Hacktivism accounted for 58 percent of data stolen in 2011 through breaches of computer networks, outpacing theft by cyber criminals who dominated data breaches the previous few years, according to a new report by the telecommunications company Verizon [VZN].
However, as has been the case in the past, the vast majority of the attacks are aimed at personal or financial gain, says the annual report, 2012 Data Breach Investigations Report.
“One may wonder why it is they do what they do (we surely do, and that’s why we started tracking more about motives last year), the answer is pretty straightforward–they do it for the money (96 percent),” the report says. Personally identifiable information, such as a person’s name, contact information or social security number, is increasingly becoming a choice target with 95 percent of records lost last year including personal information versus 1 percent in 2010.
Hacktivists accounted for a small number of the actual data breaches, just 2 percent of breaches against all organizations and 21 percent against larger organizations, yet accounted for most of the stolen records, the report says. On the other hand, organized criminal groups accounted for 83 percent of the breaches against all organizations and 33 percent of the breaches against larger organizations yet only accounted for 35 percent of the data stolen last year.
The report says that the number of cases involving activist groups in 2011 exceeded the combined numbers in all previous years.
“Why the disparity between the total records stolen by professional cybercriminals versus activist groups?” the report says. “Looking through the case data, it is apparent that money-driven crooks continue to focus more on opportunistic attacks against weaker targets…Instead of major (and risky) heists, they pilfer smaller hauls of data from a multitude of smaller organizations that present a lower risk to the attacker.”
The report notes that hacktivists obtained most of their stolen records from larger organizations.
Data breaches conducted by unknown groups or persons accounted for 10 percent of the total breaches, but just 1 percent of stolen records, while unaffiliated persons accounted for 4 percent of breaches, but zero percent of data stolen.
Most data breaches, 98 percent, were carried out by external agents, that is, people and groups from outside an organization, the report says. These breaches also accounted for 99 percent of the stolen records.
The report also attempts to examine the geographic origin of the external attacks despite noting that doing so based on an Internet Protocol (IP) address is “problematic” because a botnet or another “hop” can be used to mask the true origin of an agent. Still, the report plunges in, saying that 67 percent of attacks last year originated in Eastern Europe, including Russia and Turkey, followed by North America with 20 percent and Western Europe with 4 percent.
As for the industry groups bearing the brunt of data breaches, the hotel and food services organizations made up 54 percent of the total with retail businesses a distant second at 20 percent, the report says. The finance and insurance industries were hit with 10 percent of the breaches while the health care and social assistance industries accounted for 7 percent.
However, while these various industries account for almost all of the data breaches, the picture is different when it comes to actual data stolen. The information industry, which accounts for 3 percent of data breaches, accounts for 52 percent of stolen records. And manufacturing, which is lumped into the “other” category that accounts for 6 percent of breaches, is responsible for 45 percent of stolen data.
Almost all data breaches included some form of hacking, 81 percent, and almost as many, 69 percent, involved malware. The uses of both hacking and malware were up over 2010.
The report also says that organizations still haven’t learned what they need to do to prevent data breaches. It says targets are still more of opportunity than of choice, because “Most victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack.”
The report says that 96 percent of attacks “were not highly difficult,” a four percent jump from 2010. Of the discovered attacks, 92 percent were found by a third party, up 6 percent from a year ago.
Unfortunately, there is quite a lag between a breach and discovery.
“Third parties usually clue them in, and, unfortunately, that typically happens weeks or months down the road,” it says.