Verizon: Organized crime behind data breaches

Of the 285 million records compromised in the 90 confirmed network breaches Networx vendor Verizon examined last year, 91 percent were linked to organized crime. And only a third were publicly disclosed.

With increasing supply and falling prices, criminals have had to overhaul their processes and differentiate their products to maintain profitability, the report states. Their method: Target points of data concentration or aggregation to get the most valuable information.

“The big money is now in stealing personal identification number information, together with associated credit and debit accounts,” the report states.

In the 2009 Data Breach Investigations Report" released April 15, the Verizon Business Risk Team based its results on evidence the company collected during data breach investigations from 2004 to 2008, with 2008 events forming the primary analytical focus.

Although financial organizations were the biggest targets, 13 percent of the team’s caseload were companies that had recently been merged or acquired. “Mergers and acquisitions bring together not only the people and products of once separate organizations, but their technology environments as well,” the report states. “Integration rarely happens overnight or without a hitch. Technology standards are sometimes set aside for the sake of business expediency.”

The report also quashed the widely held belief that insiders perform most hacks: 74 percent of the breaches were from external sources, such as organized crime and government entities.

However, hackers were greatly aided in their activities by the victims, with 67 percent of breaches resulting from someone taking advantage of a vulnerability to hack into a network and install malware to collect data.

More than 80 percent of attacks occurred in Eastern Europe, East Asia and North America, the report states. “Though it’s tempting to pander to hype surrounding state-sponsored attacks from Asia, we find no evidence to support the position that governments are a significant source of cyber crime,” Risk Team members wrote. However, evidence is strong that malicious activity in Eastern Europe is the work of organized crime, they added.

The Verizon team “regularly interacts with governmental agencies and law enforcement personnel from around the world to transition case evidence and set the stage for prosecution,” the report states.

5 tips to protect your data

• Ensure the essential controls are met.
• Find, track and assess data.
• Collect and monitor event logs.
• Audit user accounts and credentials.
• Test and review Web applications.

Source: 2009 Data Breach Investigations Report