Automation is Prevailing Apps under automated attack: 25,000 attacks per hour. ≈ 7 per second On Average: 27 attacks per hour ≈ 1 probe every two minutes
  22. 22. #5: Security 2.0 May Be Coming “The top five security providers — led by Symantec and McAfee — accounted for 44 percent of the $16.5 billion worldwide security software market in 2010, according to Gartner. That’s down from 60 percent in 2006.” Source: Dina Bass and Zachary Tracer. “Hacker ‘Armageddon’ Forces Symantec, McAfee to Seek Fixes.” Bloomberg.com. 4 Aug. 2011.
  23. 23. #5: Security 2.0 May Be Coming “The security industry may need to reconsider some of its fundamental assumptions, including Are we really protecting users and companies?’” --McAfee, August 2011Source: Dan Rowinski. “McAfee to Security Industry: Are We Really Protecting Users andCompanies?‘” The New York Times. 23 Aug. 2011.
  24. 24. Top 11 Ground-Breaking Breaches of 2011
  25. 25. #11: Yale University
  26. 26. The Details Breach Size: 43,000 records Date: August 2011 Source: Network World Significance: + Google hacking in action + “The breach resulted when a File Transfer Protocol (FTP) server on which the data was stored became searchable via Google as the result of a change the search engine giant made last September.” + Yale blamed Google! Source: Jaikumar Vijayan. “Yale warns 43,000 about 10-month-long data breach”. Network World. 22 Aug. 2011.
  27. 27. #10: Cars for Sale Online
  28. 28. The Details Breach Size: + $44.5M in consumer fraud + 14,000 reported incidences to law enforcement Date: August 2011 Source: Network World Significance: + XSS attack moved victims to… + …Spoofed websites + Strong use of social networkingSource: Michael Cooney. “FBI warns of growing car-buying cyberscams”. Network World.16 Aug. 2011.
  29. 29. The Facebook Page Still Exists!
  30. 30. #9: Medical Records Leaked and Placed Online
  31. 31. The Details Breach Size: 300,000 medical records Date: September 2011 Source: Chicago Tribune Significance: + Highlights the persistent interest in medical records + Illustrates how criminals and non-criminals can use medical records – Criminals: Blackmail and public humiliation – Non-criminals: "The information can also be used by insurance companies to inflate rates, or by employers to deny job applicants." + Highlights the gaps with HIPAA HITECH + Foreshadows issues with broader digitization of electronic health records Source: Chicago Tribune, Sept. 2011.
  32. 32. #8: Cyworld
  33. 33. What is Cyworld?
  34. 34. The Details Breach Size: 35M records + Including phone numbers, email addresses, names, and encrypted information about the sites‘ members Date: July 2011 Source: BBC Significance: + Facebook claims 800M users today + Social engineering is one of the fastest growing topics in hacker forumsSource: “Millions hit in South Korean hack.” BBC News. 28 Jul. 2011.
  35. 35. #7: Facebook
  36. 36. The Details Breach Size: 7K downloads per week Date: September 2011 Source: code.google.com Significance: + Automated Facebook hacking + Broader implications for social networking: – Give job recommendations over Linkedin – Provide a bridgehead for further social engineering • Ask your IT Admin (over FB – since you are friends now!) “I cant login to something, can you reset may password?” • Defraud relatives with money scams: "Im stuck in Vegas with no money." Source: “fbpwn.” http://code.google.com/p/fbpwn/
  37. 37. How it Works
  38. 38. #6: Social Bots
  39. 39. The Details Breach Size: + A small array of scripts programmed to pass themselves off as real people stole 250 gigabytes worth of personal information from Facebook users in just eight weeks Date: November 2011 Source: The Register Significance: + Automated Facebook hacking + Highlighted the weaknesses of Facebook’s securitySource: Dan Goodin. “Army of socialbots steal gigabytes of Facebook user data.” The Register.1 Nov. 2011.
  40. 40. #5: PBS
  41. 41. The Details Breach Size: + Thousands of usernames/passwords breached + Tupac resurrected Date: May 2011 Source: The New York Times Significance: + Media wake up call + SQL injection becomes a common business termSource: John Markoff. “Hackers Disrupt PBS Web Site and Post a Fake Report About a Rap Artist.”The New York Times. 30 May 2011.
  42. 42. #4: Phone Hacking
  43. 43. The Details Breach Size: If you have to ask… Date: July 2011 Significance: + Hacking becomes part of our everyday lives + Anti-virus, firewalls, code review, etc…: USELESSSource: “News International phone hacking scandal.” Wikipedia.
  44. 44. #3: Sony
  45. 45. Need To Justify The Cost of Security?
  46. 46. The Details Breach Size: + 100M credit cards (12M unencrypted) Date: April 2011 Source: Playstation.blog Significance: + Security becomes a business problem, not just a set of technologies – Data governance just as important as financial reporting or brand management – Put the role of a CISO in perspective: You need one! Source: Patrick Seybold. “A Letter from Howard Stringer.” 5 May 2011.
  47. 47. #2: Government Web Sites for Sale
  48. 48. The Details Breach Size: Dozens of websites for sale Date: January 2011 Source: Krebsonsecurity.com Significance: “ “Amid all of the media and public fascination with threats like Stuxnet and weighty terms such as “cyberwar,” it’s easy to overlook the more humdrum and persistent security threats, such as Web site vulnerabilities. But none of these distractions should excuse U.S. military leaders from making sure their Web sites aren’t trivially hackable by script kiddies.” Source: Brian Krebs. “Ready for Cyberwar?” Krebsonsecurity.com. 21 Jan. 2011.
  49. 49. #1: Chinese Hacking Industry Exposed
  50. 50. The Details Breach Size: No one knows Date: April 2011 Source: Sky News Significance: + Highlights the partnership between government, hacking, and industry in China + Evidence that China is winning in their intention to be “the leader in information warfare” Source: Holly Williams. “Chinas Cyber Hackers Target Western Firms.” Sky News. 18 Apr. 2011.
  51. 51. Further Context
  52. 52. Further Context
  53. 53. About Imperva
  54. 54. Our Story in 60 Seconds Attack Usage Protection Audit Virtual Rights Patching Management Reputation Access Controls Control
  55. 55. Webinar Materials Get LinkedIn to Imperva Data Security Direct for… Answers to Post-Webinar Attendee Discussions Questions Webinar Webinar Slides Recording Link
  56. 56. www.imperva.com

×