The Verizon Data Breach Investigations Report and easyJet
A quick look at how DBIR research helps in understanding a specific incident
By pulling data from 81 contributing organizations worldwide, the annual Verizon Data Breach Investigations Report (DBIR) not surprisingly generates some pretty comprehensive results. (NETSCOUT is one of those data providers, continuing what our ASERT research team has been doing for a long time.) So how do you get the most from it? In a recent Twitter thread, NETSCOUT AVP of Engineering Hardik Modi took a somewhat different approach:
It's #DBIR day and once again @NETSCOUT is a data provider for @VZDBIR, continuing what @ASERTResearch has been doing for a very long time. I might recap key findings later but I thought it'd be fun to do a thread looking at this from the DBIR perspective https://t.co/yEUt2nlq8i— Hardik Modi (@hardikmodi) May 19, 2020
Instead of reading the report in a vacuum, so to speak, he used a story about easyJet’s recent data breach to show how DBIR research helps in understanding a specific incident, while making it clear that this was an example:
Up front, important disclosure - I have no knowledge of this incident outside of what's in that media report. This thread is to show how the #DBIR helps in understanding such reporting— Hardik Modi (@hardikmodi) May 19, 2020
Modi then summarizes the key details and places them within the context of the report:
Key details - confirmed breach, not just an incident. Note they did a regulatory reporting+notification to customers. Could be up to ~8m records, but thankfully only 2208 credit cards. If this had been in the #DBIR, it would have been one of the 3950 breaches in the final dataset pic.twitter.com/hJ2xsN0REB— Hardik Modi (@hardikmodi) May 19, 2020
From there, the deep trove of DBIR research helps adds important context:
Narrowing down to the sector, you can see how little reporting there is around such breaches. Large transportation reports only 6 breaches in the period of coverage. pic.twitter.com/ICrMqYX17g— Hardik Modi (@hardikmodi) May 19, 2020
Making a little assumption that this was the result of something on their site (like Magecart) or a targeted intrusion (only yielded ~2200 cards? huh). That fully aligns with kiosks/ram-scrapers going down as EMV cards are widely adopted and all the action is now server side pic.twitter.com/3athvlgls8— Hardik Modi (@hardikmodi) May 19, 2020
And then zero'ing in on Transportation, this is pretty common - lots of Misconfiguration and this looks squarely like a criminal heist. Unless it was a false-flag! And I'm not going there pic.twitter.com/nqMFgtkswN— Hardik Modi (@hardikmodi) May 19, 2020
As highly lucrative targets, airlines have attracted interested from attackers for some time, as ASERT noted last year. That’s where free tools such as NETSCOUT’s Cyber Threat Horizon can help. Create a free account and access DDoS attack information specific to your industry, such as, perhaps, Transportation….
Download NETSCOUT’s most recent Threat Intelligence Report for more deep-dive research findings.
You can find the full DBIR here.