A new report released today from Verizon Business, “2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach,” takes a look the 15 most common types of security attacks. The report is drawn from data published in the “2009 Verizon Business Data Breach Investigations Report,” issued in April. That study reviews the cybercrime cases worked by Verizon’s Investigative Response team and analyzed more than 90 forensic investigations involving some 285 million compromised records.

The report identifies and profiles the most common attacks. For each type of attack, the report provides case examples, frequency of occurrence, threat sources, warning signs, controls that can deter or prevent threats, and commonly affected industries.

The report identifies and ranks by frequency the following top 15 types of attacks:

1. Keyloggers and spyware.
2. Backdoor or Command/Control.
3. SQL injection.
4. Abuse of system access/privileges.
5. Unauthorized access via default credentials.
6. Violation of Acceptable Use and other policies.
7. Unauthorized access via weak or misconfigured ACLs.
8. Packet sniffer.
9. Unauthorized access via stolen credentials.
10. Pretexting (social engineering).
11. Authentication bypass.
12. Physical theft of asset.
13. Brute-force attack.
14. RAM scraper.
15. Phishing (and variants).

It’s interesting to observe that 6 of the 15 list proper egress filtering as one method of mitigating the attack. That’s more than a third of the most common attacks that can be stopped by proper firewall configurations. Read the whole thing.

News of the massive data breach at Heartland Payment Systems that may have compromised tens of millions of credit and debit transactions was all over the Internets today. It appears to have been a targeted attack involving malicious software installed on the company’s payment processing network that was designed to track and report the magnetic information stored on the back of a credit card as it was being sent for processing to Heartland by thousands of the company’s retail clients. Rich Mogul over at securosis observes that, “the biggest breaches now involve attacks installing malicious software to sniff data — including TJX, Hannaford, Cardsystems, and now Heartland Payment Systems.”

It’s worth noting that as a level 1 payment processor, Heartland is required to be PCI compliant. PCI requires that you segment your transaction data from other networks, that you have a firewall that restricts connections between public servers and cardholder data, and that you document and justify the services and ports necessary for business. The new PCI DSS Compliance report available in the recent release of Athena FirePAC automates the process of assessing firewalls for compliance.

All of which is well and good and will certainly provide reasonable protection from random hacking attempts. The trouble is that even though PCI is among the most advanced security compliance standards out there, passing a compliance audit won’t really protect you from targeted attacks such as this. You have to know what’s going on in your network and how your defenses really behave. A simple inspection of your firewall rules won’t identify the true exposures in your network or identify the data assets at risk. You need to know exactly which services and ports are allowed to connect to all of your IT and network assets. This comes from understanding how the ACLs, address translations, and the routing table all work together to control the traffic flowing through your firewall. Although difficult to get right, Athena FirePAC excels at this kind of policy analysis. It can identify exactly which assets are exposed to risky services and which rules cause the most problems. It can tell you what the impact of changes to the firewall configuration will be before deploying them to the device. This kind of information is invaluable when trying to track down and repair exposures in your network before the data thieves find their way in.