Data breaches

Financial losses from leaks

Main article: Losses from data breaches

Financial losses from data leaks cause significant damage to the company's business, and sometimes can destroy it. If criminals cannot get a ransom from the company, they put the data up for sale. Read more in the article:

• Prices for user data in the cybercriminal market

Leaks in Russia

• Data breaches in Russia
• Data leaks in the Russian public sector
• Data leaks from Russian banks
• Data leaks of telecom operators in Russia

• Fines for data breach in Russia

Loud leaks

Below are statistics on information leaks. High-profile incidents of information leaks are described in the article:

• High-profile leaks

Data breaches in the public sector

• Data leaks in the Russian public sector
• Data leaks in the public sector of countries of the world

Data breaches in healthcare settings

Main article: Data breaches in healthcare facilities

Data breaches in IT companies

Main article: Data breaches in Microsoft

Data leaks in social networks

Main article: Data leaks in social networks

Chronicle of incidents in the world

2023

The volume of leaked data in the world doubled to 47.24 billion records

In 2023, the number of leaks of confidential information in the world increased by 61.5%, for the first time reaching a five-digit figure - 11,549 incidents in which at least 47.24 billion personal data records were compromised. This is more than two times (by 111.5%) more than a year earlier, analysts at the expert analytical center (EAC) of the InfoWatch Group of Companies calculated. However, even such a large figure most likely looks underestimated, since only 38.7% of the incidents in 2023 became aware of the number of compromised personal data records. Representatives of InfoWatch Group of Companies shared such information on April 11, 2024, publishing a report on the results of the study "Information Leaks in the World, 2022-2023."

Interestingly, against the background of the general growth in the number of information leaks in the world, the share of Russian organizations in 2023 almost halved - from 10.8% to 5.7%. According to analysts, this indicates the adoption of effective measures to counter external cyber threats against the background of a difficult foreign policy situation, as well as effective prevention of internal incidents - in particular, through the use of modern DLP systems. On the other hand, positive changes in statistics may partly be the result of an increase in the proportion of hidden leaks, information about which did not fall into the public field.

In addition, EAC analysts note that in the Russian Federation the share of external attacks among the causes of information leaks has slightly increased - from 84.4% to 87.4%. In other major economies in the world, namely the United States, Great Britain, India, China and Brazil, in 2023 this share on the contrary decreased. The main reason for the increase in the share of external attacks on the Russian infrastructure is the activity of hackers against the background of SVO.

A significant increase in the number of incidents and the volume of leaked information in the world is primarily associated with armed conflicts in Ukraine, the Middle East and Africa, which have fully spread to cyberspace. In particular, this caused the intensification of attacks and the active involvement of hacktivists - cybercriminals in them, who act primarily on the basis of political motives, attacking state organizations and commercial companies to inflict maximum damage on them. Often, as a result of such incidents, the stolen data does not go for sale, but is immediately laid out in the public domain, "said Andrei Arsentiev, head of analytics and special projects at the InfoWatch Group of Companies expert and analytical center.

According to the expert, the effectiveness of cybercriminals has significantly increased worldwide in 2023. In particular, this can be seen from the increase in the "weight" of the average leak: if in 2022, on average, 2.98 million personal data records accounted for one incident leading to an information leak, then at the end of 2023 the average leak amounted to 4.04 million records (an increase of 35.6%). At the same time, large leaks (from 1 million records) in 2023 accounted for 46.85 billion compromised records, which is 99.2% of the total volume of leaked information.

According to InfoWatch research, the vast majority of leaks (98%) occurred due to deliberate violations - primarily related to cyber attacks. According to analysts, this state of affairs has led to too strong focus of information security specialists on external attacks and some weakening of monitoring of personnel behavior within companies. This can explain the increase in the share of accidental violations among incidents of an internal nature - from 47.5% in 2022 to 55.6% in 2023.

Significant changes were noted in a number of other characteristics related to leaks. For example, studying the structure of compromised information by data type, analysts came to the conclusion that the share of leaks of information constituting trade secrets (strategic plan documents, production secrets, etc.) has significantly increased. In 2023, the share of this type of information almost tripled, reaching 33.1% (the level of 2022 was 12.2%).

In times of exacerbation of the situation in the world, theft of trade secrets becomes one of the priority goals of hackers, since it can be used to gain competitive advantages in key areas of industry, information technology, health care, etc. Also, this information often acts as an effective lever for blackmail, since it can undermine the stability of the business, depriving it of its achieved positions in the market, "said Andrei Arsentiev.

Among other things, the InfoWatch analyst report also noted changes in the distribution of information leaks by industry. Thus, the top three in terms of leaks in 2023 included trade organizations (13%), IT companies (12.6%) and the industrial sector (10.7%). As for the distribution of incidents by country, anti-rating is traditionally led by the United States - moreover, their share increased from 28% to 37.4%. This is primarily due to the presence in this country of many large commercial companies that are leading in their industries and therefore are a priority target for hackers.

Significant changes have also occurred in the structure of leaks by the size of organizations. So, if in 2022 more than half of the incidents occurred in large companies, then at the end of last year their share was only 35.5%. Thus, there was a redistribution of risks towards small organizations, the share of which in the total distribution of information leaks increased from 15.6% to 35.6%. Analysts note that this is due to the lower level of security of small companies and the lack of sufficient funds for many of them to strengthen information security. As a result, small businesses in 2023 became an easier target for attackers^[1].

Personal information of T-Mobile customers got into sharing

The personal information customers of the German telecom operator T-Mobile got into the public domain. In particular, names, phone numbers, addresses, data account balances, as well as information bank cards from the operator's clients were publicly available. This was reported on September 26 in the press service of the deputy. State Dumas RUSSIAN FEDERATION Anton Nemkin More. here

Unknown hacker stole data from Coinbase employees

Cryptocurrency the platform Coinbase reported that an unknown attacker stole the accounts data of one of the employees in an attempt to gain remote access to the company's systems. This became known on February 21, 2023. More. here

2022

Almost 30 GB of BRP data stolen by attackers

On August 8, 2022 BRP , the company announced that it had to cyber attack temporarily halted all of the firm's operations. The RansomEXX ransomware gang claimed responsibility for the attack. On August 23, the RansomEXX group published 29.9 GB of stolen BRP files on its onion leak site. Read more here.

Identity theft continues to be the most popular method of attack

Verizon's 2022 report into its investigation into data breaches said nearly 50% of all data breaches were due to identity theft. According to the same report, stolen credentials are most often used to attack web applications. Information about this appeared on August 16, 2022. Read more here.

RaidForums hacker forum for trading stolen databases closed

The US authorities blocked the work of RaidForums, a forum where stolen data was traded online. This is stated in a statement by the US Department of Justice, issued on April 12, 2022. The site was shut down by law enforcement agencies in the United States, United Kingdom, Sweden, Portugal and Romania in Operation TOURNIQUET, coordinated by Europol. Read more here.

2021

1729 cases of leakage of confidential data from companies and government agencies were recorded

On April 6, 2022, InfoWatch published a study of limited access information leaks registered in 2021 worldwide. In total, over the analyzed period, there were 1729 cases of leakage of confidential information from companies and government agencies in open sources, which is 28.1% less than in the same period in 2020 (2406 cases). 8.42 billion records of personal (PD) and payment data were compromised, which is 28.8% less than in 2020, when the number of leaked records amounted to more than 11.82 billion (according to updated data). The number of records also turned out to be less than in the abnormal 2019 indicator (15.1 billion), but more than in 2018 (7.24 billion).

In ^{2021, 1729 cases of confidential data leakage from companies and government agencies were recorded. Photo: advgazeta.ru.}

According to InfoWatch analysts, the decrease in the number of MEDIA leaks published in other open sources may be primarily due to the weakening of control over remote employees in a number of companies due to (pandemics hence the latency of internal leaks could increase) and the strengthening of organizational and technical measures in large companies to protect information infrastructure, including the implementation DLP of systems. In addition, among the reasons for the reduction in the number of leaks that have become known to the public, the authors of the report note the distribution of previously stolen databases of confidential data necessary to implement fraudulent schemes. In particular, using data from leaks of past years, the attackers arranged, phishing attacks exploiting topics related to payments for children, subsidies and other measures to support the population during a pandemic. An important factor in curbing the growth of detected leaks was also a development malware aimed primarily at blocking access to data or their enciphering for ransom, and not at stealing information.

As of April 2022, personal data remains the dominant type of information subject to compromise - each unit of confidential information about a person has a completely tangible material embodiment in the digital era. At the same time, we see a decrease in interest in payment information, which is associated with the growing security of the banking infrastructure and difficulties with the monetization of this information. At the same time, we note the attention to commercial secrets and know-how, which is obviously associated with increased competition in domestic and international markets. As for the industry specifics, the study confirms a decrease in the share of leaks in the financial sector and an increase in the number of leaks in industry. told Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies

At the end of 2021, incidents that occurred as a result of the actions of external violators amounted to almost 2/3 of the cases, which is a mirror picture compared to the one that was observed a few years ago, when the main sources of violations were employees. This may be due to the formation of a wide range of hacker groupings, an increase in the availability of malicious (ON including as the RaaS model develops - "malware as a service"). Probably, regulations adopted in foreign countries (for example, GDPR in countries), EU which prescribe mandatory notification of regulators about a leak as soon as possible, can significantly distort the real picture of violations - in such a situation, it is beneficial for many companies to blame hackers for everything, hiding, in particular, gaps in the organization safe remote work and protecting their image. As a result, the share of intentional cases among all registered leaks on a global scale continued to grow and reached 82%. The share of intentional internal leaks (due to the fault of employees) again amounted to more than 50%.

Despite the fact that in April 2022 Russia retains the second place after the United States in the number of leaks, in 2021 their number in Russia decreased by 40%. Thus, the share of leaks from the total number of detected cases in the United States is 41.8%, in Russia - 16.8%, in third place - the United Kingdom of Great Britain and Northern Ireland with a share of 4.9%. Stable providers of news about leaks in the world are those countries where legislation on the protection of information is developed, primarily personal data. First of all, we are talking about the United States and the European Union, where companies are legally obliged to disclose information about incidents to authorized bodies, and in case of concealment of leaks, they risk receiving huge fines.

The distribution by industry showed that the top three in terms of leaks consistently includes high-tech companies, organizations from the sphere health care and. public sector

The share of information leaks without using automation tools (data compromise as a result of theft or loss of paper documents, as well as as a result of theft or loss of storage) has more than tripled in four years - from 14.1% to 4.5%. This indicates an increasing digitalization of the world.

The main channel of leaks remains the Network - the compromise of data from corporate systems and cloud storage connected to the Internet.

It is believed that due to accelerated digitalization and the massive transition to remote work, the number of leaks should grow. But in 2021, we observed the opposite situation. Moreover, the reduction went both in the field of well-known cases - published in the media, in the reports of companies, CERT, etc., and when studying the offer market in Darkweb. It is worth noting that at the beginning of 2022 the number of leaks began to grow. We see that almost daily there are reports of attacks on well-known companies and hacks of large databases, which, obviously, is associated with current political and economic events in the world. Probably, the anti-globalization processes that have long emerged in the world will accelerate sharply, which means that the struggle of various centers of influence will provoke not only political and economic conflicts, but also cyber wars. Although the main attention of information security services is focused on monitoring external threats, in no case should we forget about the danger that unscrupulous or incompetent employees potentially pose to information assets. In addition, in the existing reality, threat vectors will probably continue to become more complicated: more and more often we have to talk about "hybrid attacks," when hackers resort to the help of insiders. Companies urgently need to solve the problem of protecting infrastructure in the context of combined work, which has become a familiar format around the world. told Andrey Arsentiev

The number of data breaches due to ransomware viruses in the world soared by 82%

In 2021, data breaches related to viruses extortioners increased by 82% compared to 2020. Such cyber security CrowdStrike data were presented by the American company in mid-February 2022.

Attempts at ransomware viruses rose 148% from 2020, the report said. At the same time, the average ransom amount increased by 36%, to $6.1 million. It is also noted in the report that not only data theft associated with redemption is becoming more and more common among hackers, attacks in themselves with redemption are becoming more and more frequent in general.

According to CrowdStrike Senior Vice President of Intelligence Adam Meyers, organizations need more than antivirus or malware protection. To stay safe, they need to implement a zero-trust network access system and strong identity authentication. Typically, a data breach occurs during the negotiation process, if a victim shows reluctance to pay a ransom or asks for more time, the attacker posts some of the stolen data online to put additional pressure on his victim, Myers said.

While many companies can now recover their data from a backup, reducing the likelihood of paying a ransom, the very fact of a data breach threat can change their thinking. Usually in 2013-2020, if a company or organization was hacked, the company itself decided when to notify its customers, shareholders and employees about this incident, and only depended on business leaders that the company wanted to advertise.

In 2021, the data breach resulted in such attacks on the National Rifle Association, Accenture and Quanta. CrowdStrike also tracks other cyber activities that relate to the field of using data as a weapon, including Iranian groups using buyout tactics that CrowdStrike calls blocking and leaking.^[2]

British Airways settled customer data breach case in 2018

On July 6, 2021, it became known that British Airways had settled a customer data breach case in 2018.

Customers and employees affected by the data breach will receive compensation.

In total, about 429,612 customers and employees were affected by the data breach. For two weeks, attackers stole the personal and bank data of users who ordered flights on the ba.com website or in the application from August 21 to September 5, 2018. Passport data and flight information were not compromised.

The terms of the settlement remain confidential. No recognition of the airline's responsibility for the incident was reported^[3] a^[4].

A file with more than 8 billion passwords was posted on the Web

On June 8, 2021, it became known that hackers posted a file with more than 8 billion passwords to the public. According to the profile portal CyberNews, the document has a volume of about 100 GB and contains over 8.459 billion lines, each of which is a separate password. This is the largest password leak in human history.

Distribution of the file began with an unnamed hacker forum. It was posted on the Web by a user under the pseudonym RockYou2021, and the file itself is called the same. Perhaps this is a reference to the RockYou leak that occurred in 2009. 12 years ago, the RockYou file also contained compromised passwords, but there were about 262 times less of them. It totaled 32 million lines.

According to the RockYou2021 himself, the file of the same name contains 82 billion passwords. Nevertheless, CyberNews specialists who have gained access to it declare that there are exactly 8.459 billion records. Among them are simple and complex passwords with a length of 6 to 20 characters, including complex combinations of letters, numbers and characters.

According to CyberNews estimates, the number of Internet users worldwide is in the range of 4.9 billion people. Based on this, the probability of finding a password in the list is high. The appearance of a RockYou2021 file in the public domain can cause significant damage to the privacy of users. Cybercriminals, for example, can combine 8.4 billion unique password options from this file with other data from similar databases that leaked earlier. These can be, for example, databases with email addresses. Also, this file can be used to create so-called "password dictionaries" that simplify brute-force attacks (hacking accounts using special software by brute-force passwords).

In the area of ​ ​ increased risk - users using the same password for a variety of services. CyberNews estimates that billions of users could face unauthorized access to profiles.^[5]

2020

Over 72% of user information leaks in the world are deliberately admitted

2020 led to an increase in the latency of information security incidents. As a result, 4.5% fewer information leaks from government organizations and commercial companies are registered in the world. At the same time, in 2020, the share of intentional leaks, as well as leaks due to the fault of external violators, increased sharply. Such conclusions are contained in the report of the expert analytical center GC InfoWatch, dedicated to the annual study of information leaks of limited access in the world, the results of which the company shared on July 16, 2021.

In 2020, the InfoWatch expert and analytical center registered (became known) 2,395 cases of limited access information leakage from commercial companies state bodies and organizations. This is 4.5% less than a year earlier, but 5.8% higher than in 2018. The main contribution to the decrease USA data in the number of leaks was made - there were almost 20% fewer cases of compromise over the year.

As a result of leaks that became public during the year, 11.06 billion records of personal data and payment information were compromised around the world, in particular, names and surnames, email addresses, phone numbers, passwords, information about the permanent place of residence, social security numbers, bank card details and bank account data. Thus, the total number of compromised records compared to 2019 decreased by 25.5%. As a result, the average leak became "lighter" by 22% - 4.62 million records in 2020, compared with 5.92 million records in 2019.

