Cybercrime: Are mobsters planting hackers in big companies?

Inside jobs

Organized crime groups increasingly "recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score," the study found. "The smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like."

More sophisticated attacks

The level of difficulty or technical sophistication of attacks increased last year, the report authors wrote. More than half of data breaches from 2004-2008 had “none” or “low” difficulty ratings. But the "scales tipped" last year with 60 percent now rated “moderate” or “high.”

This raises concerns about the "advanced persistent threat," or APT, in which deep-pocketed, highly sophisticated elite attackers steal proprietary data by gaining entry to corporate systems like those of Google or US oil companies.

What was stolen?

Payment-card data were the target of 54 percent of the attacks and accounted for 83 percent of the records stolen. That's compared with personal information: 38 percent of the attacks and 4 percent of records stolen. After that is bank account data, passwords, money, organization data, intellectual property, and national-security data.

Overall, last year's investigations found 143 million stolen records, down from 360 million the year before.

The 143 million represented "the third-highest year in the scope of this study," the study found. "Not exactly a successful year for the defenders, but we’d be happy if the 50 percent drop continued over the next few years."

Related:

• Google cyber attacks a 'wake-up' call for US, intel chief says
• US oil industry hit by cyberattacks: Was China involved?
• Stuxnet spyware targets industrial facilities, via USB memory stick

Previous

1 | 2