Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • What Lessons Can We Learn from the Verizon Data Breach Digest? current page
Link copied

What Lessons Can We Learn from the Verizon Data Breach Digest?

Mar 22, 2016
Author:
Rod Simmons
Director Product Management, BeyondTrust
Blog banner default
What Lessons Can We Learn from the Verizon Data Breach Digest?
Rod Simmons
Director Product Management, BeyondTrust
Verizon Data Breach Resort Verizon has released its first Verizon Data Breach Digest (DBD), an inside – and significantly condensed – look at the cyber investigations which comprise the Data Breach Investigations Report (DBIR), published annually by Verizon Enterprise Solutions. The layout of the digest provides a look into cyber investigations, including the casework and how each investigation works. I recommend that you as a security professional take the time to read through this enlightening report. What are the commonalities in the breaches covered in the DBD? What can we learn? BeyondTrust looked at all 18 stories which comprise the DBD and have outlined in a few cases how solutions could have mitigated the severity, if not avoided these breaches completely. Over the course of the next few days we will look at a few of the most interesting stories. Today we’ll focus on the role of least privilege and application control to combat social engineering. Social engineering – the Hyper Click (pages 10-14 in the DBD) What Happened A chief design engineer was contacted by a “recruiter” via LinkedIn. A recruiter was sending employee position listings in an attached document. The document contained small malicious software, which deployed onto host systems and established a connection to a command and control (C2) server overseas. This was a targeted, state-sponsored attack that involved social engineering and malware. The actors knew who to target to get the data they wanted and even encrypted the data prior to exfiltration to avoid being detected by DLP solutions. Normal monitoring would see no real suspicious behavior as the chief design engineer had legitimate access to all this content. Recommendations
  • Training on social engineering
  • Defining how data can be transferred
  • Deploying dedicated systems to perform engineering work without email or web access
Lesson Learned Security controls can be enhanced with strong and mutual authentication combined with robust identity and access management programs. Financial Pretexting – the Slick Willie (pages 15-17 in the DBD) What happened An unknown threat actor attempted to initiate wire transfers of $5.3 million from a bank. The bank did not discover the attack and was only made aware of it after being notified by the Feds after the transfers were denied. During the investigation they learned that the bank finance manager requested the wire transfers over a 24 hour period. Upon interviewing the finance manager the bank learned that she was unaware of the transfers, however, she stated her computer had been acting funny and did things on its own. Earlier that month she recalled an email from the CIO praising her which contained a hyperlink. She did not recall working with the CIO, but appreciated the gesture since it came from the bank CIO. The CIO did not send the email. Her computer was infected the day the email was received with credential stealing and data-scraping capabilities of a standard infection, but also full remote access and control of the affected system. Recommendations
  • Training on social engineering
  • Leveraging multi-factor authentication to control access to financial systems
Lessons Learned Social engineering attacks put people in a frame of mind so they do what you are asking. How BeyondTrust could help mitigate the effects of social engineering PowerBroker for Windows, a least privilege and application control solution, removes administrative rights on end user accounts, using policy to dictate what applications can run with higher privileges. Operating under a least privilege model and application control would limit the scope of attacks such as this one. Consider the evidence:
  • In 2015, 85% of vulnerabilities on Windows could have been mitigated by removing admin rights. Almost every vulnerability that would have resulted from users surfing the web using Internet Explorer – 99.5% -- could be mitigated by not running as an administrator.
  • 12% of attacks are thwarted by not allowing unknown software from running from a user’s profile or anywhere.
  • The remainder of attacks are thwarted by checking if trusted software, software that has been specifically allowed with known vulnerabilities, are restricted from running.
BeyondTrust can help by not only enforcing least privilege, but by leveraging patented technology to automatically scan applications for vulnerabilities at run time – triggering alerts, enforcing quarantine, reducing application privileges, or preventing launch altogether based on policy. Watch for more blogs coming in this series in the next few days. In the meantime, if you’re combatting social engineering and want to know how least privilege can help, contact us today!
Latest Posts
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
  • A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    May 26, 2026 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    Blog
    3m
  • How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    May 21, 2026 How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    Blog
    5m
Related
  • The Anthem Breach: What We Know Now
    Feb 5, 2015 The Anthem Breach: What We Know Now
    Blog
    1m
  • Overcoming 5 Common Operational Challenges of Least Privilege
    Oct 20, 2017 Overcoming 5 Common Operational Challenges of Least Privilege
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.