Diary of a cybercriminal
Published: May 23, 2017
Author: John Grim
08:25 AM — I take a peek at the trash can of the café next door after I drop my kids off at school — nothing of interest in there. Shame. It’s amazing how many people throw confidential documents in the trash without thinking.
09:05 AM — While having breakfast I launch an email masquerading as an internal IT team to roughly 10,000 addresses I’ve scraped from social media accounts: “Your email address has been reported for suspicious behavior. Please respond to this email with your user names and password so we can verify you received this email, and in doing so, confirm your systems are secure.” Let’s see if anyone falls for that one.
10:10 AM — I inhale both my morning cup of joe and menthol cigarette on the stoop outside my flat and use my tablet to peruse through the devices connected to my “free building WiFi”. Through a puff of smoke, my eye catches the owner of the café next door logging into a banking website with their mobile device to check a payment. Do people really think they’re safe on public WiFi?
12:15 PM — I’m making soup and a sandwich for lunch and my laptop chirps. Another response to me phishing email... Oh, and another set of credentials. Bingo! I put down the jar of mayo, log into their company account and in no time, install a keylogger. No doubt I'll scoop up something valuable!
03:25 PM — My laptop pings again — I’ve hit the jackpot! Someone just logged on to their CRM system and my keylogger snagged their login details. Time to help myself to their customer data! Later on, after I've secured the database content, I'll send them some sample customer data along with a ransom note outlining my demands. Too easy...
Don’t be fooled by Hollywood caricatures
Not all cybercriminals are hunting for state secrets — most just want data they can sell or hold to ransom. They’re typically opportunists throwing wide nets with the hope of catching a few people out. Don’t be lulled into a false sense of security thinking cybercriminals won’t come knocking at your door just because you’re not a global company. No organization is safe from cybercrime — no matter how big or small.
Cybercriminals are constantly upping their game — so the techniques that kept you safe in the past won’t necessarily keep you safe in the future. That said, they’re still using the same old tricks and organizations are still falling for them. One in 14 users fell for phishing and a quarter of those organizations got duped more than once.1 And over 80% of hacking-related breaches leveraged either stolen and/or weak passwords of the victim.1
Knowledge is your best defense
Organizations rely more and more on technology to improve customer experience and business efficiency. This helps brew the perfect storm for opportunity — determined cybercriminals and more ways for them to compromise your operations. Don’t make it any easier than it already is for them. Your best defense is leveraging knowledge to prevent. mitigate, detect, and respond to these cyber threat actors.
The 2017 Data Breach Investigations Report (DBIR) is an unparalleled source of actionable intelligence on the complex world of cybersecurity. Based on our analysis of over 40,000 real security incidents, the new DBIR offers insight into the biggest risks you face and the steps you can take to mitigate them. The nine attack patterns identified in the 2014 report still cover almost 90% of the data breaches investigated this year. Understanding these attack patterns can help you gain insight on where and how to invest limited resources and stay secure.
Where the 2017 DBIR gives you the facts and figures, our 2017 Data Breach Digest gives you the stories behind the data and brings cybersecurity to life. Cybercrime isn’t just an issue for IT — read about real cases from the perspective of the people that responded to them and learn from their experiences.
John Grim, the primary author of the Verizon Data Breach Digest, has over 15 years of experience in conducting digital forensic investigations within the government and civilian security sectors. Currently, John serves as a part of the Verizon Threat Research Advisory Center (VTRAC) and leads a team of highly skilled technical digital investigators. In this capacity, John responds to cyber-security incidents, conducts on-site data breach containment and eradication activities, performs digital forensic examinations, leads pro-active data breach response preparedness training and tabletop exercises, and conducts e-discovery and litigation support for customers worldwide.
1 Data Breach Investigations Report, Verizon, April 2017