Hackers steal 285m electronic records in 2008 - Verizon
15 April 2009 | 12561 views | 0
Hackers stole 285 million electronic records in 2008, more than in the previous four years combined, with the vast majority of breaches targeting the financial services industry, according to a study from Verizon.
Lat year Verizon investigated 90 breaches with 285 million records stolen, of which 93% were accounted for by the financial sector. The industry also accounted for 30% of the breaches - double its share for 2007.
Verizon says the increase reflects the recent trends in cybercriminal activity, especially the focus on acquiring PIN numbers to sell on the black market.
Organised crime was responsible for nine in 10 breaches, with an explosion of attacks targeting PIN data, which Verizon says hit the consumer much harder than typical signature-based counterfeit attacks.
The higher monetary value commanded by PIN data has spawned a cycle of innovation in attack methodologies, with criminals re-engineering their processes and developed new tools, such as memory-scraping malware, to steal this valuable data.
Peter Tippett, VP, research and intelligence, Verizon Business Security Solutions, says: "The financial services firms were singled out and fell victim to some very determined, very sophisticated and, unfortunately, very successful attacks in 2008."
The firm says highly sophisticated attacks account for only 17% of breaches yet these relatively few cases accounted for 95% of the total records breached, proving that motivated hackers know where and what to target.
Most breaches - 64% - were attributed to hackers who used a combination of methods. In most successful breaches, the attacker exploited some mistake committed by the victim, hacked into the network, and installed malware on a system to collect data.
Despite widespread concern over desktops, mobile devices and portable media, 99% of all breached records were compromised from servers and applications.
Verizon says its experts also found that nearly 90% of breaches were considered avoidable if security basics had been followed, with mistakes and oversight failures hindering efforts more than a lack of resources.
Most data breaches - 74% - investigated were caused by external sources, while 32% were linked to business partners and only 20% were caused by insiders. Eastern Europe, East Asia and North America accounted for 82% of all external attacks.
The data also highlights the importance of PCI-DSS compliance, with 81% of affected organisations subject to the standards having been found non-compliant prior to being breached.
Says Tippett: "This report clearly shows it's not about clever or complex security protection measures. It really boils down to ensuring the basics are met from planning to implementation to monitoring of the data."