This new trend contrasts sharply with the data breach pattern of the past several years, during which the majority of attacks were carried out by cybercriminals, whose primary motivation was financial gain, according to the 'Verizon 2012 Data Breach Investigations Report'.
The 2012 report examined 855 data breaches involving 174 million stolen records in 2011, the second-highest data loss that Verizon has seen since it began collecting data in 2004. This compares with only 4 million records stolen in 2010.
“Hacktivists accounted for 58% of the records stolen; this is an enormous quantity”, noted Jay Jacobs, a principal on the Verizon RISK Intelligence Team. At the same time, hacktivists only accounted for 2% in terms of the number of data breaches, he told Infosecurity.
External agents remain largely responsible for data breaches, with 98% of them attributable to outsiders. This group includes organized crime, activist groups, former employees, lone hackers, and foreign governments.
“It is not so much that there has been a decline in insiders but we are seeing a huge increase in external agents”, Jacobs explained, adding that there have been more frequent financially motivated attacks against small and medium-sized businesses because they are “softer targets.” This trend has led to an increase in the number of external attacks, as cybercriminals launch more attacks against smaller targets.
Verizon added three new partners to its data collection effort: the Australian Federal Police, the Irish Reporting and Information Security Service, and the Police Central e-Crime Unit of the London Metropolitan Police. Verizon had teamed with the US Secret Service and Dutch National High Tech Crime Unit for previous reports.
In terms of attack methods, hacking and malware have continued to increase. Hacking was a factor in 81% of data breaches and in 99% of data lost in 2011. Malware also played a large part in data breaches; it appeared in 69% of breaches and 95% of compromised records.
Hacking and malware are favored by external attackers, as these attack methods allow them to attack multiple victims at the same time from remote locations. Many hacking and malware tools are designed to be easy for criminals to use, the report found.
Additionally, the compromise-to-discovery timeline for breached organizations continues to be measured in months and even years, as opposed to hours and days. “From the initial compromise to discovery, 54% of the breaches took months, 2% took years. We are seeing a very long delay in compromise to discovery”, Jacobs said.
A full 92% of breaches were detected by a third party, usually law enforcement, who then notified the breached organization, according to the report.
Seventy-nine percent of attacks represented in the report were opportunistic. Of all attacks, 96% were not highly difficult. Additionally, 97% were avoidable, without the need for organizations to resort to expensive countermeasures.
The report findings reinforced the international nature of cybercrime. Breaches originated from 36 countries around the globe, an increase from 22 countries the year prior. Nearly 70% of breaches originated in Eastern Europe, with less than 25% originating in North America.