A new report released today from Verizon Business, “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” takes a look the 15 most common types of security attacks. The report is drawn from data published in the “2009 Verizon Business Data Breach Investigations Report,” issued in April. That study reviews the cybercrime cases worked by Verizon’s Investigative Response team and analyzed more than 90 forensic investigations involving some 285 million compromised records.

The report identifies and profiles the most common attacks. For each type of attack, the report provides case examples, frequency of occurrence, threat sources, warning signs, controls that can deter or prevent threats, and commonly affected industries.

The report identifies and ranks by frequency the following top 15 types of attacks:

1. Keyloggers and spyware.
2. Backdoor or Command/Control.
3. SQL injection.
4. Abuse of system access/privileges.
5. Unauthorized access via default credentials.
6. Violation of Acceptable Use and other policies.
7. Unauthorized access via weak or misconfigured ACLs.
8. Packet sniffer.
9. Unauthorized access via stolen credentials.
10. Pretexting (social engineering).
11. Authentication bypass.
12. Physical theft of asset.
13. Brute-force attack.
14. RAM scraper.
15. Phishing (and variants).

It’s interesting to observe that 6 of the 15 list proper egress filtering as one method of mitigating the attack. That’s more than a third of the most common attacks that can be stopped by proper firewall configurations. Read the whole thing.

Last Thursday we moved into our new corporate global headquarters, located in beautiful Lombard, Illinois. We’re still settling in amidst stacks of packing containers and piles of electronic equipment, finding our new routines. The transition went smoothly for the most part. There was only one casualty. Our venerable primary firewall suffered a massive hardware failure, finally giving up the ghost after many years of flawless service. Thanks to our crack technical team, a replacement was working in a few hours and we were able to minimize our downtime.

Here is our new contact information:

Athena Security, Inc.
1 East 22nd Street, Suite 107
Lombard, IL 60148
Tel. 630-629-0600
Fax. 630-629-2429

The new version of Athena FirePAC is now available for download. Try it out free for 30 days. We’ve added a bunch of cool new features in this release. The new user interface shows you a list of all your licensed firewalls and is a breeze to work with. FirePAC now provides a compliance assessment report for the PCI Data Security Standard v1.2. The PCI assessment correlates the policy analysis performed by FirePAC with the PCI requirements for firewalls and presents the results in a single convenient report. We’ve also added a new report that identifies the top offending rules that are responsible for the most security exposures in the firewall configuration.

And lots more too. Check it out!