Cybercrime: Are mobsters planting hackers in big companies?

That is just one finding of a cybercrime report by Verizon released this week. While cybercrime fell in 2009, the report noted that hackers are getting better at what they do.

Don Jackson, director of intelligence at SecureWorks, enters the security operations center of his company, which manages security information systems for corporations world wide. Analysts at the company worked on the investigation into last year's cyberattack that took down websites in the US and South Korea. High-level cyberattacks are an increasing concern, a new report says.

John Amis/AP

July 30, 2010

After elite hacker Albert Gonzalez was arrested in 2009 and later convicted of stealing data of some 170 million credit cards, an interesting thing happened: The number of cyberattacks on retail stores fell noticeably.

"The prosecution of Albert Gonzalez was a major event in 2009," said a Verizon report released July 28. "He and his accomplices were responsible for some of the largest data breaches ever reported. Taking them off the streets, so to speak, may have caused a temporary (but we can hope for permanent) dip in breaches."

The degree to which one individual can impact cybercrime was only one conclusion of the report.

Unlike some other cyberstudies, which are based on surveys, Verizon's annual cyberattack report analyzes more than 900 actual cases and 900 million stolen records over the past six years. That data set now includes US Secret Service cases added to the report this year. The richness of the data makes the Verizon report particularly closely watched within the industry.

Among the report's other findings:

A shift in targets

Financial services was the most-attacked industry, tallying 33 percent of the data breaches in the study. Hospitality – restaurants and hotels – came in second with 23 percent. Meanwhile, the retail industry, which led in cyberdata breaches in 2007 and 2008, fell to 14 percent in 2009.

Rising use of malware

Hacking and malware use for data attacks were up sharply in 2009. Malware is software developed to harm or remove data without an owner’s consent. Malware was used in 38 percent of cases and accounted for 94 percent of all data lost.

About half of that malware was installed by a remote attacker, 19 percent was automatically installed by malicious websites, 9 percent was unwittingly installed by users clicking on fake software come-ons like "click to clean your system."

Hackers getting better

Criminals are becoming "more proficient and prolific" in developing novel methods to steal data. Some 97 percent of the 140 million records were stolen using "customized malware" written specifically to attack a certain type of company software.

At least some of that custom-style attack involves "zero-day" malware, which antivirus programs are ineffective in detecting because it has never before been identified.

"Over the last two years, custom-created code was more prevalent and far more damaging than lesser forms of customization," the report said. "The attackers seem to be improving in all areas: getting it on the system, making it do what they want, remaining undetected, continually adapting and evolving, and scoring big for all the above."

Inside jobs

Organized crime groups increasingly "recruit, or even place, insiders in a position to embezzle or skim monetary assets and data, usually in return for some cut of the score," the study found. "The smaller end of these schemes often target cashiers at retail and hospitality establishments while the upper end are more prone to involve bank employees and the like."

More sophisticated attacks

The level of difficulty or technical sophistication of attacks increased last year, the report authors wrote. More than half of data breaches from 2004-2008 had “none” or “low” difficulty ratings. But the "scales tipped" last year with 60 percent now rated “moderate” or “high.”

This raises concerns about the "advanced persistent threat," or APT, in which deep-pocketed, highly sophisticated elite attackers steal proprietary data by gaining entry to corporate systems like those of Google or US oil companies.

What was stolen?

Payment-card data were the target of 54 percent of the attacks and accounted for 83 percent of the records stolen. That's compared with personal information: 38 percent of the attacks and 4 percent of records stolen. After that is bank account data, passwords, money, organization data, intellectual property, and national-security data.

Overall, last year's investigations found 143 million stolen records, down from 360 million the year before.

The 143 million represented "the third-highest year in the scope of this study," the study found. "Not exactly a successful year for the defenders, but we’d be happy if the 50 percent drop continued over the next few years."

Related: