The latest Verizon DBIR 2014 report published last week is clearly showing that the use of stolen credentials became the most common attack vector in 2013. In our upcoming webcast, Matt Hathaway and I will discuss how user-based attacks are becoming the no. 1 "threat action" (in Verizon's words) and how organizations can detect and investigate these attacks in a faster, more efficient way.
Combined with phishing as the 3rd most used attack vector in 2013, we see a clear trend: an increasing amount of attackers break into the network by compromising users, either through stealing their credentials or by using social engineering methodologies:
When looking at specific attack types, such as the now infamous compromise of POS machines, DBIR identifies the stolen password as the 2nd most common cause of POS compromises, accounting for 38% of these events (brute forcing into the POC device is still the no. 1 most common method of intrusion).
The sad stats of the DBIR clearly show how all of us security professionals lag behind the attackers when it compares the time taken to compromise a POS machine vs. the time it actually took to detect the intrusion.
While machine compromise and data exfiltration happen in a brief moment (87% compromised POS occurred within seconds or minutes, and 88% of data exfiltration happened within minutes from the intrusion), only in 1% of the cases were the intrusions detected within days. In fact, detection will take weeks in 85% of these cases and, even worse, months in 13% of the cases. This is too late. Way too late.
UserInsight was developed to detect compromised users at each stage of an attack: the leveraging of user credentials to break into the network, attacker movement inside the network and the access of critical assets, such as POS servers. You may try a free limited-features edition here.