In our opinion, the drop in the number of registered (published) leaks is primarily associated with an increased level of latency of incidents during the pandemic. Hastily reorganizing the forms of implementation of many processes, massively transferring employees to remote work, in the spring of 2020, not all companies managed to quickly adapt information security systems to new realities. At the same time, we must not forget that a significant part of the cases of leaks becomes public not immediately after the incidents, but only after the publication of leaked data in the public domain or as a result of their sale. As a result, an even larger percentage of leaks than before could remain in the "gray zone," - comments Andrei Arsentiev, head of analytics and special projects at InfoWatch .

Despite the reduction in both the number of leaks and the total number of compromised user records, in 2020 there were more major leaks, as a result of each of which at least 1 million records were compromised. If in 2019 there were 169 such leaks, then in 2020 they were recorded 213 (an increase of 26%).

Excluding leaks of more than 1 million records, in 2020 each leak accounted for an average of 28.1 thousand records, while in 2019 such a leak accounted for an average of 19.9 thousand records. That is, the "typical" leak on average "heavier" by about 41.2%. By the way, in 2019, the average leak of less than 1 million records "gained weight" about 43% compared to 2018. Therefore, it will be interesting to see if such dynamics will continue in 2021.

Interesting changes have occurred in the distribution of information leaks by data type. The share of PD in the total distribution of incidents related to leaks over the year increased from 76.6% to 80.6%, and the share of cases of leakage of payment information decreased from 9.8% to 4.8%. Firstly, such dynamics is associated with the strengthening of the protection of the payment infrastructure and the fact that it is becoming more and more difficult for attackers to use the data of compromised cards. Secondly, the value of personal data is growing on the black market, criminals have quite large opportunities to extract profit from a personal information about a person: registration, credits receipt of benefits, sale of databases with personal data for electronic, marketing phishing blackmail.

In 2020, the main vector of leaks continued to shift towards the external offender. The actions of hackers and unknown persons from outside the information circuit of organizations led to 55.9% of leaks. Accordingly, 44.1% of leaks were provoked by various actions (and sometimes inaction) of personnel.

In 2019-2020, the amount of data compromised as a result of one leak caused by external impact decreased significantly. On average, 2.8 million compromised records accounted for one "external" leak in 2020. Probably, hackers have become more intelligible in their preferences and, having penetrated the company's network, are trying to steal the most liquid information.

At the same time, as a result of one data leak due to the fault of an internal violator, an average of 6.8 million records were compromised. This ratio is primarily due to the rapid development of cloud services and the accumulation of huge amounts of information in storage, which can leak due to the negligence of employees. We are talking primarily about incorrect storage settings in cloud services such as Amazon and MongoDB, as well as vulnerabilities on web services.

In 2020, 98.2% of records of personal data and payment information due to the fault of internal violators, that is, employees of companies, leaked as a result of accidental violations.

Such a colossal share should not be surprising: accidental leaks lead to the compromise of large, sometimes multimillion-dollar, databases - for example, due to incorrect settings of cloud storage or flaws made during the development of applications and websites. At the same time, willfully acting offenders usually target small segments with the most liquid data that can be quickly monetized on their own (in a banking industry) or profitably sold (for example, when a manager transfers the company's customer base to its competitors). Intentional violations by employees are, as a rule, theft (illegal use) of several tens or hundreds, less often - thousands or tens of thousands of PD records. Leaks of databases with millions of records as a result of deliberate actions of personnel occur very rarely, - explains Andrei Arsentiev.

In 2020, a surge in the share of intentional leaks was noted in all industries, which is primarily due to a significant increase in data liquidity during the pandemic: at that time, unscrupulous employees were actively looking for additional earnings, and hackers used the fact that companies in emergency mode changed the usual forms of implementation of processes and could at the same time weaken control of information assets. As a result, the total share of intentional leaks of user information reached 72.5%, while a year earlier it amounted to 60.2%.

InfoWatch analysts concluded that the last three years have continued to increase the number of intentional leaks, the share of personal data leaks and trade secrets, an increase in the share of the network channel simultaneously with a decrease in the role of paper documents and e-mail.

The number of information leaks in Belarus increased by 44%

For the period 2019-2020. on the basis of public messages, 24.4 thousand records were revealed, as a result of the leakage of which the personal data of Belarusian citizens were compromised. In 2020, the number of information leaks from authorities, state organizations and commercial companies in the Republic of Belarus (RB) increased by 44% compared to 2019. This was reported on February 18, 2021 by InfoWatch.

In 2019-2020 InfoWatch expert and analytical center registered 22 cases of limited access information leakage from Belarusian public sectors and commercial companies. In 13 incidents, they were compromised (personal data 59%), the remaining 9 (41%) resulted in the leakage of such information assets as trade secrets, state secrets, know-how and. payment data For two years, in 40% of cases, information leaks were provoked by the actions of external violators, in 60% - internal ones.

According to the authors of the study, "the increased number of leaks is primarily due to the political situation. The confrontation between the Belarusian authorities and the opposition resulted in rallies of citizens, where force was sometimes used. In turn, the opposition used data compromise as a means of combating the current government. About 1/3 of all known cases of data compromise were intentional leaks of personal data of Belarusian security officials. "

The wave of leaks provoked by political protests in the Republic of Belarus influenced the sectoral distribution of information security incidents over the specified time period - as a result of more than 45% of the recorded cases of leaks occurred in state organizations and law enforcement agencies. In the vast majority of incidents, ordinary employees became the main culprits of leaks related to the internal violator. Among all internal leaks, 75% are classified as intentional.

More than 86% of leaks in Belarus for 2019-2020. occurred through the Network and instant messaging services. At the same time, no leaks were registered through previously common information leakage channels - e-mail, equipment and paper documents.

The authors note that both in Russia and in Belarus, one of the main problems in the field of information security is associated with the protection, primarily of personal data and such information as commercial secrets, from internal violators. The structure of even a relatively small number of detected incidents - 22 cases in 24 months - indicates the urgent need to strengthen information protection both in the public sector and in a number of sectors of the economy of the Republic of Belarus.

Addresses of 270 thousand owners of Ledger wallets published on a hacker forum

The addresses of 270 thousand wallet owners Ledger are published on the hacker forum. This became known on December 21, 2020. More. here

Hackers stole emails from customers of Microsoft cloud services

Hackers stole emails from customers of Microsoft cloud services. This became known on December 25, 2020. Read more here.

Google Cloud has 131 of 2,064 databases configured incorrectly

In Google Cloud, 131 out of 2064 databases (bakets) are configured incorrectly, so their content is available to everyone. It is also not difficult to find them, special scanners have already been developed for this. This became known on December 9, 2020. Read more here.

Unsecured database reveals massive Facebook scam scheme

Security researchers from vpnMentor discovered in database Elasticsearch the public domain on the Web, which contained information more than 100 thousand hacked user accounts. social network Facebook This became known on November 17, 2020. More. here

Data of users of "Kiwi-taxi" were in the public domain

On August 11, 2020, it became known that the database of users of the online booking service "Kiwi-taxi" (kiwitaxi.com) was in the public domain. Read more here.

COVID-19 provoked about 3.5 million leaks in the world

On August 4, 2020, the expert and analytical center of the Civil Code InfoWatch published a study on the study of cases of leaks of confidential, information related coronavirus to infection -. In the COVID-19 first half of 2020, 72 cases of intentional or accidental leakage were recorded in the world and 25 in. Russia As a result of all the identified leaks, 3.43 personal data million people in the world and 35.5 thousand in Russia were compromised.

The study showed that the peak month for compromising confidential information was April 2020, both on a global and Russian scale, and to a large extent they concerned the compromise of data from patients with coronavirus. Almost half of all cases related to COVID-19 in the world came from medical institutions, they accounted for more than 43% of all leaks on the topic of COVID-19.

Unfortunately, an analysis of incidents for the first half of 2020 showed that the health sector was unable to ensure the protection of the fundamental artifact of the digital era - personal data of citizens, including information on the state of health protected by law. At the same time, leaks of information about patients and contact persons dealt a very serious blow to people. At "best," the victims of the leak were expected by the annoying attention of neighbors and fellow countrymen, at worst, sick citizens and persons with suspected coronavirus became objects of persecution and persecution, "says Andrei Arsentiev, head of analytics and special projects at InfoWatch Group of Companies.

For other industries, the types of compromised data owned by organizations have become characteristic. So, from state and municipal institutions, as a rule, the data of quarantined persons, contact persons, violators of the self-isolation regime were leaked. Research data on COVID-19 and information from population surveillance programs during quarantine were lost from the high-tech sphere, and the transport industry leaked passenger data with suspected coronavirus infection. The dominant type of data in all cases was data, in Russia they accounted for 100% of cases. Globally, 4.2% of cases led to the leak of government secrets, and 2.8% - trade secrets.

The main channel of information leaks related to the pandemic has become the network.

In 64.2% of cases worldwide, personal data related to the COVID-19 pandemic were compromised in the form of lists - individual documents, summaries, fragments of records. Violators photographed the lists, typed what they saw or heard on their devices, after which in most cases they distributed it through instant messengers or groups on social networks. A number of leaks occurred when the managers of organizations accidentally sent data to the wrong email addresses, - confirms Andrei Arsentiev.

The remaining share of leaks (35.8%) occurred as a result of hacking data warehouses, illegitimate access to them, accidental disclosure of information due to incorrect server settings or errors in applications.

Analysts came to the conclusion that the coronavirus pandemic highlighted a number of "pain points" in the organization of corporate information security systems. In particular, the low level of maturity of information security management processes in the medical sphere, as well as regardless of the country where the incidents occurred, in a number of municipal and state structures, was confirmed. Once again, messengers and staff access to corporate resources from personal devices have become one of the main channels of leaks.

Hackers gain access to the database of cryptocurrency wallet maker Ledger

Ledger, which produces hardware wallets for storing cryptocurrency, announced on its official website that the data of a million users was leaked. This became known on July 30, 2020. Read more here.

CloudFlare database leaked to the dark web with 3 million real IP addresses

On July 27, 2020, it became known that Darknet it leaked database Cloudflare from 3 million real IP addresses. More. here

Apple services tied to phone numbers, leading to data breaches

In the District Court of the Southern District of New York, a class action lawsuit was filed against Apple and T-Mobile for vulnerability in iMessage and FaceTime. This became known on July 7, 2020. Read more here.

The network published a database of millions of Telegram users

On June 24, 2020, it became known that Internet base information several million users were leaked. messenger Telegram More. here

Data 515 thousand servers, home routers and IoT devices were in the public domain

The cybercriminal posted publicly lists of credentials data Telnet for more than 515 thousand, servers home routers and IoT home devices. This became known on January 20, 2020. More. here

2019

In the field of retail, hospitality and catering, 300.5 million records of personal and payment data have been compromised

On August 27, 2020, InfoWatch published a report on leaks of confidential information from the retail, hospitality and catering sectors in 2019 (Retail & HoReCa). The authors of the study recorded 163 cases of limited access information leakage in the world, as a result of which 300.5 million records of personal data and payment information were compromised, including 9.3 million records in Russia. Almost 60% of the leaks of such information in the world occurred as a result of hacker attacks and the actions of unknown persons. At the same time, in Russia, ordinary employees (65% of cases) became the main culprits of leaks.

If on a global scale leaks from retail, hospitality and catering increased by 7.2% compared to 2018, then in Russia the number of leaks in this industry group increased by 33.3%. In 2019, leaks have occurred at high-profile retail, restaurant and hotel chains such as McDonalds, IKEA, Auchan, "Red & White," Ozon, Dunkin "Donats, HauteLook, Petflow, Gearbest, Moda Operandi , Tommy Hilfiger, Sephora, CafePress, Hate-Vory, Macy Group, Tesco, Mercy, Mercy The trade sector accounted for almost ¾ of all cases of leaks in the industry group under study, the second place was shown by catering - 21.5%, the third - by the hotel and restaurant business with a share of 4.9%.

According to Andrei Arsentiev, head of analytics and special projects at InfoWatch Group of Companies, "attention to the industry on our part is due to its high social significance. Most people in the world and Russia often visit shops, cafes, restaurants, constantly use delivery services, especially during a pandemic, stay in hotels on vacation or for work. Information processed by Retail & HoReCa - contact information, information from loyalty programs, payment card data, commercial information - is very liquid on the black market. Therefore, cases of leaks of personal and payment data for almost every citizen of a particular country are quite painful. Do not forget that Retail & HoReCa is one of the most developed, well-scaled and highly competitive industries, giving work to the general population. Globally, Retail & HoReCa has the highest share of payment data leaks of any industry at 31.3%. Tellingly, no leaks of payment information from the corporate circuit of this group were recorded in Russia last year. "

For 2019, the vast majority of PD and payment data records in the industry group under consideration were compromised in the field of trade, and only 2.5% accounted for the total of hospitality and catering. However, if we highlight the compromised payment information in the world (data of debit and credit bank cards), then the picture is different: the largest share fell on the catering sector - 54.3% of records, followed by retail with a share of 44.5%, in third place the hotel business - 1.2%. This situation may indicate serious gaps in the protection of the payment infrastructure by many participants in the catering market.

More than 56% of the global Retail & HoReCa leaks were caused by external impacts. In Russia, on the contrary, intentional violations of an internal nature prevail. This state of affairs in the domestic market testifies not only to the increased danger from personnel, but also to the relatively low demand for the information bases of the Russian segment of Retail & HoReCa by hacker groups. Both in the world and in Russia, the Network dominates among the leak channels in the Retail & HoReCa sector.

In the conclusions of the study, the authors note that the theft of payment information is the scourge of the catering segment in the world and, to a lesser extent, of global retail. A fairly high proportion of leaks in Russia associated with fraudulent actions, and a large proportion of deliberate violations by the personnel of the industry group under consideration, indicate that domestic retail needs to pay increased attention to information security.

As a whole, Retail & HoReCa organizations should expect both a more thorough construction of information processing processes at all stages of service provision, as well as the implementation of information protection systems, including DLP systems with predictive analytics modules for timely detection of anomalies in employee actions when working in automated systems of enterprises.

"In connection with the spread of the coronavirus, in 2020, a colossal load fell on remote customer service channels, respectively, a sharp tilt towards accepting non-cash payments was noted. Therefore, by the end of this year, we can expect significant changes in the structure of leaks in the Retail & HoReCa group, and to a greater extent this applies to retail trade and the catering sector, especially the grocery delivery segment and ready-made food, "concluded Andrei Arsentiev.

InfoWatch: The number of compromised data in the world has doubled

On July 17, 2020, the InfoWatch Group of Companies expert and analytical center published the results of an annual study on leaks of confidential information in the world. In 2019, 2509 data leaks were recorded from commercial and government organizations located around the world, as well as authorities. Compared to 2018, the number of leaks increased by 10.8%.

Personal data (PD) and payment information totaled 86% of leaks. In total, 14.8 billion records were compromised, which is more than double the number of leaked PD and payment data records in 2018.

The authors of the study state that in 2019 a number of leaks were registered that affected the full population or at least the majority of residents of individual countries. Similar "leaks of a national scale" were recorded Ecuador in (20.8 million records), in (To Canada 15 million records), in (Chile more than 14 million records), in (5 Bulgaria million records). In 2020, cases of compromise of huge ones were identified. In statedatabases particular, information appeared about the leakage of personal data of all citizens, Georgia as well as personal information of citizens Israel with the right to vote.

the increase in the volume of data compromised as a result of leaks naturally affected the growth of the "power" of the leak, i.e. the volume of records per case of intentional or accidental compromise of data. So, in 2019, as a result of one incident, an average of 5.92 million records were compromised, which is 84% more than a year earlier. In our opinion, this is explained by the development of digital services and, as a result, the growth of digitalization in most sectors of public administration and the economy. Also, the development of the practice of attracting third-party contractors by organizations to work with accumulated data - for calls, marketing campaigns, data mining, etc., led to an increase in the volume of compromised records.

