Anonymous Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide

  /     /     /  
Publicated : 22/11/2024   Category : security


Anonymous Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide


New Verizon Data Breach Intelligence Report finds 58 percent of all data stolen was the result of hacktivist attacks -- but, overall, traditional cybercriminals executed the largest number of actual breaches



Turns out the minority of attackers last year -- namely Anonymous -- wreaked the most damage when it came to data breaches worldwide, accounting for more than half of all compromised records, according to the newly published 2012 Verizon Data Breach Intelligence Report (DBIR).
Its no surprise that hacktivism played a major role in this years report: The Anonymous hacking collective last year targeted multiple high-profile targets, including Sony, Fox, PBS, HBGary Federal, and multiple law enforcement agencies. But the Verizon report for the first time quantifies the data exposure as a result of the hacktivist-driven attacks. This years report encompasses 855 data breaches and 174 million stolen data records, including breach data from Verizon, the U.S. Secret Service, the Dutch National High Tech Crime Unit, the Australian Federal Police, the Irish Reporting & Information Security Service, and the Police Central e-Crime Unit of the London Metropolitan Police.
Hacktivists represented only 2 to 3 percent of the attackers in the breaches covered in the study, but they were still responsible for the breach of 58 percent of the data records, says Chris Porter, a principal with the Verizon RISK team. Overall, more than 100 million records were stolen by hacktivists, according to the report, but organized crime was the most prolific attacker, accounting for 83 percent of the breaches while stealing 35 percent of the data records overall in the study.
Perhaps most telling is how this new data illustrates the shift in hacktivism over the past year from website defacements and pure distributed denial-of-service (DDoS) attacks for making a statement or disrupting websites, to inflicting damage and embarrassment on the organization and its members and affiliates by doxing their emails, passwords, or other sensitive information. This was a new trend last year in hacktivism. Weve had these attacks all the time, but they typically dont steal data, Porter says. This is the new trend of [hacktivists] breaking into an organization and stealing data and trying to embarrass them. Then others can use this for fraud.
In cases where Anonymous ran rainbow tables against password files and posted them on Pastebin or shared them among others online, that left these credentials vulnerable to organized crime groups to use for their own nefarious purposes, Porter says.
Hacktivists were low in frequency compared with other data breaches we see ... especially organized crime, Porter says. Organized crime was a much higher frequency [of attacker], but we found it fascinating that hacktivists stole more data than organized crime.
And that was a major shift from previous Verizon DBIR reports, which concluded that cybercriminals looking for financial gain were the main players in breaches.
A very few were taking a lot -- that disproportion was interesting, says Amy DeCarlo, a principal analyst with Current Analysis. Certainly, with whats been happening geopolitically, its not all that surprising. But it is surprising when you think about how significant that change has been in just a year.
Just how the high-profile arrests last summer and then over the past few weeks of alleged key members of the LulzSec splinter group of Anonymous that led much of the data breaching activity from the hacktivist group last year will shape this years data breach data is unclear. I think most of the hacktivist cases we saw or our partners saw were at the beginning of the year through the summer, Verizons Porter says. There were fewer later in the year, so we may see a downward trend [in the next report]. Well have to see.
Breaches included in the report came from 36 different countries, with 70 percent originating from Eastern Europe, and less than 25 percent coming out of North America.
Nearly all (98 percent) of all attacks came from outsiders, which include organized crime, activist groups, former employees, solo hackers, and foreign government-sponsored hackers. Insider-borne attacks dropped to 4 percent last year, and business partners accounted for less than 1 percent of breaches.
Despite the data damage invoked by Anonymous and other hacktivists, organized crime groups are still king when it comes to breaches. The report found that organized crime groups have automated their attack processes and tend to target smaller organizations. They are searching the Net and looking for remote services ... this entire process has been automated end to end almost, Verizons Porter says. They find remote services and try passwords. They [go after] known, guessable credentials, and if they are successful, they log in and use an automated installation of malware like a keylogger to collect information and automatically send it outside to the organization, or email, or website or FTP it to a drop server somewhere.
Next Page: What About Cyberspies?
Sadly, 96 percent of all of the attacks were simple and didnt require advanced skills or heavy resources to pull off: Seventy-nine percent of attacks were opportunistic, according to Verizon, and 97 percent were preventable. If you take a look at the recommendations section, we pulled out a special cutout for small businesses, and their problems are fairly simple to fix, Porter says. These tips include checking administrative passwords on all point-of-sale systems and eliminating weak passwords.
[ Verizons annual breach investigations reports have consistently shown that fewer attacks exploit vulnerabilities that could have been patched. See
The Curious Case Of Unpatchable Vulnerabilities
. ]
Cyberespionage-driven targeted attacks represented only a sliver of the cases in the Verizon DBIR, although it was at its highest in the history of the DBIR, according to Verizons Porter. Only around 4 percent of breaches included theft of intellectual property. Its hard to know if intellectual property has been stolen. Our numbers are probably on the low end, he says. And its probably happening a lot more often, but organizations dont know about it ... [But] I still think organized crime by far is the highest. Its so simple and easy to do these days.
Richard Bejtlich, CSO at Mandiant, says the low percentage of targeted attacks in the DBIR is likely because the bulk of the cases came from the Secret Service and other law enforcement agencies around the world, who dont typically investigate targeted cases, but more so financially motivated attacks. At least in our country, [the police] are not working the advanced targeted cases. Those are worked by the FBI, Bejtlich says.
He points to the majority of the victim organizations in the report, which are hospitality and retail comanies, which account for 74 percent of the breaches, he estimates. And 72 percent of the victim organizations have 100 or fewer employees, he says. These are essentially small companies in hospitality and retail that are helpless, Bejtlich says. This is a nice complement to our
M Trends Report [on advanced targeted attacks]
-- we dont work any of [these cases], he says.
The Verizon report also found that 95 percent of stolen data records included personally identifiable information, such as name, contact information, and Social Security number, compared with only 1 percent of the breaches in 2010. Thats another indication of just how lucrative that information has become, according to Verizon.
In terms of methods of breach, hacking was No. 1, as the factor in 81 percent of data breaches, versus 50 percent in 2010, and in 99 percent of the data exposed. Malware was used in 69 percent of breaches, compared with 49 percent in 2010, and was employed the exposure of 95 percent of the data records.
Breach discovery is still a major problem, and likely a factor in the amount of damage. More than 90 percent of the time, victim organizations learned from third parties -- mainly law enforcement -- that they had suffered a breach, and breaches are often ongoing for months or years before the victim finds out. Nearly 40 percent of large organizations dont discover a breach for months, according to the report.
Its disappointing that it takes so long for an organization to discover that theyve had a breach, says Current Analysis DeCarlo. That shows a lack of progress. Its better the earlier [you discover it] to prevent another one and to also recover and manage the data in some way ... The horse is already out of the barn if you dont discover a breach until long afterward, she says.
And 96 percent of the victim organizations in the study were not PCI-compliant. Mandiants Bejtlich says PCI compliance in many of these cases would have gone a long way to avoid their breaches. This is a lesson for a lot of these organizations, he says.
Verizon
released a snapshot of the report data last month at the RSA Conference in San Francisco
-- specifically of data on its own breach investigations. In 90 of its 855 breach cases last year, more than 90 percent came from outsiders rather than a malicious insider or business partner, and more than 85 percent were the result of a hack. Verizon at the time did not release any hacktivist data, but hinted that it was a big factor.
The full
2012 Verizon DBIR is available here for download
(PDF).
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Anonymous Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide