Cybercrime rings are responsible for many of the most successful security breaches last year, according to a report by forensic investigators for Verizon Business.
The report, which draws on metrics from 150 cases investigated last year by the forensic team, revealed that a staggering 91% of all compromised records were a result of activity by organised criminal groups.
The most ‘successful’ of these attacks were highly difficult attacks targeted against financial institutions, netting the cybercriminals 93% of the 285 million compromised records tracked by the team.
“That’s compared to a total of 230 million records compromised over the previous four years,” says Verizon’s forensics manager, Matthijs van der Wel.
The Verizon report also found that ‘highly difficult’ attacks – approximately 17% across the firm’s caseload – were responsible for netting 95% of the stolen data.
“The malware used in very difficult attacks is not typical. It is custom created and does things we previously only theorised about, like PIN block attacks (breaking the encryption used by banks to secure consumer PINs). We’re seeing these in real life right now,” says van der Wel.
22% of attacks originated from Eastern Europe while 18% came from East Asia. “We do have a great deal of evidence that malicious activity from Eastern Europe is the work of organised crime,” the report notes.
“In most cases, the immediate need is in containing the breach rather than rooting out the entities responsible, [although] we are happy to report that these efforts with law enforcement led to arrests in at least 15 cases (and counting) in 2008.”
The report also found fears of rogue employees stealing data – the so-called ‘insider’ threat – are generally overplayed.
“Results from 600 incidents over five years make a strong case against the long-abiding and deeply held belief that insiders are behind most breaches,” the report notes.
74% of breaches contained an external element and 32% involve partners (so-called ‘partial insider’ attacks’) but “only about 11% of all breaches were committed by an insider acting alone. The remainder of the breaches tied to insiders mostly involved employees as unwitting participants in the crime through errors and policy violations.”