The leaks provoked by internal violators led to the loss of 9.8 billion records, which make up 67.6% of the total array of leaked information. Accordingly, as a result of the actions of external violators, about 4.7 billion records were leaked, or 32.4% of the total volume of compromised records. In 41% of the leaks, the culprits were the current employees, in 2% - the management of the companies. Another 4.6% came from contractors, 2.1% of incidents were initiated by former employees, and 0.3% by system administrators. Almost half of the leaks - 49.7% - occurred as a result hacker attacks of other actions from outside. Compared to 2018, there was an explosive increase in hacker activity. As a result, the number of detected cases of leaks caused by external intruders increased by more than 45%.

The authors of the study highlight banks and the financial sector, government agencies and law enforcement agencies as the most attractive industries for internal violators, which is explained by the high liquidity of the data processed in these verticals. {{quote 'The decisive factor that provokes an unscrupulous employee to a crime is the comparative ease with which stolen goods can be "monetized." The most obvious way to "monetize" is to sell the stolen information to the closest competitor of his employer, "notes Andrei Arsentiev. }}

At the same time, HoReCa segment companies (hospitality and catering), medical and educational organizations remain the most in demand for an external violator .

The authors of the study came to the conclusion that in 2019 there were almost a third more violations provoked by deliberate actions of personnel in order to benefit from the use of trusted employees of customer personal data arrays, information of the "commercial secret" category and other information assets. Also alarming is the avalanche-like rise in leaks from misconfigured cloud storage. Largely because of this, the number of PD records and payment information leaked as a result of the actions of internal violators doubled the number of records stolen by external attackers.

InfoWatch: 13.7 billion personal data records compromised in the world over the year

On May 28, 2020, the expert analytical center of the InfoWatch group of companies presented a study of the structure of personal data leaks (PD) in the world and in Russia for 2019. It turned out that in the total total of registered leaks, the share of intentional and unintentional leaks of PD as the main type of confidential information in the world amounted to 74.8% of cases, and in Russia 85.2%. The total number of compromised personal data records for the year is more than 13.7 billion units: names and surnames, email addresses, contact numbers, information about the permanent place of residence, social security numbers. Thus, the number of compromised records of personal information almost doubled the world population, that is, many people have repeatedly become victims of PD leaks due to the fault of external intruders and personnel of various companies.

As part of the study, the InfoWatch expert and analytical center studied 1,748 cases of personal data leaks from commercial companies, government agencies and organizations registered around the world, including 322 leaks in Russia. For the final classification, only the main types of data were selected that relate to the person's personality, his main documents as a citizen, specialist and owner, as well as contact information and medical care. Comparison with 2018 showed an increase in PD leaks by 22.5% in the world and by 56% in Russia. At the same time, the share of intentional PD leaks in the world in 2019 amounted to 60.2%, in Russia 48.6%.

According to Andrei Arsentiev, head of analytics and special projects at InfoWatch Group of Companies, "it is noteworthy that telephone numbers, including call details, and passport data, are significantly more common in Russia than in the world - each of these types can be found in more than 30% of leaks. This situation is associated, on the one hand, with the high liquidity of contacts, information constituting the secret of negotiations, and information from official documents on the black market - such data are quite easily converted into "real money." This provision also indicates an insufficient level of security for storage facilities with telephone numbers and passport data in Russia. These types of data are vulnerable primarily to internal threats. " At the same time, on a global scale, addresses, dates of birth, email addresses, credentials (passwords) and key taxpayer identifiers - SSN numbers in the United States and their counterparts in other countries - are "leaked" significantly more often than in Russia. Foreign internal violators are several times more likely than their Russian "colleagues" to steal medical information. Patient data are considered one of the most popular on the black market in a number of countries, especially in the United States, where insurance medicine is developed. The price of one record from a clinic can be hundreds or even thousands of dollars.

Among the channels of leaks in the world, the Network dominates, it accounts for more than 60% of leaks in Russia and almost 70% in the world. At the same time, in Russia in 2019, the share of leaks through instant messaging services increased sharply. So, this channel accounts for almost a quarter of registered leaks of a deliberate nature.

InfoWatch noted that in Russia through the email channel in 2019, PD leaks occurred quite rarely. This is true for both intentional violations and accidental leaks.

"Apparently, domestic companies and government agencies have learned to control electronic correspondence through their servers using DLP. Attempts to transfer sensitive data are blocked with a high degree of reliability. In addition, violators, having learned about the leak prevention system installed in the company, do not risk transferring internal information through protected channels, " noted Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies

As a result of the study, experts conclude that in the digital era, each unit of information about a person has acquired a very real, tangible value, and personal data leaks are increasingly hitting organizations, especially the commercial sector. Each such incident is fraught with the fact that personal data will fall into the hands of competitors or fraudsters. As a result, there is an outflow of customers from companies, many people become victims phishing of attacks, during which scammers use those obtained from databases with leaks. personal data In addition, the leak is a potentially powerful blow to business reputation and likely fines from regulators, primarily in the United States and countries. European Union

InfoWatch: More than 98% of user data within companies leaks as a result of accidental violations

On April 17, 2020, the expert and analytical center of the InfoWatch group of companies reported the results of a comparative study of information leaks caused by the fault or negligence of personnel of commercial companies for the period from 2013 to 2019. In the report, the authors of the study presented both a retrospective and an up-to-date picture of incidents related to leaks due to internal violators, outlined the trends and vectors of the possible development of this type of threat.

In 2019, due to the fault of internal violators (ordinary employees, managers, system administrators), 53.7% of all leaks registered by the InfoWatch Group of Companies expert and analytical center occurred. This is less than in 2018, when internal violators provoked 61.6% of all leaks by accidental or deliberate actions. At the same time, the volume of compromised data records as a result of internal violations increased 3.6 times and amounted to more than 9.87 billion records.

Based on one leak for internal violators, an average of 7.3 million records were compromised. This indicator records the total number of compromised records related to personal data and payment information. These types of data characterize a high ability to formalize: they are easily machinable and, as a result, leaks of such information are more often detected by means of control. A significant increase in leaked records is largely due to the failure of employees to comply with the rules for working with protected data, or, more likely, with the desire of a number of companies to maximize the usefulness of corporate data for their further "enrichment," which sometimes involves access to data from a long chain of partners. Often this practice turns into human mistakes. So, in 2019, 58.1% of cases of data compromise in companies and government agencies were unintentional. At the same time, as a result of internal accidental leaks, more than 98% of all user data records (personal and payment data) leaked.

In the case when the leak occurs by malicious intent, the amount of stolen information (by the number of records) is usually relatively small - only really liquid information, including those related to the category of "commercial secret." It is worth noting that intentional leaks, which are trade secrets, are present in all sectors of the economy, but most often happen in the field of IT, telecommunications and industrial companies. No less interesting is the distribution of accidental internal leaks - medical organizations are ahead, where the number of recorded leaks has been steadily growing for many years, notes the leading analyst of InfoWatch Group Sergey Khairuk

It is worth noting that 80% of trade secret leaks provoked by internal violators are intentional. At the same time, leaks of personal data in most cases (70%) are unintentional.

The authors of the study draw attention to the development of the trend of growth of various types of leaks through network channels. In such incidents, there are practically no restrictions on the amount of data that can be compromised. However, it is worth noting that any channel of information transmission is potentially dangerous, and even a small leak poses a threat to business - from reputational losses and a decrease in customer loyalty to penalties for regulators and compensation for class actions. Therefore, the company should seriously think about ensuring full protection of corporate data from both external and internal threats.

218 leaks of confidential information in the financial sector recorded in the world

On February 20, 2020, the expert and analytical center of the group of companies InfoWatch published the results of a comparative study of leaks information from organizations in the financial sphere. The study was prepared to identify the dynamics of processes characterizing the global, industry and regional picture of incidents related to information leaks. In 2019, the volume of leaks personal data and payment information compromised as a result of negligence or illegal actions of personnel, banks insurance companies, other organizations of the financial segment, as well as as a result of the activity of external intruders increased more than 27 times (). In the hacker attacks aggregate of all these actions, more than 1.04 billion user records (personal data and payment information) were compromised over the year.

According to experts, in 2019, 218 leaks of confidential information in the financial sector were recorded in the world, which is 7.9% more than a year earlier. This number of incidents is 8.7% of all leaks registered in the world in 2019. In 2018, the share of leaks from financial companies in the total distribution was slightly higher - 8.9%. Experts explain this by the fact that "over the past year, the number of leaks in state and municipal organizations, as well as in industries such as industry and transport, has grown at a faster pace."

In Russia, the number of leaks from the financial sector in 2019 increased by 57.6%, and their share is 13.2% of the total number of leaks recorded in the country.

{{quote 'author = notes the leading analyst of InfoWatch Group Sergey Khairuk' The obvious difference in the dynamics of Russian and world leaks from financial segment organizations is explained, on the one hand, by the relatively low "base" with which the number of leaks in Russia is "growing" - leaks from banks and insurance companies until recently were recorded and published infrequently. On the other hand, Russia is showing more intensive growth compared to the world largely due to increased public attention to leaks in the financial sector. }}

The financial sector traditionally has a high share of leaked payment data, that is, bank card information required to make transactions. In the world, among all compromised records from the financial sector, it is 26.1% in the world. In Russia, this share is almost half as low and amounts to 13.5%. Leaks of information containing personal data for financial and insurance companies on a global scale amounted to 64.5%, and in Russia this figure was 12 percentage points higher. The report notes that in less than 10% of cases of leaks in the global sphere of finance, information constituting a trade secret was compromised.

InfoWatch analysts concluded that the bulk of leaks in the financial segment occur as a result of deliberate actions or negligence of the internal violator. This situation is typical both for the world as a whole and for Russia. However, it is worth noting that among the registered cases, the share of data leaks due to the fault of an external attacker (hacker attacks and other actions of unknown persons) in the Russian financial segment is more than four times lower than on a global scale. At the same time, if in the total body of industries around the world the share of leaks due to the fault or negligence of an internal violator has decreased in recent years (2018 - 61%, 2019 - 54%), then in the financial sector there is an increase - 45% in 2018 against 63% in 2019.

The main channel of data leakage remains the network. This channel in the financial segment accounts for 83.2% of all leaks, and it grows from year to year.

The authors of the study say that the nature of leaks in the field of finance strongly depends on the technical means used by organizations. The vast majority of leaks occur due to insufficient control of confidential information, as well as due to non-compliance with the rules for working with protected data.

More than 85% of data record hacks involve misconfiguration of cloud servers and other systems

On February 11, 2020, the company IBM published the annual IBM X-Force Threat Intelligence Index 2020, which showed how methods have changed cybercriminals over several decades of illegally accessing billions of corporate and personal records and exploiting hundreds of thousands of vulnerabilities in software. According to the study, 60% of primary intrusions infrastructure into victims were carried out using previously stolen credentials data and known vulnerabilities, which ON made it possible to to malefactors rely less on deceiving users to get access to the data.

IBM's analysis showed that of the reports on more than 8.5 billion hacked records in 2019, 7 billion, that is, more than 85%, were associated with incorrect configuration cloudy servers and other incorrectly configured systems. This is a striking change from 2018, when the corresponding figure did not exceed half of all hacked records. More. here

Black Market Medical Data Costs More Banking

Medical data on the black market costs more banking. This was reported in December 2019 at Kaspersky Lab.

According to experts, more and more ads will appear on the darknet for the sale of medical data, including from medical records and insurance policies, since such information is considered a valuable resource for attackers. They can use meddata to enter into trust in users, deceive them themselves or their relatives.

Access to electronic medical record data may be interesting not only to steal them. For example, hackers can make changes to them in order to carry out targeted attacks and deliberately make it difficult to make diagnoses.

Kaspersky Lab notes that medical companies are increasingly becoming victims of ransomware. This happens for two main reasons:

• insufficiently serious perception of risks associated with digitalization in the health care industry;
• lack of due attention to the issues of training employees in basic cybersecurity skills.

From the beginning of 2019 to December, every fifth device was attacked in medical organizations around the world. According to Kaspersky Lab forecasts, the number of such attacks will grow, especially in developing countries, where the process of digitalization of such services is just beginning. In particular, there will be more and more targeted attacks using encryption programs that lead to a loss of access to internal data or resources. This is fraught with irregularities in the diagnosis process and even depriving patients of the care that is required immediately.

The study also refers to an increase in the number of attacks on research medical institutions and pharmaceutical companies. So, in 2019, 49% of devices in pharmaceutical companies were attacked.^[6]

InfoWatch: Global data breaches increased 3-fold in the first half of the year

On November 22, 2019, the company's think InfoWatch tank published the results of a global study of confidential information leaks in the first half of 2019. During this period, analysts registered 1276 cases of confidential information leaks, of which 55.6% occurred as a result of internal violations, and 44.4% due to external impact. The total number of compromised user records data exceeded the figure for the first half of 2018 by more than 3.6 times and amounted to 8.74 billion records.

"Reports of major incidents involving leaks of restricted information appeared in the media on an almost daily basis during the period under investigation. Moreover, companies of various scales suffer from violations. Often we are talking about such global brands as Airbus, Apple, Facebook, Samsung. Compared to the same period last year, the increase in leaks of confidential information amounted to 22%, and the damage in some cases can be estimated at hundreds of millions of dollars, " noted Sergey' Khairuk, lead analyst at InfoWatch GC '

According to the results of the study, the number of [["" (more than 10 million compromised records per incident) has doubled (41 cases were registered in January-June 2019). In total, such leaks accounted for 97% of the total volume of compromised records. At the same time, the nature of damage from data compromise does not directly depend on who provoked the leak - an internal intruder or an external attacker.

"Internal leaks are harder to warn than external leaks. As a rule, as a result of an external leak, a set of homogeneous data is compromised. Leaks provoked by internal intruders are not always limited to compromising one system, they can be multidirectional and multilevel in nature, " noted Sergey Khairuk, lead analyst at InfoWatch GC

In 47.6% of cases, the culprits of the leaks were real or former employees, the main motive for whose actions was self-interest. The share of leaks of personal (74.3%) and payment (10.8%) data amounted to 85.1%. The distribution of intentional and accidental data leaks by channels is characterized by the dominance of the Network: 87, 4% and 58.9%, respectively. The share of the "paper" channel is gradually decreasing, thanks to the "digitalization" of processes.

According to the study, the most "attractive" for attackers were high-tech companies and enterprises of the HoReCa segment (hospitality, trade, catering). They also demonstrate the largest amount of compromised data. At the same time, more than 60% of personal data leaks in these companies were intentional.

Analysts concluded that the tightening of regulatory policies of various states has not yet had a significant impact on the global picture of data leaks. At the same time, there was some lag in ensuring information security, and in the near future, among corporate threats, the first violin will be played precisely by deliberate cases of data compromise. Protection of personal data has become relevant for commercial and non-commercial companies. In the current realities, special attention should be paid to countering deliberate leaks. The behavioral factor should be put at the forefront, taking into account the peculiarities of the type of information being protected.

National Association of US Industrialists hacked by Chinese hackers

In the summer of 2019, the network of the National Association of Manufacturers (NAM) of the United States was subjected to a cyber attack allegedly carried out by a cybercriminal group sponsored by the Chinese government. This became known on November 14, 2019. Read more here.

Companies from technology, finance and healthcare are leading in the number of stolen data records

On October 30, 2019, it became known that specialists from ImmuniWeb conducted a study on the rapid increase in the number of data leaks from global corporations. To that end, they analyzed the quality and amount of darknet-accessible credentials stolen from Fortune 500 companies from 10 different industries.

Using OSINT (Open Source Intelligence) technology, specialists scanned public places and resources on the TOR network, various web forums, Pastebin, IRC channels, social networks, messenger chats and other platforms for selling or distributing stolen data.

In total, the researchers identified more than 21 million credentials belonging to Fortune 500 companies, of which more than 16 million were stolen in the last 12 months. 95% of credentials contained passwords that were unencrypted or hacked by attackers.

The most popular sources of data leaks were third parties (for example, websites or other resources of third-party organizations), trusted third parties (sites or other resources of partners or suppliers) and the companies themselves (own websites or resources).

In terms of the number of stolen data, companies are leading in technology (5,071,144 stolen data), financial industry (4,915,553) and in the field (health care 1,923,340). As the results of the study showed, most often weak passwords were used in the retail sector (trade 47.29% of weak passwords), (telecommunications 37.57%) and industry (37.36%).

Among the 21 million accounts, researchers found only 4.9 million unique passwords, indicating that many users use identical or similar passwords. Most often, simple passwords are used in the technology industry (passw0rd, 1qaz2wsx, career121, abc123 and password1), in the financial (456a33, student, old123ma, welcome and 123456) and healthcare (Exigent, password, pass1, 000000 and 123456).

Approximately 42% of stolen passwords are somehow associated either with the name of the victim's company or with a hacked resource, which increases the efficiency of password brute-force^[7] in^[8].

The correspondence of millions of users of "Chinese Tinder" was in the public domain

On August 13, 2019, Zecurion announced that personal photos and correspondence of users of the Sweet Chat service, the Chinese analogue of the popular Tinder application, were stored on unprotected servers, which anyone could access. Darryl Bourke, a cybersecurity specialist and author of the Respect My Securitay blog, writes about this. Read more here.

2.16 billion user data records compromised in Q2

July 18, 2019 InfoWatch reported the results of the second quarter of 2019 in terms of leaks confidential information from organizations and identified the largest incidents. The study is based on messages from MEDIA other open sources in April-June 2019. In commercial state-owned companies and around the world, almost 28% more leaks of confidential information are registered than in the same period in 2018, InfoWatch analysts calculated. In total, 2.16 billion user records were compromised during the period under review, which is data more than double the figure for the second quarter of 2018.

In the second quarter of 2019, the share of intentional incidents increased from 50% to almost 60%, external attacks - from 34.5% to 40.6%.

The results of the second quarter as a whole confirm the trend seen at the beginning of the year for an increase in the number of deliberate violations and external attacks, as well as for more intensive compromise. personal data At the same time, three quarters of all user information (by the number of records) from companies leaked as a result of accidental violations. The largest unintended leaks occur through vulnerabilities on sites and unprotected, cloudy storages

The Network remains the dominant leak channel. Its share was 68.2% (61.2% in the second quarter of 2018). More than 14% of incidents leaked through email, approximately 7% through paper documents, about 5% through PCs and removable devices. Another 5.5% of reported leaks occurred through mobile devices and instant messaging services.

In the second quarter of 2019, hackers and unknown persons became the main attackers - they accounted for 46.6% incidents related to leaks of confidential information from organizations. This is almost 6 percent higher than in the same period in 2018. The share of ordinary employees among violators decreased from 52.4% to 45.7%.

Of the most noticeable changes in the second quarter in the sectoral context - from 15.5% to 23.8%, the share of leaks from state and municipal organizations increased.

The largest user data leaks from organizations in the second quarter of 2019:

The market leader mortgage insurance USA , First American, compromised about 885 million client records due to a vulnerability on its website. Using URL any document, many other records over a 16-year period could be viewed by changing the numbers. Bank account numbers, social security numbers, driver's license information, records of mortgage payments and taxes, internal corporate documents (if the participant in the transaction is engaged in small business) and other personal information about buyers and sellers of real estate were leaked.

In May, researcher Bob Dyachenko discovered an open cloud server MongoDB DBMS with personal data of 275 million citizens (India approximately 20% of the country's population) on the Web. In particular, information such as names, gender, e-mail mobile phones , employment and income information numbers leaked. Before to identify the owner of the database had time, after a while the specialist stated: the storage was hacked by hackers. These were cybercriminals from the Unistellar group. They erased all data from the server and left a note with contact information, hinting at the possibility of repurchasing the data.

A huge database of subscribers to the popular TrueCaller application is put up for sale in Darknet - only about 140 million accounts. For the entire data package, unknown persons want to receive 25 thousand euros. Cybersecurity experts say that such a base cannot be assembled manually, so we are most likely talking about hacking the application. This is also suggested by the fact that a dangerous vulnerability was previously discovered in TrueCaller to extract data about any subscriber.

The hacker, who received worldwide fame at the beginning of the year, under the pseudonym GhosticPlayers, hacked a the Australian graphic design service in May. Canva The data of approximately 139 million users became the prey of the cybercriminal. Information such as full usernames, their real names, email addresses, and in some cases also information about countries and cities of residence were stolen. In addition, 61 million hashed, passwords protected algorithm bcrypt, which is considered one of the most reliable, were in the compromised database. Also, tokens were presented in the storage, with the Google help of which users could enter the site without a password.

The Indian search engine JustDial compromised the information of more than 100 million people due to a serious security breach. From the search engine database, information such as usernames, email addresses, mobile phone numbers, gender, home addresses, photos, work information, and occupation were available through the URL. In addition, JustDial kept its search history - based on it, advertisers could formulate targeted offers without the consent of users. The problem was identified in April 2019, but according to the researchers, information through an unprotected API could be extracted from mid-2015.

Hackers hacked three antivirus companies in the United States

On May 12, 2019, it became known that data belonging to three American manufacturers of security solutions were put up for sale on the Web.

Cybercriminal the group, believed to Russian be of origin, put up for sale information stolen from three American manufacturers. anti-virus ON We are talking about a group called Fxmsp, which has long specialized in selling genuine corporate data. According to INFORMATION SECURITY the company Advanced Intelligence (AdvIntel), illegal business brought cybercriminals about $1 million.

Fxmsp has existed since 2017 and is well known in cybercriminal forums. According to AdvIntel, the group includes Russian and English-speaking hackers. The main target of cybercriminals is government agencies around the world, from which they steal confidential information. The sale of stolen data is carried out through a reliable network of trusted intermediaries.

As a rule, Fxmsp penetrates corporate networks through externally accessible servers RDP and unprotected active directories (). active directory In addition, cybercriminals have created a botnet that can buy the necessary credentials from victims.

In March 2019, Fxmsp announced that they had at their disposal the data of three large manufacturers of security solutions from the United States, including the source codes of antivirus products, Artificial Intelligence and security plugins. For providing access to corporate networks and stolen information, the group asks for more than $300 thousand.

Cybercriminals do not share the names of compromised companies, but provide indicators to identify them. Fxmsp also offers "screenshots of folders with 30 terabytes of data supposedly extracted from corporate networks." The folders contain documentation on development, artificial intelligence models, security solutions on the Web, as well as antivirus software code ^[9].

Every two out of three hotels transfer personal data of guests to advertisers and analytical companies

In mid-April 2019, antivirus manufacturer Symantec published the results of a study according to which every two of three hotels inadvertently transfer personal data of guests to third-party firms, including advertisers and analytical companies. here.

Leak of 30 billion personal data records over the past 12 years

On January 28, 2019, the analytical center InfoWatch prepared a special digest dedicated to the International Day for the Protection of Personal Persons. data

The event dates back to April 26, 2006, when the Committee of Ministers of the Council of Europe established a special date in honor of the signing on January 28, 1981 of the Convention on the Protection of Persons in Connection with Automated Data Processing.

The International Day for the Protection of Personal Data is intended to draw public attention to topics such as the protection of personal information, privacy, as well as the principles of storage, processing and transfer of personal data.

In the 12 years since the first day of personal data protection, InfoWatch has registered 14.3 thousand leaks of confidential information from commercial companies and government organizations. More than 11 thousand leaks (78% of the entire database) are associated with cases of compromise of personal data: full name, addresses, email, passport data, education information, income information, health information, political and religious views, nationality, biometric data.

Despite the efforts made by state regulators, business and public organizations, it has not yet been possible to stop the avalanche of leaks in the context of mass digitalization. In total, since 2007, as of January 2019, more than 30 billion personal data records have leaked, including more than 20 billion over the past two years.

Even a small data breach can have a major impact on the organization. The main negative consequences are a drop in the stock price, a crisis in investor confidence and a blow to the reputation in the market. In addition, the company may face regulatory sanctions (large monetary fines, mandatory audits, modernization plans infrastructures INFORMATION SECURITY , etc.) and class action lawsuits from people whose data it could not protect from leakage.

For the subjects of personal data themselves, the consequences of leaks can also be quite painful. Much depends on the type of information that is compromised and the amount of information that is compromised. For example, if someone leaked a person's email address to unscrupulous advertisers, then only receiving spam will most likely become a negative consequence for the user. In the same case, if the attackers have a large range of personal information about an individual subject, then the risk of fraud is great. Criminals can perform certain actions on behalf of the person whose information they have taken possession of, forgery and credit fraud are also likely.

2018

Former Cisco employee admits to deleting 16,000 Webex Teams accounts

Former Sudhish employee Cisco Systems Kasaba Ramesh admitted to hacking cloudy infrastructures Cisco and deleting 16 thousand accounts Webex Teams in 2018. This became known on August 28, 2020. More. here

40% of leaks occurred from cloud storage of high-tech companies

On April 25, 2019 InfoWatch , he said that according to the results of his global study MEDIA in 2018, 70 leaks of confidential data and cloudy servers other unprotected storages information with access through were recorded in other open sources in the world. This is one and Internet a half times more than a year earlier. More than 40% of incidents in 2018 came from cloud storage owned by high-tech companies.

High-tech companies are most susceptible to modern trends and willingly transfer their bases to external storage facilities. Unfortunately, administrators and engineers do not always take into account all information security rules when working with cloud servers, hence the frequent cases of leaks. As a result, about 90% of the total data leaked from unprotected servers in 2018 fell on the high-tech industry. Also in 2018, the share of leaks from servers belonging to medical organizations and educational institutions increased. The share of leaks from the financial sector, industry and the public sector, on the contrary, has decreased.

In 2018, about 1.3 billion records leaked from open servers, and 440 million records were lost as a result of the largest incident.

The distribution of incidents by data type, as well as a year earlier, is dominated by personal data - 80% of cases. In an equal share, 9.2% of cases are leaks of payment information, as well as commercial secrets and production know-how.

File:Распределение утечек из облачных серверов по типу данных.jpg

More than a quarter of all known cases of cloud data leaks in 2018 came from Amazon S3 object storage. In 2018, the number of leaks from Mongo DB servers increased sharply - from 6% in 2017 to 15.7% of incidents. In addition, there are a large number of cases of compromise of data stored on the Elasticsearch and Apache platforms, as well as when using file hosting Google Drive. The share of leaks in the backup process has decreased by about three times, and when working with GitHub repositories - by seven times.

File:Скомпроментированные хранилища данных.jpg

Some criminal groups are specifically probing cloud resources for vulnerabilities, according to the report's authors. For example, in the fall of 2018, a malicious Mongo Lock campaign was identified: attackers, using special scripts, search the Internet for unprotected Mongo DB databases, then connect to an open server, copy the data and delete it from the found storage. At the site of the remote base, fraudsters leave a file where they make an entry demanding a ransom.

A leak from an unprotected server is a vivid example of how one error can cross out the long work of an entire corporation. To avoid enterprise data leaks through the cloud, companies must not only improve the skills of system administrators and users, but also regularly audit their information assets and use access control tools. Help companies with Content Discovery class tools and related DLP system modules. Such solutions allow you to monitor data stored on various resources, find unprotected information stores of limited access, signal security officers about violations of policies set by the organization data storage and take action to eliminate identified violations.

Every ninth confidential data leak occurs through paper documents

On April 22, 2019, the InfoWatch Analytical Center presented a digest of confidential information leaks on paper. In organizations around the world, the share of information leaks through paper files in 2018 increased from 8.2% to 11%. At the same time, the share of "paper" in the distribution of leaks as a result of accidental actions of personnel increased from 13.5% to 17% compared to 2017. In the aggregate of intentional leaks, this channel increased its share from 4% to 4.9%.

The high percentage of leaks through paper documents only at first glance looks unexpected. In fact, this fact is not surprising, since a significant part of corporate document management around the world is still carried out in a non-electronic form. But the most important factor is that many companies and government organizations do not always comply with the rules for handling paper media.

In 85.6% of cases, personal data was compromised through paper documentation, and in 7.4% - payment information. State secrets accounted for 4.6% of leaks, information from the category of trade secrets and know-how - 2.4%.

Approximately every third (32.6%) "paper leak" occurs in medical institutions, and the share of state (20.9%) and municipal organizations (11.3%) is also high.

The largest leak of confidential information from paper media occurred in California. Criminals broke into the door of the social security department of people with disabilities in the development^[10], entered the premises, dug through many documents and started a fire to destroy evidence. According to officials, attackers could gain access to personal data of about 600 thousand people.

The most common scheme for compromising personal data through paper is associated with the violation by organizations of the rules for writing off and destroying documents. There are especially many violations of this kind in Russia.

For example, in Novosibirsk, the boxes of the closed management company were put up for the trash can^[11]. Payments with the names and addresses of tenants were compromised.

The fact that information security in our time is not only digital makes you think about the incident in the Australian chain of stores Big W^[12]. A network technician, wanting to demonstrate to the customer the performance of the printer after repair, accidentally put documents with confidential data of several dozen people in a stack of printouts. Personal information of about 3,700 patients in the US state of Michigan could have been compromised during incorrect mailing. The local bureau for the development of medicine found that due to errors in the processing of source information, some of the envelopes were sent to incorrect addresses. In addition to patient names and home addresses, phone numbers and email addresses have leaked in some cases.

Reduce user data leaks by 2 times

On April 2, 2019, InfoWatch reported that according to the results of a global study by the InfoWatch Think Tank in the world in 2018, 2263 public cases of leakage of confidential information were registered. In 86% of incidents, personal data (PD) and payment information were compromised - only about 7.3 billion user data records against 13.3 billion data records a year earlier. In 2018, the volume of data compromised as a result of leaks from high-tech organizations , the financial, credit and insurance sectors, as well as industrial enterprises significantly decreased .

According to the company, the most attractive for attackers are data from financial, credit and insurance organizations, where about 65% of leaks were committed deliberately. High interest recorded violators to information from industrial and transport systems, trade and HoReCa companies, as well as high-tech business - more than half of the leaks in these industries were intentional.

High-tech companies, as well as trade enterprises and HoReCa, medical and municipal institutions remain the "leaders" in terms of the volume of leaked user data - they accounted for 70% of the annual volume of personal information leaks in the world.

High-tech companies, as in 2017, accounted for about 30% of the global volume of user information leaks. At the same time, the average capacity of incidents in the high-tech sector has more than halved - to 9 million data records per leak in 2018.

The reduction in the volume of leaks of information about users was also noted in the financial, credit and insurance spheres, industrial and transport enterprises. The volume of data leaks from financial and insurance companies decreased four times, and the average leakage capacity in this area decreased from 840 thousand to 190 thousand data records. The volume of data records compromised as a result of leaks from industrial and transport enterprises decreased seven times, their capacity was less than 100 thousand records.

Large data arrays - more than 18% of the volume of leaked information, lost trade organizations and HoReCa, the average power of leaks in retail amounted to 430 thousand data records. The shares of medical and municipal institutions increased to 12% and 9% in the global traffic of PD leaks and payment information. On average, each leak from municipalities led to the compromise of 400 thousand data records, while the medical sector is characterized by a lower power of incidents - about 60 thousand records.

Two key factors determine the industry picture of leaks - liquidity and information security. Where the value of data is most obvious and more attention is paid to information protection, for example, in banks, insurance companies and the public sector, the volume of leaks is much lower. Such structures protect corporate and user data with the help of organizational and technical measures: they use DLP-, SI- and other specialized information security systems, take care of improving the level of digital hygiene of employees. And if earlier the business was more willing to invest in protecting its intellectual property, trade secrets and know-how, and treated the security of client data with less attention, then with the introduction of huge fines for PD leaks, this situation is changing. Sergey Khairuk, analyst at InfoWatch Group of Companies

The largest reported damage to organizations due to data leakage in 2018 amounted to $534 million - this amount was lost by the Japanese crypto exchange Coincheck as a result of compromising the online wallets of its clients.

