LEARNING EXPERIENCES FROM

VERIZON BREACH INVESTIGATIONS

Kenneth Hee
Director, APAC
Identity Management & Security

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

Safe Harbor Statement

The following is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracles products remains at the sole discretion of Oracle.

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

2014 Verizon Data Breach Investigations Report

50

95 %

CONTRIBUTING GLOBAL ORGANIZATIONS

THE UNIVERSE OF THREATS

MAY SEEM LIMITLESS,
BUT 92% OF THE 100,000
INCIDENTS VERIZON
ANALYZED FROM THE LAST 10
YEARS CAN BE DESCRIBED BY
JUST NINE BASIC PATERNS.

1,367
CONFIRMED DATA BREACHES

63,437
SECURITY INCIDENTS

95
COUNTRIES REPRESENTED

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

50 Contributors from Around the World

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

The Threat Landscape is Changing

Cyber attacks happen faster and more often than everand they're harder to
discover.
SECONDS

MINUTES

MONTHS
HOURS
DAYS
WEEKS

FREQUENCY

COMPROMISE

DISCOVERY

Multiple attacks
happen per second.

87% of point-of-sale attacks

compromised systems in
minutes or less.

62% of cyber-espionage
breaches took months
to discover.

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

All Industries are affected

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

Motive

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

55%
Organized Crime

24%
Espionage

2%

Hacktivists
Source: Verizon Data Breach Investigations Report, 2013

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

Hacktivists

Industry:
Target:
Source:
Methods:

Information, public, other services

Personal information, credentials, organizational data
Western Europe and North America
SQL injections and stolen credentials
Source: Verizon Data Breach Investigations Report, 2013
Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

10

Espionage

Industry:
Target:
Source:
Methods:

Manufacturing, professional, and transport

Credentials, internal data, trade secrets
Worldwide
Malware, social, command and control
Source: Verizon Data Breach Investigations Report, 2013
Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

11

Organized Crime

Industry:
Target:
Source:
Methods:

Finance and Retail

Payment cards, credentials, and bank accounts
Eastern Europe and North America
Brute force hacking and malware
Source: Verizon Data Breach Investigations Report, 2013
Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

12

Follow The Money

TranUnion
Equifax
Experian
Korea Credit Bureau

Credit Bureaus
BC Card, Korea
Samsung Card
NAB, Australia
Citibank, Singapore

Payment Card Industry

Acquiring Bank

Issuing Bank

(Merchant Bank)

PNC
BluePay
PayPal
Merchant One

Payment Card
Processors

Commonwealth
Citibank
Agricultural Bank of China

(Consumer Bank)
SquareTwo
Euler Hermes
Atradius

Collection Agency

7-Eleven
Woolworths
Lotte

Merchant

Card Holder
(Consumer)

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

13

Anatomy of a Breach
Millions of consumers effected
Attacker phishes third
party contractor

Finds & infects point of sale

systems with malware

PERIMETER

Malware scrapes RAM for

clear text credit card stripe
data

Finds and infects

internal Windows
file server

Attacker uses stolen

credentials to access
contractor portal

Malware sends credit

card data to internal
server; sends custom
ping to notify

Stolen data exfiltrated to

FTP Servers

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

14

5 Years of Threat Actions

5 Years of Threat Actions:

Phishing leading to Stolen Credential

5 Years of Threat Actions:

RAM Scrapers

5 Years of Threat Actions:

RAM Scrapers and Keyloggers

Stolen Credentials
phishes privileged
Steals privileged user
1. Attacker
2.
employee or contractor
credentials

credentials to access
3. Uses
sensitive data, hiding
under radar

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

19

SQL Injection Attack

inserts bad SQL
SQL takes advantage of
1. Attacker
2.
into web application field
application code

communicates
3. Injection
through to database and

vulnerability
Name:

reads/writes to data

statement = "SELECT * FROM users

WHERE name ='" + userName + "';"

Address:
Phone:

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

20

0%
Data breaches detected by antivirus programs or intrusion
detection systems

Source: Verizon 2013 Data Breach Investigations Report

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

21

THE RISKS ARE INSIDE

SIMPLE GOVERNANCE CAN REDUCE THE RISK EXPOSURE

50%

76%

85%

80%

MALWARE
PROPOGATE BY
MISCONFIGURATION

OF ORGANIZATIONS
TAKE 6 MONTHS+
TO PATCH DBs

ATTACKS
TAKE 5 MINUTES OR
LESS

TARGET
WEAK PASSWORDS

VDBIR 2014

IOUG 2013

VDIR 2014

VDIR 2014

Copyright 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential Internal

22

TAKE A SYSTEMATIC VIEW

Quality of
Service
Risk
Mitigation
Audit
Controls

Discover

Classify

Risk
Analysis

approach
that aligns with business
requirements and
automates controls.
Establishes ongoing

Copyright 2014, Oracle and/or its affiliates. All rights reserved. |

23

DEFENSE
IN-DEPTH

SECURITY
INSIDE
OUT

SECURE
WHATS
STRATEGIC

Copyright 2014 Oracle and/or its affiliates. All rights reserved. |

24