'Hacktivists' steal more than 100M online records in 2011, says Verizon
More than half of all 2011 data thefts traced to 'hactivism,' Verizon finds in latest data breach study
IDG News Service - More than half of data stolen from companies in 2011 was a result of hacktivist actions, even though the majority of data breaches were still caused by financially motivated cybercriminals, Verizon said in its 2012 Data Breach Investigations Report released on Thursday.
The report spans 855 data breach incidents investigated by the company and several law enforcement agencies -- the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service and the Police Central e-Crime Unit of the London Metropolitan Police. These incidents resulted in a total of 174 million compromised records, the second-highest volume of compromised records since Verizon began compiling data breach statistics in 2004.
Up to 98 percent of data breach incidents covered by the new report were caused by external agents and the vast majority of them, 83 percent, were organized criminal groups.
Hacktivists were responsible for only 3 percent of data breaches. However, they had the biggest impact in terms of compromised records, over 100 million of the total of 174 million.
One explanation is that financially motivated cybercriminals tend to target small and medium-size organizations and are looking for particular types of data, while hacktivists primarily target large organizations and grab anything they can get their hands on, from customer records to internal emails, said Bryan Sartin, vice president of the Verizon Research Investigations Solutions Knowledge (RISK) team.
A decrease in the sophistication of attacks launched by financially motivated cybercriminals has also been observed, most of them becoming repetitive in nature, Sartin said.
Meanwhile, hacktivists are more unpredictable. They employ more-sophisticated techniques like DNS tunneling and use diversionary tactics, such as distributed denial-of-service (DDoS) attacks. "There's a different landscape for hacktivism, that's for sure," Sartin said.
The data breach expert is "cautiously pessimistic" about hacktivist attacks decreasing in number or impact in 2012, despite the multiple hacktivism-related arrests made by law enforcement agencies worldwide in recent months.
The origin of external attacks is different depending on the size of the targeted organizations. In 67 percent of cases for the entire set of data breaches, the origin was Eastern Europe.
However, when looking only at large organizations with over 1,000 employees, the percentage was much lower -- 27 percent. In 47 percent of cases, external attacks against such organizations originated from North America.
Out of the 885 incidents included in the report, 81 percent included some form of hacking and 69 percent included malware activity; 61 percent included a combination of both.
In the vast majority of cases that involved malware the remote attackers installed it after they obtained unauthorized access to the organization's network or systems. The most prevalent type of malware used in these attacks falls into the spyware category and includes keyloggers and Web form grabbers.
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Cybercrime and Hacking White Papers | Webcasts