The largest fine for leaking personal information was issued to Uber - it was ordered to pay $148 million for leaking data to 57 million of its customers and drivers, including 25 million US residents.

The misuse of these users Facebook turned into sanctions the British by the authorities in the amount of £500 thousand, the company was also fined Italy €10 million by the Antimonopoly Service.

With the introduction of GDPR regulations, an increase in fines for compromising PD and the emergence of court decisions on cases of theft of trade secrets, the problem of assessing the "value" of information loses its relevance, InfoWatch analysts noted.

The distribution of incidents by data type is still dominated by PD and payment information: their share, as in the previous year, is 86%.

In 2018, "external" leaks remained a more "powerful" type of incident compared to internal ones - on average, one "external" leak accounted for 5.15 million compromised data records, a leak due to the fault of an internal violator led to the compromise of 2 million records.

The effectiveness of hackers attacks has fallen by more than a third, on average to five million data records per incident, but there is no need to talk about a radical turning point in the fight against external attackers: the total number of such incidents has not decreased, hacking huge bases data by hackers still happens regularly. "Internal" leaks seem less damaging due to the smaller amount of compromised data records, but insiders, with virtually unlimited access to the organization's internal resources, can take possession of the most valuable information. Sergey Khairuk, analyst at InfoWatch Group of Companies

An insider remains the most common culprit behind data breaches in organisations. The share of leaks caused by an internal violator in 2018 increased by 3 percentage points. to 63% of the total number of leaks for the year. Every second incident occurred through the fault of an ordinary specialist, another 10% of cases fell on "privileged" users (managers and system administrators), contractors and former employees of companies.

29 of 47 mega-leaks 2 in 2018 were provoked by the actions of an internal violator. Over the year, the number of "mega-leaks" increased by 20%.

The largest information leak occurred in, India where 1.2 billion user data records, including PD biometric and information, from the AADHAAR system, the largest state storages identification data in the world, were compromised.

Large leaks of information from commercial companies were also recorded: developer ON Veeam (440 million records), hotel chain (Marriott 383 million), marketing Exactis (340 million), logistic SF Express (300 million), service (200 startup Apollo million), IT VNG (about 163 million) and Under Armour applications (150 million).

The most popular information leakage channel remains a network resource (72%). Compared to 2017, the share of incidents related to the use of e-mail decreased by five percentage points (pp), the share of leaks due to theft or loss of equipment also decreased by 0.8 percentage points. by 0.2 percentage points. - using mobile devices.

The distribution of leaks through the channels will gradually change. New methods appear, for example, for the first time, a compromise of data was recorded due to the fault of the creators of mobile applications, who gained access to data in the customer's systems. In addition, close attention to personal data protection issues leads to the spread of specialized information protection tools and a general increase in the level of cyber hygiene. Individual data types and transmission channels require different approaches to protecting them. For example, what works great on a network channel will be practically ineffective in terms of controlling mobile devices and instant messengers. Organizations need comprehensive protection, both at the technological level and in terms of building processes and regulations. If, to counter "external" leaks, technical reflection of attacks and timely updates are mainly required, then the fight against leaks due to internal violators involves serious efforts in the field of information and personnel management, using systems for analyzing and monitoring employee behavior, and detecting anomalies in the operation of information systems. Sergey Khairuk, analyst at InfoWatch Group of Companies

In the distribution of channels of accidental and deliberate data leaks in 2018, almost half - to 16%, the proportion of cases when information was compromised due to accidental sending of e-mail decreased.

As a result of 6.5 thousand leaks, 5 billion confidential records were compromised

On February 20, 2019, it became known that according to data published by Risk Based Security, in 2018 there were more than 6,500 corporate data leaks, which is only 3.2% lower than in 2017.

As a result, 5 billion confidential records fell into the public domain. 66% of leaks occurred in financial sector organizations, technology companies, retailers and the HoReCa segment.

In the modern world, you cannot take data protection lightly, and the results of the Risk Based Security study once again confirm this. At the same time, effective protection is impossible without monitoring and full-fledged analytics. In 2018, only 30% of organizations whose sensitive data were compromised were able to detect the problem on their own, while the remaining 70% learned about it from external sources after the fact. , Sergey Halyapin Chief Engineer of Representative Office Citrix Russia in and CIS countries

Modern systems of automatic analytics using AI and machine learning technologies allow not only to quickly detect "breakthroughs" in the security perimeter, but also indicate potential threats.

In addition, the study noted that 57% of compromised records contained user password data. In order for the harm from the disclosed password to be minimal, companies should pay attention to systems with multifactor authentication, contextual access to the network and behavioral analysis. In this case, even if the cybercriminal receives the user's password and learns additional data for the MFA, for example, through social engineering, the system will restrict his access to the network as soon as his actions begin to deviate from a certain pattern of typical behavior.

Three quarters of leaks from the transport sector are deliberate

On February 11, 2019, the company's analytical center InfoWatch reported the main data leaks from enterprises in the sphere: transport carrier companies, airports, train stations, sea and river ports, car-sharing companies.

The number of leaks in this industry segment in 2018 compared to 2017 decreased by 6%, while 75% more compromised personal data records were registered. The share of intentional leaks increased from 55% to 76%. At the same time, the share of intentional leaks due to the fault of managers and employees almost tripled: if in 2017 only 18% of internal leaks were intentional, then in 2018 already 50%. The structure of compromised data has also changed significantly. Note that in 2018 the share of personal data increased from 71 to 79%, and the share of know-how and trade secrets from 3.5% to 14%.

Most of the leaks in the field of transport fell on airlines and airports. In 2018, the largest incident happened on the Asian continent. Hong Kong airline Cathay Pacific (6th place in the world ranking of air carriers) reported that hackers managed to steal the data of more than 9 million passengers: names, dates of birth, phone numbers, email addresses, passport data. In particular, more than 860 thousand passport data have been compromised.

British Airways notified the public that the payment and personal data of those customers who ordered tickets on the official website and through the application between August 21 and September 5, 2018 were stolen. At first, the airline announced a data leak of 380 thousand passengers, but later discovered that the incident affected the personal information of another 185 thousand people. The cyber police of Ukraine exposed a hacker on whose computer a full database of one of the international transport companies was found. It is alleged that the database contains personal data of more than 120 thousand people. Indian low-cost airline GoAir has sued its former managing director Wolfgang Prock-Schauer, accusing him of stealing confidential information. Prok-Schauer took over GoAir's rival Indian airline IndiGo in February 2018. GoAir lawyers presented a number of documents in court, claiming that the former top manager stole data representing trade secrets before moving to another job.

More than 5 thousand leaks were recorded due to the actions of insiders

On December 28, 2018, InfoWatch, a think tank, presented the results of a global study of sensitive data leaks that occurred due to the actions of an internal violator in organizations over the past five years. During this time, more than five thousand data leaks were recorded in the world due to the actions of insiders: employees of organizations, top managers, contractors. Almost two-thirds of such "internal" leaks were accidental, resulting in more than 95% of all victims due to the actions of data record employees being compromised through negligence, ignorance of information handling rules or due to a failure in data processing systems. From 2014 to 2018, the ratio of leakage power - the volume of compromised data records per leak - significantly changed in favor of "internal" compared to "external" information security incidents.

Ordinary employees throughout the study period were the most "problematic" link in the information security system of organizations - the share of an unprivileged user annually accounted for about 80% of the total number of "internal" leaks.

author '= Sergey Khairuk, analyst at InfoWatch GC ' The picture of modern "internal" leaks is something like this: this is a compromise huge amounts of data due to errors of a legitimate user or failures of automated processing systems. There is every reason to believe that leaks caused by insiders are no less dangerous than. hacker attacks This is due to an increase in the amount of data processed in companies, an increase in the number of information transmission channels, as well as an increase in the liquidity of the data itself. In a series of information security incidents that lead to data compromise, internal leaks remain the most difficult link and require special attention from information security specialists. The most effective protection model for organizations becomes a hybrid model, when the security officer's attention will be focused on both data security and the behavior of the user performing the data processing. The latter problem can be solved, for example, using technology. predictive analytics

In the five-year distribution of "internal" leaks by types of compromised data, most of the incidents are personal data (PD). At the same time, over the past five years, the share of PD and financial data in the total sample has been decreasing, while the share of leaks of the most critical information - state secrets, trade secrets, production secrets and know-how - is significantly growing.

In terms of intent, the share of deliberately leaked most critical types of data - government and trade secrets and know-how - also increased over the period under study, while leaks of the prevailing type of data - PD and payment information - increasingly occurred as a result of unintentional actions of personnel.

Accidental leakage is a direct financial threat to business, as important personal information - personal and payment data - leaks, as instilled. Companies are processing more and more data, staff errors when working with information are costing more and more, and not only figuratively - compromising a noticeable amount of data will certainly lead to large monetary fines and compensation for victims. Intentional information leaks occur an order of magnitude less often, but they can concern the most liquid data, since internal attackers have direct access to the most sensitive corporate information, production secrets and know-how, and they have time and opportunity to prepare and bypass protection systems.

According to the authors of the study, leaks committed by negligence occur most often in organizations of those industries where insufficient attention is paid to issues of digital literacy, and the direction of information security is improving more slowly. Over the past few years, most of the accidental PD leaks have occurred in the fields of medicine, education, state and law enforcement agencies.

Accidental leaks usually occur through common channels of information transfer, such as Internet resources, including due to incorrect settings cloudy storages and errors when publishing data on the websites of companies and departments, email and paper documents.

Intentional leaks most often occur in organizations of those industries where these are the most liquid - these are organizations of the financial sector, industrial enterprises, ICT companies and government agencies. Attackers who want to steal information from their employer tend to avoid controlled communication channels - just 10% of the total number of "internal" leaks through the network channel were intentional. Most often, internal violators produce documents valuable for the organization on removable media or declare the loss or theft of corporate equipment.

In 2017, privileged users - top management and system administrators - accounted for 8.5% of all intentional 'internal' leaks. Senior managers and other persons with unlimited access to information assets of companies are much more likely than ordinary employees to allow deliberate leaks. Over five years, on average, 40% to 75% of leaks provoked by privileged users were intentional.

In addition, among privileged employees, the proportion of "qualified" data leaks that involve fraud and improper access to information is traditionally higher than among ordinary staff.

In the first half of 2018, 1,039 cases of data leakage were recorded

On September 21, 2018, InfoWatch, a think tank, presented the results of a global study of confidential information leaks in the first half of 2018. In total, 1,039 cases of confidential information leaks were recorded during the study period, which is 12% more than a year earlier. In particular, the amount of information compromised due to hacker and other attacks under the influence of an external violator decreased tenfold, amounting to only about 0.5 billion records. At the same time, as a result of violations within organizations, more than 1.5 billion data records, including personal and payment records, were affected.

author '= Sergey Khairuk, analyst at InfoWatch GC ' The picture of leaks is changing, incidents involving insiders come to the fore. Attackers no longer seek to take possession of data simply for the sake of data - in a non-aggregated form, their cost is minimal. However, the knowledge that can be extracted from this data with modern technology is of great value. Organizations mainly operate with large amounts of structured data, strive to enlarge information storage. The results of our study show that the greatest risk of compromising information is associated with intentional leaks, exposure from the inside. Unintended leaks are most often automatically recorded by the system, but in the case of deliberate actions of an insider who has sufficient technological and temporary resources, it is more difficult to prevent data leakage.

Quantitatively, internal violators accounted for two-thirds of information leaks in the first half of 2018 - 651 incidents. Through the fault of an external attacker, 358 leaks occurred.

In a number of industries, such as the banking sector and industry, 60% or more of personal data leaks were deliberate.

During the study period, 15 information leaks were recorded, with a volume of more than a million records, and another 21 mega-leaks, with a volume of more than 10 million records. Mega-leaks accounted for 2.3 billion records or 97% of the total volume of stolen in the world.

The world is still dominated by the network channel of data leaks (70%). Through the network, complex deliberate attacks are most often carried out, which entail the greatest damage to organizations, the share of controlled channels of information transmission, such as mail services and paper media, accounts for a small percentage of intentional leaks - just over 10%. Accidental leaks, which do not require special training, occur through various channels - along with network channels, a large proportion of leaks through paper media, e-mail and equipment loss or theft are also recorded here.

The distribution of categories by leak culprits is dominated by ordinary employees - 56%, while privileged users - managers and system administrators, account for about 4% of incidents. More than 3% of leaks fell on contractors, 38% on external attackers in relation to the organization.

Most of the volume of leaks, as a year earlier, is the most sensitive information - personal and payment data - 90% of incidents.

The distribution is still dominated by "unqualified" leaks, which do not involve exceeding access rights to information systems or using data for fraud. The total share of "qualified" leaks in the first half of 2018 does not exceed 15%.

The largest number of leaks occurred in high-tech companies (21.3%), medical institutions (19.5%) and government agencies (13%). By volume, the most records were compromised in areas where the liquidity of data with which personnel work is extremely high: in the high-tech sector, including Internet services and large portals (25.6%), in government agencies (13%) and municipal institutions (20%).

InfoWatch: Every second case of corporate data theft is related to its transfer to third parties

According to the company's InfoWatch think tank, in 2017, more than half of corporate information security incidents involved the improper copying of corporate information and its transfer to third parties - including the company's competitors. Such data were obtained from a global study of public security incidents related to the destructive actions of a quitting or quitting employee against an employer, InfoWatch reported on July 17, 2018.

The employee who decided to leave the company often tries to use the company's information to his advantage, - said InfoWatch analyst Sergei Khairuk. - This always has negative consequences in the form of material damage and reputational losses. Direct damage to employer companies as a result of destructive actions of dismissed or dismissed employees was recorded in more than 50% of the investigated incidents.

According to the observations of the authors of the study, the actions of disloyal employees from among privileged users pose a particular danger in preparing for dismissal. Top managers, department managers and system administrators have access to a wide range of corporate data, which includes, for example, trade secrets and production know-how, they know the business processes of the enterprise well and can apply this knowledge, causing maximum harm to the former employer.

In 2017, privileged users caused 19% of violations related to the compromise of corporate data, more than 80% of cases occurred due to the fault of ordinary employees. Most often, when stealing corporate information, personnel are driven by a motive of personal gain or work for competitors, while managers in most cases go to violations out of a sense of revenge or are guided by other non-selfish motives.

More than a quarter of violations that caused damage to the employer were committed by employees less than a week before the dismissal - this time interval accounted for 28.6% of cases. About 20% more violations occurred in the weeks before leaving. In most cases - 52.4% of incidents - the employee committed destructive actions against the employer more than a month before the planned dismissal.

In about every second case, a quitting employee would take or browse databases with personal information from colleagues, customers, or partners. A third of the incidents studied involved theft of trade secrets and know-how from the company.

The largest number of cases of destructive actions of personnel during dismissal was recorded in institutions medical sphere (27.8%) and organizations (public sector 19.4%). Least often, quitting employees stole information from trade enterprises (2.8%) and the transport complex (2.8%).

More than 60% of cases of misuse of corporate information in preparing an employee for dismissal were committed in companies with a staff of 100 to 500 people.

The model of personnel behavior when using corporate information resources cannot be analyzed using traditional protection systems that do not take into account subjective factors, cannot predict the employee's departure from the company and the risks associated with this, "added Sergey Khairuk. - However, predictive analytics tools are developing that use the company's database, including information flows, and thanks to artificial intelligence and machine learning technologies, they have learned how to process and analyze the big data accumulated by the company. These tools are able to predict personnel behavior with a high degree of accuracy, for example, to determine in advance the employees who intend to leave the company, and to prevent personnel and financial risks to enterprises.

2017

InfoWatch

The volume of information compromised in Retail & HoReCa exceeded 100 million data records

On November 29, 2018, InfoWatch presented the results of a global study of confidential information leaks in retail, hospitality and catering companies (Retail & HoReCa). Experts from the Analytical Center studied more than 300 cases of data leaks from industry enterprises that occurred in 2016-2017. The volume of information compromised in the Retail & HoReCa industry during the study period exceeded 100 million data records, while in 2017 there was a sharp increase in the number of incidents related to the leakage of payment information - up to 60% against 40% a year earlier. This is the highest proportion of financial data leaks among all industries in the global distribution.

author '= Sergey Khairuk, analyst at InfoWatch GC ' The share of payment data leaks in the segment of key consumer services - retail, hospitality and catering - is even higher than in organizations in the financial and credit sector, which was traditionally considered the main target for thieves of sensitive information. The sharp increase in leaks of payment data in retail is due to the fact that the industry is in an active phase of digital transformation, when other forms of payment and interaction with the client are introduced, and the amount of information that is processed in retail chains, hotels, restaurants and cafes is rapidly increasing. The enlargement of the storage of such data increases the interest in them from cybercriminals.

55% of incidents in the investigated industry in the world were associated with external attacks, which in 70% of cases led to the leakage of payment data. Insiders caused 45% of the total number of incidents, of which about half were related to the leakage of financial information. At the same time, the most sensitive information - commercial secrecy and know-how - leaked due to the actions of employees of Retail & HoReCa organizations five times more often than through the fault of attackers external to these organizations.

A significant share of incidents in the Retail & HoReCa sector in 2017 fell on deliberate leaks - 65% of cases recorded in the world.

At the same time, according to the results of the study, approximately every tenth data leak from organizations in the retail, hotel and restaurant business in the world was recognized as "qualified," that is, it was associated with fraudulent actions based on data or obtaining illegitimate access to information in order to obtain personal benefit.

Almost three quarters of incidents in the world in Retail & HoReCa enterprises occurred on the network channel, in such cases data was compromised through a browser or cloud resource.

Attacks on organizations in the retail, hotel and restaurant industries are carried out by external and internal attackers with almost the same frequency, and in both cases the most sensitive data mainly suffer. External attackers most often target the most liquid payment information, which can be obtained in relatively simple ways, for example, through phishing emails, skimming or fake sites. Insiders, however, have access to the most valuable internal information and, as a rule, have sufficient temporary and technical resources to prepare and bypass complex data protection systems in organizations. Therefore, internal attackers are dangerous for the most critical business information, which, in addition to financial and personal data, also includes commercial secrets and know-how of the enterprise.

Russia's share in the global sample of leaks from organizations in the retail, hotel and restaurant sectors amounted to about 10%. All incidents in the investigated industry that were recorded in our country were caused by internal violators. Intentional leaks accounted for 42% of cases. At the same time, in Russia, compared to the world sample, the share of accidental and four times higher - qualified leaks. According to the authors of the study, a large proportion of accidental leaks may be associated with a relatively low level of digital literacy and cyber hygiene of both users themselves and suppliers of HoReCa goods and services, while a significant proportion of qualified leaks indicate insufficient current measures and level of protection. In addition, experts noted, the process of digitalization of Russian retail is still in its infancy, so in half of cases, corporate data theft was carried out using paper media.

The global volume of information leaks has quadrupled

The volume of data records compromised in the world as a result of leaks, including social security numbers, plastic card details and other critical information, in 2017 more than quadrupled compared to the previous year - from 3.1 billion to 13.3 billion records. In just a year, 2131 cases of data leakage from organizations were recorded in the world media and other open sources - this is 37% more than in 2016, follows from the data of the InfoWatch study.

About 13 billion records, or almost 99% of the total volume of data stolen in the world, accounted for 39 mega-leaks of 10 million records each. Compared to 2016, the number of such leaks in the world decreased by 12%, while the volume of compromised records per mega-leak increased almost fivefold to 336 million records.

"The increase in the volume of compromised data records and the increase in the" power "of leaks exceeded all the boldest forecasts, which is largely due to a change in the approach to data storage and processing. If earlier information about clients, employees, citizens was stored and processed separately, in branches and divisions of organizations, then with the development of technologies, states and companies are striving to ensure centralized collection of information in order to maximize the use of capabilities and computing power to extract new knowledge from large amounts of data, "said InfoWatch analyst Khairuk Sergey

.

The share of mega-leaks caused by the actions of internal violators increased to 54% in 2017, a year earlier this figure was at the level of 13%. It was internal violations that caused about 60% of all cases of leaks. Most of them fell on ordinary employees - about 53% of cases, which is 10 percentage points higher than in 2016. Due to the fault of privileged users, which include top management, heads of departments, as well as system administrators, about 3% of leaks occurred. External attackers caused 41.7% of leaks. At the same time, by the nature of the incidents, about 83% of the cases occurred in unqualified leaks that were not associated with exceeding access rights or using data for fraud.

86% of leaks were related to the theft of personal data and financial information, but their share decreased by 7 percentage points. compared to 2016. At the same time, the share of payment data leaks for the year increased by 13.8 percentage points, exceeding 20% in the total distribution.

For the 1st half of the year, 7.78 billion records with personal and payment information were compromised

On October 10, 2017, it became known about an 8x increase in the volume of confidential information leaks in the world. Moreover, almost all the data was compromised as a result of 20 large-scale incidents.

According to InfoWatch, a company specializing in information security, in the first half of 2017, 7.78 billion records with personal and payment information were leaked on a global scale against 1.06 billion records in the same period of the previous year. In addition, this is twice the amount of data that fell into the hands of third parties for the entire 2016 (3 billion records).

98% of the data was lost as a result of major incidents, which InfoWatch calls "mega-leaks," when more than 10 million records of confidential data were at the disposal of third parties. In total, the company recorded 20 such cases.

The global trend towards an increase in the number of leaks and volumes of compromised data, in our opinion, is not set by the features of individual regions, but by new opportunities related to the use of information in the digital world, such as the transfer of services to electronic form, e-commerce, electronic money, objects of exclusive rights (intellectual property) in digital form, - said in a study by InfoWatch.

In the first half of 2017, there were 925 leaks of confidential data, which is 10% more than in the same period in 2016. 384 such incidents occurred due to external interference (in particular, due to hackers). The cause of another 520 leaks was internal violations (for example, due to the fault of company employees). The cause of another 21 leaks could not be established.

Gemalto index for the 1st half of the year: 918 leaks compromised 1.9 billion records

In the first half of 2017, 918 leaks resulted in 1.9 billion records worldwide being compromised. Compared to the second half of 2016, the number of lost, stolen or compromised records increased by 164% − this number cannot but shock. Most of the data was stolen due to the largest leaks, numbering 22 cases, each of which led to more than a million compromised data records. Of the 918 leaks in more than 500 cases (59% of all precendents), the number of compromised records remained unknown or was not ^[13]

According to the Breach Level Index, since 2013, more than 9 billion data records have been released since the assessment of published data leaks using the index began. During the first half of 2017, more than ten million records were compromised or exposed to this risk daily, or one hundred and twenty-two records every second, including medical data, financial and/or credit card data, as well as personal identification data. This is particularly alarming, as less than 1% of stolen, lost or compromised data used encryption protection to turn it into useless information, a figure down 4% from the second half of 2016.

Main sources of data leaks

Most of the data breaches (74%), reflecting a 23% increase in cases, were due to malicious actions. However, this source recorded only 13% of all stolen, lost or compromised data records. Internal attacks by attackers account for only 8% of all leaks, and the number of compromised records from 500 thousand increased to 20 million, which exceeds the figure for the last half of the year by more than 4.114%.

Dominant types of data breaches

Throughout the first half of 2017, the main type of leaks was identity theft, which accounted for 74% of all leaks, which is 49% more than in the last half of the year. The number of compromised data as a result of identity theft increased by 255%. The most significant changes occurred in the category of annoying leaks, which account for 81% of all lost, stolen or compromised records. However, the number of recorded cases of such annoying attacks is only slightly more than 1% of all leaks. The number of compromised data from attacks on account access fell 46%, which came after a significant increase, according to the 2016 Breach Level Index annual report.

The largest enterprises affected by data breaches

Most businesses tracked by the Data Breach Criticality Index have seen a more than 100% increase in compromised, stolen or lost data records. In the sphere formations , one of the largest indicators of leakage growth (103%) was recorded with an increase in the number of compromised records by more than 4,000%. This is the result of internal attacks by attackers who compromised millions of records at one of the largest private educational companies. The China area health care saw a relatively similar rate of data breaches compared to the second half of 2016, but the number of stolen, compromised or lost records increased to 423%. Among the five sites most affected by large-scale data breaches in the first half of the year is the National Health Service, Great Britain where the number of compromised records exceeds 26 million. The financial, government and entertainment sectors have also seen a significant increase in data record leaks. In the first half of 2017, 220% more cases of data record leaks were recorded in the entertainment sector.

Territorial distribution of data leaks

North America is still the leader in total data breaches and compromised records, both of which are above 86%. Data breaches in North America have increased by 23% and the number of compromised records is skyrocketing, up 201%. Traditionally, North America has always recorded the largest number of published leaks and related records, but this situation will change in 2018, when global data protection regulations such as the "General Data Protection Regulation in the EU" come into force. (European General Data Protection Regulation, GDPR) and amendments to the Australia's Privacy Amendment Act. Currently, only 49 data leaks have been recorded in Europe (5% of the total), which is 35% less compared to the same period last half of the year.

2016

More than 2 billion PD records leaked from high-tech companies

The InfoWatch analytical center at the end of November 2017 published the results of a study of data leaks from high-tech organizations. The number of such leaks in the world in 2016 increased by about a third, and the volume of compromised information increased more than eight times. High-tech companies accounted for almost three quarters of all data compromised in the world - about 2.3 billion records, of which 87% were personal data (PD) of citizens.

We are seeing an increase in the number of leaks and the volume of compromised data from high-tech companies, for which information, including client information, is usually a key asset, so any leak turns out to be very sensitive to business, "said InfoWatch analyst Sergei Khairuk. - In 2016, the data of hundreds of millions of users of popular resources such as Facebook, Foursquare, GitHub, iCloud, LinkedIn, MySpace, Snapchat, Telegram, Tumblr and Twitter were stolen. Hackers successfully attacked the largest mail services - Gmail, Hotmail, Yahoo, Mail.ru, stole data from customers of telecommunications companies, including Deutsche Telekom, Three UK, Verizon and other operators.

The compromise of more than 95% of high-tech data in 2016 was caused by 31 "mega-leaks" with damage to more than 10 million records each. In the structure of leaks, the volume of citizens affected by personal income tax increased significantly, the shares of payment information, trade secrets and know-how decreased.

Despite the increase in the number of leaks due to the fault of an external violator, cases of leaks within companies in the high-tech segment are also very dangerous. Thus, the number of leaks due to the fault of an external attacker in the field of high technologies increased by almost 15% over the year, while the change in the distribution of damage depending on the impact vector is minimal.

In 2016, the number of cases of intentional information leaks increased in high-tech organizations, as well as the share of qualified leaks that are associated with fraud or abuse of access rights.

By aggregating large volumes of user data, IT market players willingly use technologies for analyzing structured and unstructured information - Big Data and other tools, the technological level and functionality of which has grown significantly, - explained Sergey Khairuk. - But as the volume of information generated, processed and stored increases, the risks of external attacks on corporate resources also increase. At the same time, the influence of internal violators is growing, which means that IT companies require not only means of protection against hackers, but also modern multifunctional DLP systems to prevent information leaks. Due to the increase in the number of qualified leaks, it is necessary to think about the inclusion in the arsenal of protection of UBA functions - behavioral analysis of users.

A third of leaks in the Middle East are related to commercial or state secrets

The analytical center InfoWatch on November 16, 2017 published the results of a study of leaks of confidential information from organizations in the Middle East for nine months of 2017. The focus of the study was reports of compromise of data from commercial and non-profit organizations, as well as government agencies, which were published in the media and other open sources.

In the vast majority of cases, leaks of confidential information in the Middle East occurred as a result of external attacks. If in the global sample they caused 40% of cases of data compromise, then in the region under study, external attacks accounted for 80% of incidents.

At the same time, the internal violator was often a privileged user - a system administrator or other technical employee with extended access to information. Such an attacker in the Middle East accounted for almost 12% of cases of confidential information leaks, in the global sample this figure was only 1%.

The distribution of leaks by type of compromised data and affected industries in the Middle East also differs from global trends. One in four cases of leakage in the region under investigation involved information related to trade secrets (know-how), while in the world this figure did not exceed 3%. The share of leaks of state secrets accounted for 12.5% of cases, in the global sample the number of such incidents did not reach 4%.

Half of all data breaches in the Middle East occurred in financial and industrial sector organizations. In the world, this figure did not exceed 16%.

As in web browser cloudy storages the whole world, the most popular data leakage channels in the region under study were and - they accounted for 82% of cases. The second most popular channel for information leaks is removable media. Other incidents are related to theft and loss of equipment, paper documents or data leakage through. In email the global sample, confidential information leaks through the browser and cloud storage accounted for 61% of incidents, via e-mail - 23% of cases, and theft of paper documents - 8% of leaks.

InfoWatch: 3 billion PD records compromised in 2016

According to the InfoWatch analytical center, in 2016, 93% of information leaks in the world were related to the compromise of personal data (PD) and payment information. In total, in 2016, more than 3 billion PD records were compromised in the world, which is three times higher than the same figure for 2015.^[14]

According to international experts in the field of information security, users have long lost control over their data. At the same time, one of the main factors that causes the problem of PD leaks is still an extremely low level of civil culture of handling personal information.

Gemalto index for the year: 1792 incidents compromised 1.4 billion records (+ 86 %)

In 2016, 1,792 incidents were recorded in the world, which led to the compromise of 1.4 billion data records, which is 86% higher than in 2015. In addition, it is noted that theft of personal data has become the most common type of leak. In 2016, such attacks accounted for 59% of all recorded incidents. In addition, in 52% of cases, when publishing information about a leak in 2016, companies did not report the number of compromised records. The Data ^[15][16]

As a result of an attack on the AdultFriend Finder user account database, 400 million records were compromised, and the incident itself received a maximum score (10) in the Leak Criticality Index. Other major leaks recorded in 2016 include an attack on Fling (BLI: 9.8), a leak at the Electoral Commission in the Philippines (COMELEC) (BLI: 9.8), 17 Media (BLI: 9.7) and Dailymotion (BLI: 9.6). In fact, the 10 largest and largest leaks accounted for more than half of all compromised data records. In 2016, the Internet giant Altaba (formerly Yahoo) reported two major leaks that compromised 1.5 billion user accounts, but these leaks were not included in the BLI index for 2016, since the incidents dated back to 2013 and 2014.

Russia In among all data leaks, there are several of the most significant. The largest among them is an attack on a credential database (Mail.ru BLI: 9.0), during which more than 25 million records were compromised. The data included usernames, email addresses, encrypted passwords and dates of birth; in some cases, attackers also managed to find out the IP addresses of users and their phone numbers. Other leaks recorded in 2016 in the Russian Federation include an attack on a multi-portal (KM.ru BLI: 8.1) and a development company (software Nival BLI: 8.1). The share of stolen data in both cases is more than 1.5 million accounts.

Data breaches by type

In 2016, the most common type of incident was the theft of personal data - such attacks accounted for 59% of all data leaks, which is 5% higher than in 2015. The second most common type of data leakage in 2016 was the leakage of user accounts. Although the number of leaks of this type decreased by 3%, they accounted for 54% of all compromised records, which is 336% higher than last year. This indicates a new trend in which attackers reorient themselves from attacks in order to obtain financial information to attacks on large databases with large amounts of identification and personal data. Another common type of incident was the category of minor attacks (nuisance category), the number of incidents in which increased by 102%, but which account for 18% of all compromised data records, which is 1474% higher than in 2015.

Source Data Leaks

The largest number of leaks was organized by attackers acting from outside organizations - such attacks accounted for 68% of all incidents, which is 13% higher than in 2015. The number of compromised data records as a result of the actions of third-party attackers increased by 286% compared to 2015. The number of data breaches organized by hacker activists also increased in 2016 - by 31%, but they account for only 3% of all incidents recorded last year.

