A recently released report by Verizon shows that the large majority of stolen information in 2011 was due to hacktivist groups not cybercriminals. Just two years ago the opposite was true, cybercriminal groups were behind record breaking data breaches resulting in large numbers of stolen customer records.
Verizon’s 2012 Data Breach Investigations Report (.pdf) details the 174 million stolen records the company tracked in 2o11. That report indicates that 100 million of the 174 were stolen by hacktivist groups, not cybercriminals.
The report also indicates that hackers have gotten much more adventurous with their attacks. Instead of simply performing DDoS attacks to bring down websites these groups are moving into large scale data stealing operations. Hacks of defense contractors like HBGary and subsequently releasing information from those hacks demonstrates how much more aggressive these groups have gotten.
According to the operators of the Verizon report,
“Many, troubled by the shadowy nature of its origins and proclivity to embarrass victims, found this trend more frightening than other threats, whether real or imagined. Doubly concerning for many organizations and executives was that target selection by these groups didn’t follow the logical lines of who has money and/or valuable information. Enemies are even scarier when you can’t predict their behavior.”
It is worth noting that these hacktivist groups do tend to target very large scale organizations that hold a great deal of data where cybercriminals have a tendency to target smaller business, like restaurants, in order to steal credit card information or customer records. That difference could account for the discrepancy in the amount of data stolen between the two groups.
Also interesting from the report is that most of the breaches Verizon tracked were attacks of opportunity. The hackers were exploiting an opening that already existed instead of targeting specific companies or businesses. A total of 96 percent of the attacks tracked were easy to pull off which means companies could avoid these attacks if they put sufficient security in place.
It will be interesting to read Verizon's follow up report next year to see if the upward trend in hacktivists vs. cybercriminals continues. Will hacktivists continue to grab large amounts of sensitive information and put it out on the web in protest of what companies support or will cybercriminals start getting more clever and aggressive and attack larger and larger businesses?
