1 Cyber criminals are mass producing attack techniques, says Verizon

A recent post on The Inquirer had me facepalming pretty hard. According to Verizon cyber criminals are focusing on attacking small and medium sized businesses using automated scripts that exploit vulnerabilities in the same exact way every time. No shit, sherlock…

Using automated “scan & pwn” styled scripts is nothing new; people have been using them since the dawn of friggen time. It started with just supplying google dorks with your vulnerabilities and led to completely automated tools such as Mass Defacers and the like. Currently we have tools such as Metasploit which interface with nmap scans to help automate the attacking of network services and even some of the more popular web applications. Why then is Verizon acting like this is something new when these are the same exact attacks we have been seeing for years? Is Verizon behind the times? The recent infographic released by Verizon (link here: https://s3.amazonaws.com/infographics/Worst-IT-Security-Breaches-800.png ) was supposed to give insight into the attacks Verizon was recently seeing. After reading this post about Verizon just catching up with the “scan & pwn” styled attacks makes me wonder just how skewed this infographic really is and if it is even a reputable source.