27 April 2017
Find out more

Hackers steal 285m electronic records in 2008 - Verizon

15 April 2009  |  12561 views  |  0 biometric  eye

Hackers stole 285 million electronic records in 2008, more than in the previous four years combined, with the vast majority of breaches targeting the financial services industry, according to a study from Verizon.

Lat year Verizon investigated 90 breaches with 285 million records stolen, of which 93% were accounted for by the financial sector. The industry also accounted for 30% of the breaches - double its share for 2007.

Verizon says the increase reflects the recent trends in cybercriminal activity, especially the focus on acquiring PIN numbers to sell on the black market.

Organised crime was responsible for nine in 10 breaches, with an explosion of attacks targeting PIN data, which Verizon says hit the consumer much harder than typical signature-based counterfeit attacks.

The higher monetary value commanded by PIN data has spawned a cycle of innovation in attack methodologies, with criminals re-engineering their processes and developed new tools, such as memory-scraping malware, to steal this valuable data.

Peter Tippett, VP, research and intelligence, Verizon Business Security Solutions, says: "The financial services firms were singled out and fell victim to some very determined, very sophisticated and, unfortunately, very successful attacks in 2008."

The firm says highly sophisticated attacks account for only 17% of breaches yet these relatively few cases accounted for 95% of the total records breached, proving that motivated hackers know where and what to target.

Most breaches - 64% - were attributed to hackers who used a combination of methods. In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data.

Despite widespread concern over desktops, mobile devices and portable media, 99% of all breached records were compromised from servers and applications.

Verizon says its experts also found that nearly 90% of breaches were considered avoidable if security basics had been followed, with mistakes and oversight failures hindering efforts more than a lack of resources.

Most data breaches - 74% - investigated were caused by external sources, while 32% were linked to business partners and only 20% were caused by insiders. Eastern Europe, East Asia and North America accounted for 82% of all external attacks.

The data also highlights the importance of PCI-DSS compliance, with 81% of affected organisations subject to the standards having been found non-compliant prior to being breached.

Says Tippett: "This report clearly shows it's not about clever or complex security protection measures. It really boils down to ensuring the basics are met from planning to implementation to monitoring of the data."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Booming underground economy fuels online threats

Booming underground economy fuels online threats

14 April 2009  |  9314 views  |  0 comments
Israeli hacker suspected of $10m theft

Israeli hacker suspected of $10m theft

26 March 2009  |  8222 views  |  0 comments
US financial institutions hit by 78 reported data breaches last year

US financial institutions hit by 78 reported data breaches last year

15 January 2009  |  9503 views  |  0 comments
TJX breach suspect jailed in Turkey over bank hacks

TJX breach suspect jailed in Turkey over bank hacks

09 January 2009  |  6247 views  |  0 comments
CheckFree warns five million customers of hack attack

CheckFree warns five million customers of hack attack

07 January 2009  |  9443 views  |  0 comments
CheckFree Web site hijacked by Eastern European criminals

CheckFree Web site hijacked by Eastern European criminals

04 December 2008  |  12141 views  |  0 comments
Cybercriminals tap $8 billion underground credit line

Cybercriminals tap $8 billion underground credit line

24 November 2008  |  8665 views  |  0 comments
World Bank under siege from hackers

World Bank under siege from hackers

14 October 2008  |  6720 views  |  0 comments
Wells Fargo hit by data breach

Wells Fargo hit by data breach

12 August 2008  |  15633 views  |  0 comments
US authorities bust card hacking gang in biggest ever ID fraud case

US authorities bust card hacking gang in biggest ever ID fraud case

06 August 2008  |  12313 views  |  0 comments
TJX card fraud gang leader jailed

TJX card fraud gang leader jailed

18 September 2007  |  7743 views  |  0 comments
TJX hack is biggest ever with 45.7 million card numbers stolen

TJX hack is biggest ever with 45.7 million card numbers stolen

29 March 2007  |  14226 views  |  1 comments

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comvisit vasco.com/news/PSD2-compliant-solutionsvisit dh.com

Top topics

Most viewed Most shared
hands typing furiouslyBitcoin ETF Bites the Dust, Needs More Sec...
15119 views 0 | 7 tweets | 7 linkedin
BBVA runs live funds transfers over RippleBBVA runs live funds transfers over Ripple
11976 views comments | 32 tweets | 20 linkedin
Coinbase plans Ethereum messaging appCoinbase plans Ethereum messaging app
9154 views comments | 14 tweets | 15 linkedin
EC plans blockchain 'observatory'EC plans blockchain 'observatory'
8527 views comments | 9 tweets | 16 linkedin
Plastc goes into meltdownPlastc goes into meltdown
7235 views comments | 12 tweets | 7 linkedin

Featured job

to 120K base, £300K ote, stock options
London, UK

Find your next job