Thursday, May 26, 2022

Unstructured data was a big target for attacks last year: Report

CISOs often focus on protecting structured data such as credit cards, passwords and personal health information. But a new report from IBM reminds infosec pros that unstructured data — ranging from the contents of email, source code and intellectual property — is just as high on the target list of attackers.

In fact, the report notes, the 5GB of data stolen from an Ontario casino ranks among the top global leaks of unstructured data last year. The breach at Casino Rama Resort allegedly included the facility’s IT information, financial reports regarding the hotel and casino, security incident reports, patron credit inquiries, collection and debt information and more.

That observation and others come from IBM’s 2017 Threat Intelligence Index (registration required), which looks back at 2016 makes some interesting conclusions.

Most readers, of course, will remember the hack of email from the U.S. Democratic Party as a prime example of a theft of unstructured data, incidents that are still in the headlines south of the border.

But the report also notes the April 2016 leak of 11.5 million documents from a Panamanian law firm which exposed offshore accounting of thousands of prominent people from around the world. Reporters from around the world have dipped into “Panama Papers,” as they were dubbed, which showed insider financials of several current and former heads of state, their friends and family, as well as businesspeople and celebrities.

To no-0ne’s surprise, 2016 was another record year for breaches, with over 4 billion gone out the door. That’s more than double the number of the two previous years combined, says IBM. However, it includes 1.5 billion records from breaches at Yahoo that were done in years previous years but only divulged in 2016. Four men, including one with dual Canadian citizenship, were charged earlier this month with one of those attacks.

Last year saw another dubious record:  The highest number of publicly disclosed software vulnerabilities (10,197), which doesn’t speak well for the industry’s skill at secure development — and those were only the publicly disclosed ones. Web application vulnerability disclosures made up 22 per cent of the total, a large majority of which were cross-site scripting and SQLi vulnerabilities.

“One positive development during 2016 is that many companies now are using more secure hashing functions such as bycrypt to store passwords,” the report says. “The result is that even after a breach, such as the theft of 43 million Weebly19 accounts and 87 million Daily Motion20 accounts in October, it may be more difficult to crack the passwords, devaluing the data and the scope of the attack.

“Still, given the frequently reported top 10 password lists that have been circulating for several years, it might be useful for web services to reject some of the most common passwords and require users to set something more secure.”

Spam has always been a pain for infosec pros, but in the last years the amount of it with malicious payloads has significantly increased, the report notes — and 85 per cent of it was ransomware. On the other hand the report notes that some criminals, including those behind the Dridex banking Trojan, are using less spam and more spear phishing to trap victims.  A number of cyber gangs are increasingly targeting businesses rather than consumers, the report says.

Finally, the report makes — another — plea to organizations to practice security fundamentals. “To complement a solid information security foundation,” it adds, “organizations can continue to engage in collaboration to learn best practices and share findings and insights with colleagues. The faster they react to cybercrime findings and share their experiences across the security community, the less time each malware variant can live and or see successful fraud attacks.”

The report uses both anonymized data from IBM monitored security clients and data derived from non-customer assets such as spam sensors and honeynets.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.