CIRCL takes part in the 2015 Data Breach Investigation Report

Verizon has just released its 2015 Data Breach Investigation Report DBIR, which presents the major security trends, threats and attacks for the year 2014. The report analyses more than 2,122 confirmed data breaches and 79,790 reported security incidents over the past year alone.

This year again, the Computer Incident Response Center Luxembourg (CIRCL) largely contributed to the report, among 70 other public and private organizations from around the world.

Unpatched vulnerabilities and big financial losses

The report reveals that the attacks have become increasingly sophisticated and that attackers still rely heavily on old techniques such as phishing and hacking. Besides, the total financial loss from the 700 million compromised records has been estimated to $400 million. As the report points out, the on-time or immediate patching of certain vulnerabilities would in turn cost much less for a company and contribute to diminish financial losses.

Another important fact revealed throughout the document, is that many existing vulnerabilities remain open, often because security patches were never implemented. A high number of vulnerabilities can be traced back to 2007.

Increase of the attacks on Point-of-Sales

The RAM-scraping malware has also been on the rise and are present in some of the most high-profile retail data breaches. Several new families of RAM-scrapers aiming at point-of-sale (POS) systems have been discovered. “This type of malware has been expanding the past year and has also been impacting European’s Point-of-Sales. The problem is that the PoS RAM-scrapers target systems processing debit and credit card transactions and steal the sensitive payment information. The losses can easily total millions of dollars worldwide”, explains Alexandre Dulaunoy from CIRCL.

Closing the gap between sharing speed and attack speed

The report shows that in 60% of breaches, attackers are able to compromise an organisation within minutes and 75% of attacks spread from “Victim 0” to “Victim” 1 within one day. There is also often a “detection deficit” or the time that elapses between a breach is occurring until its discovery.

“The idea here is that if you share within 24 hours the information about the attack you have been facing with the community, there is then less risk that it will spread further. Also, as the reports recommends, if one produces threat intel, he should focus on quality as a priority over quantity, and bare in mind that the context is key”, says Raphaël Vinot, from CIRCL.

The Malware Information Sharing Platform (MISP) co-developed by CIRCL allows organisations to share information about any malware they encounter and gain awareness about existing malware. The aim is to help improving the counter-measures used against targeted attacks and set-up preventive actions. More information here:

To see the full report: