The latest in the Data Breach Investigations Report series

The latest in the Data Breach Investigations Report series by Verizon Business security experts provides enterprises with an unprecedented look at the 15 most common security attacks and how they typically unfold.In the "2009 Supplemental Data Breach Investigations Report: An Anatomy of a Data Breach," Verizon Business security experts tap the company's detailed investigative records to identify, rank and profile the most common attacks. For each type of attack, the report provides real-world scenarios, the warning signs, how the attack is orchestrated, how attackers got in, what information they took, what assets the attackers targeted, what industries are commonly affected, and what countermeasures are effective. In total, the report details nearly 150 ways to detect and combat security threats.This latest installment in Verizon's data breach study series is based on the "2009 Verizon Business Data Breach Investigations Report," issued in April. That landmark study analyzed more than 90 forensic investigations involving 285 million compromised records.This supplemental report seeks to address the thousands of inquiries we've received from companies around the world wanting a more detailed explanation of attacks, as well as requests for additional recommendations for deterring, preventing and detecting breaches," said Dr. Peter Tippett, vice president of technology and innovation, Verizon Business. "This follow-up analysis is aimed at helping organizations better safeguard their organizations by understanding the anatomy of a data breach and how cybercriminals workThe 2009 Verizon Business Supplemental Data Breach Report identified and ranked by frequency the following top 15 types of attacks:1. Keylogging and spyware: Malware specifically designed to covertlycollect, monitor and log the actions of a system user.2. Backdoor or command/control: Tools that provide remote access to orcontrol of infected systems, or both, and are designed to run covertly.3. SQL injection: An attack technique used to exploit how Web pagescommunicate with back-end databases.4. Abuse of system access/privileges: Deliberate and malicious abuse ofresources, access or privileges granted to an individual by anorganization.5. Unauthorized access via default credentials: Instances in which anattacker gains access to a system or device protected by standard preset(widely known) user names and passwords.6. Violation of acceptable use and other policies: Accidental or purposefuldisregard of acceptable use policies.7. Unauthorized access via weak or misconfigured access control lists When ACLs are weak or misconfigured, attackers can accessresources and perform actions not intended by the victim.Verizon Business, a unit of Verizon Communications (NYSE: VZ), is a global leader in communications and IT solutions. We combine professional expertise with one of the world's most connected IP networks to deliver award-winning communications, IT, information security and network solutions. We securely connect today's extended enterprises of widespread and mobile customers, partners, suppliers and employees - enabling them to increase productivity and efficiency and help preserve the environment. Many of the world's largest businesses and governments - including 96 percent of the Fortune 1000 and thousands of government agencies and educational institutions - rely on our professional and managed services and network technologies to accelerate their business. Find out more URMINIRM55.BLOGSPOT.COM.VERIZON'S ONLINE NEWS CENTER: Verizon news releases, executive speeches and biographies, media contacts, high-quality video and images, and other information are available at Verizon's News Center on the World Wide Web at www.verizon.com/news. To receive news releases by e-mail, visit the News Center and register for customized automatic delivery of Verizon news releases.