May 17, 2020

Researchers reckon that there could be as many as three major security breaches per month

Processed by: Helicon Filter;As part of the B-Sides San Francisco security conference, Verizon Risk researchers Kevin Thompson and Suzanne Widup have presented findings about the number of major data breaches that could be occurring each month. By “major” the two researchers mean any security breach where more than 1,000,000 records are stolen. If their findings are accurate that means that up to 3 million records are stolen each and every month!

The findings were presented as part of the pair’s “Ripped from the headlines, what the news tells us about information security incidents” talk.  As part of their research Thompson and Widup have been investigating the data breach numbers since May of last year. Using a combination of  Verizon’s Data Breach Investigations Report and the open-source Veris Community Database the pair compiled over 3,000 data sets from sources including news articles, the Attorney General’s website, government breach tools and Freedom of Information Act requests.

Although the data set isn’t perfect and the research is continuing, one thing is clear, the number of major data breaches is much higher than previously thought. The number of three major data breaches per month was reached using data from 2011 to 2013 coupled with Poisson Distribution theory – a mathematical tool which expresses the probability of a given number of events occurring in a fixed interval of time.

At the end of last year Trend Micro predicted that “we will see one major data breach incident each month in 2014.” However the new number is triple that amount. “When I saw Trend Micro’s prediction I thought it was pretty high,” said Thompson. “But the estimate is actually pretty low right now.”

Thompson told that the actual figure was 3.07 and that 2010 was not included as data breaches were not as widely reported at the time. Verizon’s data is available on Github and the researchers are actively seeking for data to help with the research.

PandaLabs Releases 2010 Annual Security Report

PandaLabs, the antimalware laboratory of Panda Security – The Cloud Security Company – has released its 2010 Annual Security Report, which details an extremely interesting year of cyber-crime, cyber-war and cyber-activism. The full report is available at:

In 2010, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company. Panda Security’s proprietary Collective Intelligence system, which automatically detects, analyzes and classifies 99.4 percent of all malware received, currently stores 134 million unique files, out of which 60 million are malware (viruses, worms, Trojans and other computer threats).

Despite these dramatic numbers, the report highlights some good news. PandaLabs discovered that the speed at which the number of new threats is growing has actually decreased when compared to 2009. Every year since 2003, new threats grew by at least 100 percent every year, but in 2010, the increase was approximately 50 percent.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. In addition, a fairly recent newcomer to the malware landscape, rogueware (fake antivirus software) already comprised 11.6  of all the malware gathered in the Collective Intelligence database, and has become a category, that despite appearing only four years ago, has created great havoc among users. For a visual representation of the breakdown of malware categories, please visit:

The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers (data gathered from the free scanning tool Panda ActiveScan in 2010). To see a graph of how other countries ranked, please visit:

2010 witnessed hackers exploit social media, the positioning of fake websites (BlackHat SEO techniques) and zero-day vulnerabilities as its primary methods of infection. Spam also kept its position as one of the main threats in 2010, despite the fact that the dismantling of certain botnets (like the famous Operation Mariposa or Bredolab) prevented many computers from being used as zombies to send spam. This created a positive effect in spam traffic worldwide. Last year, approximately 95 percent of all email traffic globally was spam, but this dropped to an average of 85 percent in 2010.

2010: Cyber-crime, Cyber-war and Cyber-activism

2010 was truly the year of cyber-crime, cyber-war and cyber-activism. Although cyber-crime has existed for many years, cyber-war became a much more active and aggressive part of the malware landscape. The most notorious was Stuxnet, a new worm that targeted nuclear power plants and managed to infect the Bushehr plant, as confirmed by the Iranian authorities. Simultaneously, a new worm appeared called “Here you have,” that was created by a terrorist organization known as “Brigades of Tariq ibn Ziyad.” According to this group, their intention was to remind the United States of the 9/11 attacks and call for respect for the Islamic religion as a response to Pastor Terry Jones’ threat of burning the Quran.

And even though some aspects are still to be clarified, Operation Aurora was also in the spotlight. The attack, allegedly launched from China, targeted employees of large multinationals by installing a Trojan on their PCs that could access all their confidential information.

2010 also witnessed the emergence of new phenomenon called cyber-protests or hacktivism. This phenomenon, made famous by the Anonymous group, is not actually new, but grabbed the headlines in 2010 for the coordinated DDoS attacks launched on copyright societies and their defense of WikiLeaks’ founder Julian Assange.

Social Networks in the Spotlight

Besides offering information about the main security holes in Windows and Mac, the 2010 Annual Security Report also covers the most important security incidents affecting the most popular social networking sites. Facebook and Twitter were the most affected, but there were also attacks on other sites including LinkedIn and Fotolog. There were several techniques used for tricking users on these sites, such as hijacking Facebook’s “Like” button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run Javascript code and distributing fake apps that redirect users to infected sites.

The full report is available at Visit the PandaLabs blog for more information about these and other threats.

Source:[Panda Security]