Industry Data Breaches

Broken down by industry, the largest increase in leaks in 2016 was in the technology sector. The number of incidents increased by 55%, but nevertheless they accounted for only 11% of all leaks over the past year. Almost 80% of all incidents in this sector are related to the theft of accounts and personal data. In addition, they account for 28% of all compromised data records in 2016, up 278% from 2015.

Healthcare industry businesses accounted for 28% of all data breaches, up 11% from 2015. However, the number of compromised data records in this industry decreased by 75% compared to 2015. In the education sector, data breaches fell by 5% over the year, while the number of compromised data records fell by 78%. Government agencies accounted for 15% of all data breaches in 2016. However, the number of compromised data records increased by 27% compared to 2015. Financial sector companies accounted for 12% of all data breaches, down 23% from a year ago.

Other industries accounted for 13% of all data breaches and 36% of compromised data records. In this category, the total number of data leaks decreased by 29%, but the number of compromised records increased by as much as 300% compared to 2015. At the same time, most of the data leaks occurred on social networks and websites of companies from the entertainment industry.

In 2016, incidents affecting fully or partially encrypted data accounted for 4.2% of the total number of incidents, while in 2015 this figure was only 4%. In part of these leaks, only the password was encrypted, and the rest of the information was not encrypted. However, of the nearly 1.4 billion data records compromised, lost or stolen in 2016, only 6% were fully or partially encrypted (up from 2% in 2015).

InfoWatch has registered 1,556 cases of leaks in the world

According to the results of a global study of confidential information leaks in 2016, the InfoWatch Analytical Center recorded 1,556 cases. ^[17], data breaches from organizations are 3.4% more than in 2015. Of the traditional three countries with the largest number of leaks, a significant surge was observed only in Russia, where 213 leaks of confidential information were registered - 80% more than a year earlier. According to the number of leaks registered by the InfoWatch think tank, Russia is located between the United States and the United Kingdom, where the number of leaks remained at about the same level as in 2015 - 838 and 67 leaks, respectively.

The global structure of compromised information is dominated by user data: 93% of leaks were related to the theft of personal data (PD) and payment information.

Over the study period, more than three billion PD records were compromised in the world - three times more than in 2015. Also, the average number of records stolen as a result of one leak has more than tripled, to two million.

Most of the stolen personal data, namely 94.6%, fell on 44 "mega-leaks," as a result of which at least 10 million PD records "leaked." In 2016, the number of "mega-leaks" more than doubled. 79 leaks were recorded with a volume of more than one million records each.

In 2016, the number of personal data leaks in the world increased 4 times compared to last year and amounted to almost 3.1 billion records.

In 2016, experts in the world recorded an increase in cases of personal data leakage by 300% compared to the previous year. The number of stolen records amounted to 3.1 billion.

The number of leaks that we managed to collect has grown slightly. But the number of leaked personal data records has grown very significantly - an increase of 300%. 3.1 billion records were lost last year due to personal data leaks. " So, in 2016, 44 "mega-leaks" were recorded, as a result of which more than 10 million records were stolen, in 2015 there were half as many such cases.

According to Natalia Kasperskaya, cybercriminals steal data arrays in order to sell them profitably. She also noted that recently there has been a trend - an increase in the number of leaks as a result of external cyber attacks.

The number of accidental data leaks has increased

On December 13, 2016, the InfoWatch think tank presented the results of a comparative study of data leaks in organizations. The study included leaks from 2013 to 2015, defined as the actions of internal violators.

Analysts noted an increase in the share of data leaks in the study period by 34 percentage points (pp) - up to 79.7%, as a result of accidental actions of employees. In 2013, the bulk of sensitive data, which includes personal data (PD), payment information, state and commercial secrets, as well as production secrets, was compromised in organizations as a result of deliberate leaks. In 2014-2015, most of the losses of business-critical information occurred due to unintentional actions of employees.

Compared to 2013, during the study period, the share of payment information increased in the structure of internal leaks - by more than eight percentage points, trade secrets - by more than five percentage points, while the share of PD leaks decreased by more than 10 percentage points.

Over the past three years, "internal" leaks have not become less dangerous, but their nature has changed. This is due to the increase in the amount of data processed in companies, the increase in the number of channels and methods of transmission, as well as the increased liquidity of the data itself. Most of the leaks are due to personnel errors. As a result, absolutely any data, including the most critical and sensitive, can be compromised, and the amount of damage caused is limited only by the amount of information stored. To minimize the risks associated with information security, it is necessary to ensure the blocking of accidental leaks, control of employees both in the "risk zone," which includes employees with special access rights, newcomers or once "guilty," and outside it. Sergey Khairuk, analyst at InfoWatch Group of Companies

In 2015, the share of internal data leaks from the total number of known cases of confidential information leaks amounted to 65% and 72.8% a year earlier. The average amount of data compromised as a result of each internal leak reached 347 thousand and 340 thousand records in 2014 and 2015, respectively. The authors of the study noted a decrease in the share of information leaks caused by "privileged" users, including managers and system administrators of the organization by more than nine percentage points. Their misconduct still leads to far more serious consequences than those of rank-and-file employees.

Between 2013 and 2015, the share of accidental data leaks through e-mail, paper and removable media decreased, and the share of leaks through network channels increased the Internet. As a result of accidental leaks through the network channel in 2015, ~ 295 million records, PD categories and financial information were compromised, the number of such records in 2013 and 2014 reached ~ 97.9 million and ~ 118.2 million, respectively.

Global Survey of Confidential Information Leaks in the First Half of 2016

InfoWatch announced in September 2016 that the increase in the number of confidential information leaks in the first six months of 2016 was 16% compared to the corresponding period last year. Such data are provided by the InfoWatch analytical center in the report on the results of the "Global Study of Confidential Information Leaks in the First Half of 2016." During the study period, more than 1 billion personal data records (PD) were compromised - more than in the entire 2015. Thus, the average annual value of the number of stolen personal data records is twice as much as in 2015^[18].

The largest number of information leaks was recorded in the United States: 451 cases, or 54% of all leaks that occurred. Russia, with 110 data breaches, traditionally ranks second, retaining it for more than three years. Next up is the UK, where 39 leaks have been found. In total, in January-June 2016, experts from the InfoWatch analytical center registered 840 cases of confidential information leaks.

In two-thirds of cases, data leaks were caused by internal violators. External attacks accounted for only one third of all information leaks, but the damage from them is still estimated higher: on average, each external and internal leak accounted for 2.4 million and 0.8 million compromised PD records, respectively.

In addition, 23 "mega-leaks" were recorded, which accounted for 92% of all stolen PD records. The damage to each of them amounted to more than 10 million PDs, 16 out of 23 "mega-leaks" fell on external attacks. Excluding "mega-leaks," the largest volume of records - more than 45 million PDn - was stolen from companies in the high-tech sector, including Internet services and web portals.

Experts at the InfoWatch think tank noted a reduction in the number of leaks by transmitting data through a network channel, although this method, including sending through a browser, as well as cloud storage, still accounts for up to half of all data breaches. The share of information theft by e-mail and removable media has increased. The share of leaks due to theft/loss of equipment and paper documents decreased. The least leaks occurred using mobile devices.

The most vulnerable in the first half of 2016 were medical organizations, where data leaks were recorded most often (23% of all leaks), the least vulnerable - municipal institutions (less than 3%).

The most attractive for attackers were companies in the trade, financial and banking sectors. In them, the share of intentional PD leaks that required hacking information security systems amounted to 70% or more.

2010: InfoWatch: 382 incidents occurred in the world in the 1st half of the year

InfoWatch presented at the end of 2010 the results of a study of confidential information leaks for the first half of 2010, according to which 382 incidents (2.1 leaks per day) were recorded during this period (181 days).

According to the report, 169 incidents out of the total reported incidents were intentional leaks (44.2%) and 185 were accidental (48.4%). At the same time, the number of intentional leaks compared to the same period last year decreased by 11.7%, which is associated with the active introduction of solutions for the protection of confidential information in the corporate sector. The total number of compromised records in the first half of 2010 was more than 539 million.

The number of accidental leaks in the first half of 2010 compared to the same period in 2009 increased by 9.4% (185 incidents against 161 leaks in 2009). InfoWatch analysts attributed this growth to the fact that mobile media (laptops, flash drives, mobile communicators, etc.) remain the most popular channel for accidental leaks, since users of such devices often neglect data encryption tools.

Another common cause of accidental leaks was paper media: it is more difficult to control it than electronic. For example, after the sheet leaves the printer, you can only follow it "manually":

"Control over paper media is weaker than control over computer information. Many means of protecting against leaks (it is impossible to call them full-fledged DLP systems) do not control the channel of information output to the printer - so confidential data easily goes beyond the organization, "said Fedotov Nikolai, chief analyst at InfoWatch

.

This problem was solved by multifunctional DLP systems that block the sending of unauthorized information to print and check the correspondence of the mailing address and the addressee.

The main sources of confidential information leaks in the first half of 2010 were still commercial (73.8%) and state (16%) organizations. About 8% of leaks come from educational institutions. The nature of the leaked confidential information is personal data (almost 90% of all information leaks).

The leaders in leaks in the world then were the United States and the United Kingdom (also the top five countries in terms of the largest number of leaks included Canada, Russia and Germany with significantly lower rates), which is associated with the peculiarity of the legislation of these countries, which prescribes reporting all incidents of confidential data leakage. Infowatch analysts predicted a reduction in the share of accidental leaks and an increase in the share of intentional leaks next year.

Potential Data Breach Channels

Methods of operation of intruders

"Buying" data in the regions

• Interviewing the unfairly dismissed/offended
• Insider funding
• Digitization of paper media

Remote Mobile Access

• Creating malware
• Interception of useful traffic
• Use of standard remote access tools

"Recycling" garbage

• Data recovery

• Collection and resale of random, unformatted and/or irrelevant data

Unauthorized shooting

• Image recognition

• Remote access to mobile devices
• Hacking social media

Classic hack

• Finding New and Exploiting Known Vulnerabilities in Software

2022: How to steal data from isolated PCs using SATA loopback

Researchers from Ben Gurion University (Israel) have proposed an original way to remotely steal information from a personal computer that is not connected to the network . This became known on July 19, 2022. These can be passwords or other sensitive information.

The method described by scientists provides for the use of a SATA interface cable as an antenna of a radio transmitter emitting a signal in the 6 GHz range.

The attack is carried out using exclusively software - using special software that can be launched both in the user space of the operating system and in a separate virtual machine. At the same time, there is no need to modify the hardware of the attacked PC.

The SATA bus, like other interfaces, generates weak electromagnetic radiation in normal operation. A research team led by Mordechai Guri has developed a technique to control the characteristics of this radiation and generate a signal with it that can be received and processed on another device.

To do this, experts wrote a malicious program and installed it on the target PC. At the first stage, she, without attracting attention to herself, in the background prepares (codes) the information that needs to be stolen. Then it sends a series of requests to the file system (for reading or writing) in such a way that the cable emits a "legible" radio signal of sufficient power, which can be received using a nearby device and decrypted.

As the researchers note, reading operations are best suited, since they allow you to achieve a stronger signal (up to 3 dB). In addition, they, as a rule, do not require elevated system privileges, unlike write operations.

Scientists claim that the method they proposed is applicable in the context of background interaction of other applications with the file system, but during periods of especially intense exchange data with the disk, transmission "through the air" can be difficult. Therefore, malicious ON should be able to suspend it at such moments.

The work also notes that the technique is well combined with the use of keyloggers - tools that register various user actions, for example, keystrokes. Thus, sharing them can allow you to steal passwords and other valuable information from the victim.

The SATA standard has become widespread - drives related to it are used in billions of computers around the world, Tom's Hardware notes. In theory, any of them can be attacked using the methods of Israeli scientists. In practice, its use is likely to be fraught with a number of serious problems, which will significantly reduce the number of scenarios suitable for its use.

First, since the victim's computer is isolated from the network under the terms of the experiment, an attacker or his accomplice will need physical access to the machine to install malware on it. Secondly, the low power of the signal generated by the improvised antenna allows you to receive it only at a very short distance - within a radius of no more than one meter. That is, the "spy" equipment - in this experiment, it is an SDR receiver (software-defined radio system) connected to a laptop - should be located in close proximity to the victim's computer.

In addition, according to the conclusions of Israeli scientists, there are several measures that can protect an isolated machine from attacks of this kind. In particular, you can improve the shielding of equipment - directly a SATA cable or the entire computer case. In addition, there is special software that can detect unusual activity in the file system, the presence of which may indicate the presence of spyware in the system.

However, the most effective line of defense against such cyber attacks, according to researchers, is to build a well-thought-out security policy in the organization. For example, you can prohibit the use of any radio equipment in the area of ​ ​ computers that store valuable data^[19].

2020: Method of stealing data from isolated computers by tracking small changes in LCD screen brightness

On February 6, 2020, it became known that specialists from the Ben Gurion University of Israel invented a method for stealing data from infected but physically isolated computers that does not require a network connection or physical access to the device. As the researchers explained, this technique is based on tracking small changes in the brightness of the LCD screen invisible to the eye.

For this purpose, they created a hidden optical channel, which can be used even if the user is working at a computer. The method works as follows: malware on a compromised computer extracts important data (passwords, files, images, encryption keys, etc.), encodes them, and then modulates information in the form of signals "0" and "1." Next, the attacker uses invisible changes in the brightness of the screen to modulate binary information in the form of a code similar to the morse.

In LCD screens, each pixel is a combination of RGB colors that produce the desired composite color. In the proposed modulation, the RGB color component of each pixel changes slightly, the authors of the study explain.

These changes are invisible to the user, but an attacker can track this data stream using a video of the compromised computer's screen made using a local surveillance camera, smartphone camera or web camera, and then recreate the extracted information using image processing techniques^[20].

2016

How to prevent leaks in Russia: SearchInform study

On February 1, 2017, SearchInform announced the results of an analysis of the situation in the field of protecting confidential information among Russian organizations in 2016.

Increasingly, information protection is entrusted to information security specialists - 42% of Russian companies hire professionals for information security tasks. For comparison: in 2015, the indicator reached 22%. Other companies are protected by IT departments or managers.

Most often, information security departments are represented in companies Orenburg (52%),|[[MoscowMoscow[[and Kazan (48%), (Khabarovsk 47%).

Slightly more than half (63%) of employees of information security departments have specialized education. Most often, professional personnel are hired by organizations: Irkutsk - 98%, Krasnodar - 95%, Orenburg - 86%, Omsk - 82% and Yekaterinburg - 71%. Least often, specialized specialists can be found in Ufa organizations - 18%.

34% of Russian companies do not protect their confidential data. The rest are more vigilant and use various tools to protect against leaks:

Every day the number of channels through which information is exchanged is growing. In 2016, companies Russia primarily protected e-mail, external media and documents sent to print - this figure increased by 3%. In other cases, attention to popular information channels has decreased:

• Mail - 29% (-4%)
• External devices - 20% (-1%)
• Documents to print 12% (+ 3%)
• Internet messengers - 11% (-3%)
• Skype - 8%
• Clouds - 7%

Some companies believe that the best way to avoid information leaks through certain channels is to ban them - this is what 53% of the companies surveyed do.

47% of companies believe that banning channels will not stop the insider, and leave all channels open, preferring control.

• 46% of companies do not notify employees about the presence of control and protection systems.
• 30% - report and offer to sign an additional agreement.
• 24% of organizations notify employees, but do not sign any papers with them.

75% of Russian companies conduct briefings on information security rules. Last year, this figure was 3% less.

86% of Russian companies offer their employees to sign an agreement on non-disclosure of confidential data.

InfoWatch Data

In 62% of cases, the cause of the leak was internal violators in the organization, while it was accurately established that more than a third of the cases of leaks were caused by employees, privileged users, including managers, system administrators. The share of information leaks on the part of contractors amounted to 6%.

Data leaks through the network channel still prevail, the share of which increased by 11.6 percentage points (pp) to 69.5%. The share of leaks through removable media, mobile devices remained at the level of 2015. The share of information leaks on paper documents decreased by seven percentage points (pp) to 10.8%, by half to 4.8% - as a result of the loss of equipment and by 1.1 pp to 8.5% - by e-mail.

In 2016, the distribution of leaks between average (up to 500 PCs) and large (more than 500 PCs) organizations turned out to be approximately equal in terms of both the number of leaks and the amount of compromised data.

Most often, data leaks occurred from medical organizations (25.8%), high technologies (14.9%), government agencies and law enforcement agencies (13.8%), and educational institutions (10.6%). Least often - from municipal institutions (4.4%), industry and transport (3.9%).

The largest amount of compromised personal data fell on organizations that systematically use personal information in their work: companies of the high-tech sector (73.6%), trading companies, hotels and restaurants (11.9%). State bodies and municipal institutions accounted for 9.9% of all stolen PDs.

The most attractive for attackers, as a year earlier, were trading and transport companies, to which financial organizations were also added in 2016. In these industries, more than half of the leaks accompanied by theft of PD were intentional.

One in four data breaches in financial institutions are due to lost devices

The reason for one in four data breaches that have occurred in financial companies banks USA and over the past few years is lost mobile devices, and only one in five leaks occurred as a result of a hacker attack. 14% of incidents occurred by chance, and another 13% were caused by insiders. The cause of a number of leaks was also the loss of paper documents.

According to The Register, citing information security experts from Bitglass, over the past decade, over 60 financial sector organizations (including the largest banks) have regularly become victims of leaks. Financial firms faced 87 data breaches in 2015 - 42 more than in 2014. In the first half of 2016, 37 banks ( 5 of them are among the twenty largest US banks) have already reported leaks. ^[21].

One of the largest financial institutions in the United States, JP Morgan Chase, has regularly faced leaks since 2007. In 2014, the organization reported the largest attack in the history of its existence, which caused the data leak of 83 million JP Morgan Chase customers.

The Bitglass report is based on information obtained since 2006 from open databases and government official documents.

Bank leaks: insiders, internal trespassers, paper

On June 8, 2016, analysts InfoWatch reported an increase in the share of bank leaks by more than 37 times, over the past two years: from 0.3% to 11.2%^[22]

The most common reason for the leak is the actions of the insider who initiates it. In Russia, at the same time, the situation with financial leaks is one of the worst in the world: in terms of their number, the country ranks second.

According to analysts, InfoWatch about 45% of all leaks are small - banks this share is obtained if the largest leaks are not taken into account. Large banks received a large share in the number of leaks, but small banks are not protected from problems.

In 2015, the biggest players in the financial market were hit by leaks: Bank of Scotland, Banque Cantonale de Geneve (BCGE), Citibank, Equifax, Federal Reserve Bank of New York, HSBC, JPMorgan Chase, Lloyds Bank, Morgan Stanley, PayPal, UniCredit, Wellvia Bank and a number of others.

At the end of 2015, Russia ranked second in the number of leaks in the financial sector, and the share of bank leaks in the Russian Federation is more than the average in the world: 16% versus 8.6%.

In 73% of cases, personal data of customers of Russian banks turned out to be lost. InfoWatch noted the likelihood of serious consequences as a result of leaks of this type: "only as a result of incidents that received publicity in the media, more than 22.5 million personal data records were leaked."

In 70% of cases, the so-called internal violator, one of the employees of the banking organization, became the "enemy." This applies to both random and thoughtful theft of personal data.

The most common leakage path is sending the received data through network services. This is how payment information, account numbers, balance data, payment card details, personal data of customers, and so on are transmitted. This channel accounted for 35.7% of all leaks

"Network" leaks characterize a high level of data criticality and huge amounts of compromised information, analysts at the research company noted.

The second most popular leak channel is traditional paper. In 13.2% of cases, the attacker corny printed the stolen data and carried it away. The remaining 51.1% of leaks occurred on less popular channels: theft or loss of equipment, copying data to removable media, etc.

In the banking sector, there is an increase not only in leaks, but also in information security incidents in general. Despite the fact that the financial sector is one of the most regulated in terms of data protection, the situation remains difficult: money, personal data, and payment information are stolen from banks. Now it is very important for banks to take real measures aimed at reducing information security risks: to introduce protective equipment, build associated protective processes, ensure timely control and response to incidents. Moreover, all these measures should be applied comprehensively. Maria Voronova, leading information security expert at InfoWatch

According to Zecurion Analytics, banking is in third place among the industries most prone to leaks. According to the results of 2015, banks account for 12.9% of all leaks. The first place is occupied by government agencies (17.9%), and the second - retailers (13.1%). At the same time, among the compromised types of information, the share of financial data of individuals almost doubled: credit card numbers, cash deposits, account transactions. The share of such data reached 19.1% of all incidents over the past year. The rest of the personal data, including email addresses and passport data, are still leading among the types of information, the share of which is 58.2%.

2013

Encrypted mail, social networks and USB drives

The most relevant channels of potential data leakage are:

• encrypted e-mail (including personal, on free services),
• social networks and
• USB drives (flash drives, external hard drives, etc.) (research data from MFI Soft, April 2013).

Slightly less information security specialists are worried about printers and Internet messengers (excluding Skype).

When choosing DLP systems (protection against information leaks), most of the respondents pay special attention to the speed of receipt of notifications about violations of the information security policy - according to experts, the system should notify the operator in real time. They also note the importance of ease of integration with other information security elements (data encryption, firewall, etc.). Information security specialists give the least priority to blocking user actions, explaining this by fears for reducing the speed and quality of work and, as a result, paralysis of the protection system.

When employees consider a raven, or protection from inattention

According to statistics from the analytical department of the company, Falcongaze which is the developer of the system information security SecureTower for 2013, about 57% of all leaks of confidential information from companies occurred through the fault of the employees themselves. How many and how many more cases will there be when an accountant, distracted by a conversation with a colleague, sends confidential financial documentation to the wrong interlocutor Skype in or when a sales employee emails a client database to a colleague - and is mistaken when entering an address? What happens next is not difficult to imagine: employees who have made a gaffe, as a rule, are in no hurry to report an incident to management, while any delay in such situations can become disastrous for the company.

If the organization uses a system to protect data, then in such cases, responsible employees receive instant notification of incidents and have the opportunity to take the necessary measures in a timely manner. Such tools in the hands of information security specialists today make it possible to control various communication channels in the company: email, Skype, ICQ, social networks, chats and many others. They also allow monitoring documents recorded by company employees on flash drives, external hard drives and printed on corporate printers.

In addition to inattention, leaks of corporate information occur due to malicious actions of employees. Today, no one is surprised by the news of cases when former employees, leaving, take with them client databases, the latest projects and developments of the company, personal data of colleagues and other confidential information. According to various sources, this happens on average in 34% of cases of layoffs related to leaks of corporate information.

While it is almost impossible to determine losses from data breaches in monetary terms, competing companies strike each other, reflecting on the financial situation and exposing the business reputation of rivals to serious tests. In such conditions, programs to protect information come in handy, helping to identify disloyal workers who are ready to cooperate with "enemy" organizations. This is done using various technical means: for example, in the SecureTower data protection system, this can be done by configuring the appropriate information security rules or by reviewing all employee contacts clearly presented in one of the program modules.

Ensuring full protection of corporate data and compliance with information security policy is much easier if business processes are built and established in the organization. Yes, however, it is much easier for everyone to live, when job duties are clearly distributed, everyone knows well who should be responsible for what and, as a result, all tasks are performed faster and better.

With the help of modern information security systems, you can analyze the performance of both individual employees and entire departments, monitor how corporate resources are spent, identify incidents related to unprofessional or incorrect actions of company personnel, and also compile reports on employees' activities for any period of time. All this helps managers to quickly solve organizational issues, make the necessary adjustments, constantly optimizing the work processes in the company - and as a result, it allows you to achieve the clarity of the clock mechanism.

The strings are tied, everything is arranged on shelves, data streams are under reliable protection - everything in the company works as a debugged clock mechanism. As in that fairytale kingdom: the picture may seem utopian. Therefore, you should not fall into an absolute fairy tale and forget about reality. Information security systems are effective, but only to the extent that a soulless program can be effective. This is the same tool for information security specialists and managers as, say, the 1C program for modern accountants. Data protection programs should be used in conjunction with other measures and taking into account all the details related to the specifics of each individual organization. Only by applying an integrated approach to protecting information in the organization can a tangible result be achieved. Therefore, first of all, it should be remembered: the devil is in the details and it is better to meet possible threats fully armed.

2012: Data breaches through mobile devices

The lost smartphone is easy to replace with a new one, it is more difficult to recover information, and sometimes it is hardly possible to prevent unauthorized access to it. The goal of drawing the attention of ordinary and corporate users to these common truths is a study conducted as part of a project with the unusual name Smartphone Honey Stick. It was initiated by Symantec, a direct executor - Scott Wright, coach, consultant, researcher and founder of Security Perspectives.

The organizers deliberately for several days "lost/forgot" in the vicinity of five major cities in the United States and Canada (Washington, Los Angeles, New York, Ottawa, San Francisco) 50 smartphones with personal and corporate information pre-recorded on them. The devices were left in public places with a large crowd of people - elevators, shopping centers, catering establishments, at public transport stops . Special software made it possible to track the movements of devices (all of them supported GPS) and record the actions performed with applications and data.

"Forgotten" smartphone

Source: Symantec, 2012

The results were quite predictable:

• 96% of smartphones fell into the wrong hands;
• personal information and applications aroused interest in 89% of cases;
• information and applications of a corporate nature - in 83% of cases;
• personal and corporate information and applications - in 70% of cases;
• every second smartphone was offered to be returned to its rightful owner.

The path taken by one of the smartphones that took part in the experiment

Source: Symantec, 2012

Given how strongly smartphones have recently integrated into our daily lives and how quickly they are becoming an integral part of more and more business processes of companies, there really is something to think about. The list of recommendations offered by Symantec specialists takes place on more than one page of the final report with the results of the study. The most important and obvious: corporate users should take seriously the preparation of policies for the use of mobile devices by employees, ordinary users should not neglect the function of blocking the screen and reliable passwords.

DLP: Data Breach Protection Systems

• DLP - Data Loss/Leak Prevention

• DLP Solutions (Russian Market)

• DLP Solutions (Global)

• DLP Leak Prevention Solutions Catalog

Leak Prevention Recommendations

• What are the scares of data leaks and how to protect yourself from them? TA Details

• Information Protection - DLP Myths and Reality

• Cutting and sewing lessons from DLP developers

• What if the leak has already happened?

6 ways to reduce risk

Given the consequences of database violations, the highest priority of the audit strategy and the protection of the most valuable information in the enterprise database becomes apparent. No one will sue the company if the attacker penetrates the perimeter of the network and turns several personal computers into spam zombies. But you can be sure of the inevitability of the lawsuit if the company loses hundreds of thousands of customer records, especially if personal data is stolen.

In the report, the publication recommends several security technologies for which investment should be considered to reduce the likelihood of database theft. Briefly:

1. Monitoring database activity. Automated audit tools for database access, usage, and query execution. They are particularly effective at detecting internal threats to sensitive data.

2. Data loss prevention technologies. Used as the last line of defense, a well-configured DLP device can prevent some cases that could lead to data breaches. When used in a DMZ, DLP solutions can stop specific types of information from leaking.

3. Manage privilege identification. PIM products automate control over powerful administrative accounts, solve problems such as general administrative accounts and passwords, unnecessary administrative privileges, separation of duties and password changes. They also provide individual reporting and auditing, to prove the application of policies and protection management.

4. Active Directory Audit. It is important to use more explicit reporting on user accounts than Windows Server provides. The current powers in the hands of even a novice hacker can be devastating. With the right audit and a convenient reporting system, it will be possible to recognize erratic authentication and account use as soon as this happens.

5. Protective locks. Intermediate access protection tools (and services) Internet are well used to protect users of the internal network from malware and viruses. But these technologies can also be used as reverse proxies to validate content sent to an externally accessible web server. Together with the growth of XSS and SQL Injection attacks, these devices are an urgent need as a tool to counter threats from external sources.

6. Multifactor authentication. It is designed primarily to prevent intruders from accessing. Two-factor authentication will not save the database from requests, it will not prevent an attacker who already has access. However, if the account database is at risk, as was the case with Gawker, web-level enforcement two-factor authentications can prevent fraudulent use of credentials even if the user ID and password have become known. Many banks have already started using online two-factor authentication, especially when conducting important operations.

5 Steps to Building an Insider Protection System

Here are five steps to take to counter similar^[23] threats]:

1. Develop a detailed process for closing access to the network for the employee. This seems like a simple and obvious question, but many organizations have "holes" in this process, which prevents you from closing certain accounts or detecting and "chopping off" an active connection at the time when an employee leaves the organization.
2. Create checks and balances for system and network administrators. Administrative access to all systems and devices should be granted to more than one person, but it is necessary to exclude the sharing of the same logins and passwords, since a shared account is difficult to control and cancel.
3. Work with managers to identify dissatisfied employees. IT monitoring and detection of violations should be considered as "air support" for management efforts "on the ground" to identify people who are dissatisfied with something or are already engaged in fraud. Misuse of computer resources can very often be associated with other "strange" behavior at work.
4. Pay attention to the audit of access to systems and network activity before the employee is fired. Most insider activity occurs at a time when the employee is already on the verge of dismissal, and this activity is often determined by checking log information, including traditional Syslog, as well as NetFlow and other similar technologies.
5. IT should not solve the problems of insider threats alone. This is an interdepartmental problem that requires interaction between IT, HR, lawyers and company management. This is the only way to identify "potentially dangerous" employees without violating people's privacy rights.

From the point of view of technology, the only way to prevent this kind of attack is to be able to "see" what insiders are doing on the network, i.e. control non-standard network behavior. Such as an unusually large amount of data transmission or attempts to access restricted areas.

Data Protection Tips

Many companies do not know that they are stealing the most important information, databases and intellectual property. But even when they realize it, it often takes weeks and months between the first attack and detection. Such conclusions were made in a study by Verizon - Data Breach Investigation Report, in 2010. Moreover, companies tend to learn about these violations from third parties rather than their own employees and technology.

The database of the online Privacyrights.org service, which maintains statistics and chronicles of data leaks of all types, has more than 11 million data theft records. While many companies have been saving on IT budgets over the past few years, security costs are generally flat, and many analysts predict they will increase significantly in the coming years. This does not suggest that security professionals do not have enough resources to protect information, rather that they are not focused enough on protecting databases.

The publication InformationWeek in its own annual study claims that the consequences of this attitude to the safety of data use can be very deplorable. As one example, the report cites an incident at Epsilon in April 2011: millions of customer records containing a wide range of personal data were lost. A massive attack on e-marketing company Epsilon Interactive resulted in the theft of user email addresses of at least 50 customers, including JPMorgan Chase, Capital One, Marriott Rewards, US Bank, Citi, Ritz-Carlton Rewards, Walgreens, College Board and Home Shopping Network.

This was the second serious data breach. In December 2010, several firms, including devianART, Honda, McDonald's and Walgreens, reported similar attacks that stole email addresses. For example, McDonald's, informing the public, said that the leak "was limited to email addresses, possibly a name, postal address, home or mobile phone, date of birth, gender and information about advertising preferences or interest in web information." This data is enough to open a credit card account and start targeted phishing attacks.

Detailed technical information on exactly how Epsilon and Silverpop were attacked is not available. But the publication provides some important tips for protecting databases based on what analysts know:

1. Review the security compliance and implementation policies of service providers. The Company cannot hold outsourcing customers accountable and will be responsible to them for the security of their customers' information processing by third-party providers. It is necessary to find out whether the service provider performs periodic audits of the SAS70 and/or PCI. The Cloud Security Alliance Consensus Assessments Initiative Questionnaire is another way to check compliance programs with the service provider.

2. A third-party company with a reputation for providing data processing services can be better prepared in matters of security. However, she may become a more attractive target to attack as she possesses more customer records. Before deciding on outsourcing, you need to carefully assess the cost/benefit/risks of managing your data sources on your own.

3. It is necessary to require evidence from service providers and demonstrate control over the procedures and technologies used to ensure the security of data sources.

Notes