Slick Willie Meets the Dark Shadow


What do the Slick Willie, the Boss Hogg, the Bad Tuna and the Dark Shadow have in common with the Snake Bite, the Rabbit Hole, the Alley Cat and the Catch-22? How does the Flea Flicker work? Can you patch the Leaky Boot? The answers to these questions can be found in the latest Data Breach Digest from Verizon. Each year, Verizon reports on cyber investigations conducted on behalf of hundreds of commercial enterprises and government agencies across the globe. The report offers insights about the threat actors behind the attacks, the methods they use, the data they seek, and the victims they target. It’s an unnerving and compelling read.

The colorfully named Slick Willie and Boss Hogg are two of 18 data breach scenarios Verizon chose to include in the report based on their prevalence and/or lethality. Reading them offers a great illustration of how breaches actually work. For example, take this case study of corporate espionage which Verizon dubbed the Hyper Click. Verizon says a customer contacted them because a primary competitor located on another continent had introduced a new piece of large construction equipment that looked like an exact copy of a model recently developed by the customer. Verizon’s investigation determined that design blueprints had been stolen, and that the likely perpetrators were a Chinese hacking group long suspected of being state funded. Intelligence suggested the attackers had performed similar attacks and provided the stolen intellectual property to Chinese companies that were state owned, operated, or supported.

How, exactly, did the theft happen? From the report: “The threat actors had done their homework, as they identified the one key employee who would likely have access to the data they wanted—the chief design engineer for the project. The threat actors then established contact with the engineer through a LinkedIn profile under the guise of a recruiter with attractive employment positions, and began sending emails containing fictitious employment opportunities. One of those emails contained an attachment that had a malware file embedded in the document.” The engineer was looking for a job, opened that attachment, and the rest is history.

If you have responsibility for contributing to cybersecurity at your firm, I urge you to read the Verizon report. As Verizon points out, a small number of breach scenarios comprise the vast majority of incidents they investigate. Their data suggest that over the past three years, 12 scenarios account for over 60 percent of their investigations. If you don’t want to be victimized by Bad Tuna or caught in a Catch-22, assess your security in light of the 18 scenarios, and adjust as necessary.

By Tom Davis, SDI Cyber Risk Practice
March 15, 2016