Cybercrime: Are mobsters planting hackers in big companies?
That is just one finding of a cybercrime report by Verizon released this week. While cybercrime fell in 2009, the report noted that hackers are getting better at what they do.
After elite hacker Albert Gonzalez was arrested in 2009 and later convicted of stealing data of some 170 million credit cards, an interesting thing happened: The number of cyberattacks on retail stores fell noticeably.Skip to next paragraph
Subscribe Today to the Monitor
"The prosecution of Albert Gonzalez was a major event in 2009," said a Verizon report released July 28. "He and his accomplices were responsible for some of the largest data breaches ever reported. Taking them off the streets, so to speak, may have caused a temporary (but we can hope for permanent) dip in breaches."
The degree to which one individual can impact cybercrime was only one conclusion of the report.
Unlike some other cyberstudies, which are based on surveys, Verizon's annual cyberattack report analyzes more than 900 actual cases and 900 million stolen records over the past six years. That data set now includes US Secret Service cases added to the report this year. The richness of the data makes the Verizon report particularly closely watched within the industry.
Among the report's other findings:
A shift in targets
Financial services was the most-attacked industry, tallying 33 percent of the data breaches in the study. Hospitality – restaurants and hotels – came in second with 23 percent. Meanwhile, the retail industry, which led in cyberdata breaches in 2007 and 2008, fell to 14 percent in 2009.
Rising use of malware
Hacking and malware use for data attacks were up sharply in 2009. Malware is software developed to harm or remove data without an owner’s consent. Malware was used in 38 percent of cases and accounted for 94 percent of all data lost.
About half of that malware was installed by a remote attacker, 19 percent was automatically installed by malicious websites, 9 percent was unwittingly installed by users clicking on fake software come-ons like "click to clean your system."
Hackers getting better
Criminals are becoming "more proficient and prolific" in developing novel methods to steal data. Some 97 percent of the 140 million records were stolen using "customized malware" written specifically to attack a certain type of company software.
At least some of that custom-style attack involves "zero-day" malware, which antivirus programs are ineffective in detecting because it has never before been identified.
"Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization," the report said. "The attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above."