Verizon: Hackers reuse stolen data

A new study from Verizon indicates that one retail cyberattack can lead to more incidents. 

According to the 2020 Verizon Data Breach Investigations Report (DBIR), the most frequent method of hacking in 287 incidents included in the study was stolen credentials, followed closely by exploiting vulnerable web app infrastructure. Brute force attacks were much less common.

Verizon analysis indicates this means that one retailer’s data breach can raise the risk to their own infrastructure. Hackers are amassing data stores of credentials from other retail attacks and trying them out against new victims.

Most attacks (75%) involved external threat actors. Only 1% involved partners and 1% involved multiple actors. Almost all attacks (99%) were financially motivated, with only 1% motivated by espionage. 

Looking at the types of data exposed in retail attacks, Verizon found the most common type of data compromised was personal (49%), followed by payment (47%), credentials (27%), and other (25%). 

The study also indicates that a trend toward retail cyberattacks targeting web applications and away from POS terminals, which began in 2014, is continuing in earnest. Close to 50% of studied incidents involved web applications in 2019, while incidents involving POS terminals were in the low single figures.

Verizon also analyzed the top terms in hacking data from criminal forum and marketplace posts:

1.    Personal
2.    Payment
3.    Credentials
4.    Medical
5.    Internal