Verizon: Organized crime behind data breaches

Of the 285 million records compromised in the 90 confirmed network breaches Networx vendor Verizon examined last year, 91 percent were linked to organized crime. And only a third were publicly disclosed.

With increasing supply and falling prices, criminals have had to overhaul their processes and differentiate their products to maintain profitability, the report states. Their method: Target points of data concentration or aggregation to get the most valuable information.

“The big money is now in stealing personal identification number information, together with associated credit and debit accounts,” the report states.

In the "2009 Data Breach Investigations Report" released April 15, the Verizon Business Risk Team based its results on evidence the company collected during data breach investigations from 2004 to 2008, with 2008 events forming the primary analytical focus.

Although financial organizations were the biggest targets, 13 percent of the team’s caseload were companies that had recently been merged or acquired. “Mergers and acquisitions bring together not only the people and products of once separate organizations, but their technology environments as well,” the report states. “Integration rarely happens overnight or without a hitch. Technology standards are sometimes set aside for the sake of business expediency.”

The report also quashed the widely held belief that insiders perform most hacks: 74 percent of the breaches were from external sources, such as organized crime and government entities.

However, hackers were greatly aided in their activities by the victims, with 67 percent of breaches resulting from someone taking advantage of a vulnerability to hack into a network and install malware to collect data.

More than 80 percent of attacks occurred in Eastern Europe, East Asia and North America, the report states. “Though it’s tempting to pander to hype surrounding state-sponsored attacks from Asia, we find no evidence to support the position that governments are a significant source of cyber crime,” Risk Team members wrote. However, evidence is strong that malicious activity in Eastern Europe is the work of organized crime, they added.

The Verizon team “regularly interacts with governmental agencies and law enforcement personnel from around the world to transition case evidence and set the stage for prosecution,” the report states.

Tips to protect your data:

  • Ensure the essential controls are met.
  • Find, track and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review Web applications.

About the Author

Sami Lais is a special contributor to Washington Technology.

Featured

  • Cybersecurity
    malware detection (Alexander Yakimov/Shutterstock.com)

    Microsoft targets copycat influence websites

    Microsoft went to court to take down websites it believes to be part of a foreign intelligence operation targeting conservative think tanks and the U.S. Senate.

  • Cybersecurity
    secure network

    FAA explores shifting its network to FISMA high

    The Federal Aviation Administration is exploring an upgrade to the information security categorization of IT systems as part of air traffic control modernization.

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.