o Eastern Europe, who tend to target consumer data (payment card records, PIN data, and personally identifiable information);
o East Asia, who tend to focus on botnet, staging point and scripted attacks and target whatever data they happen to cross; and
o North America, who tend to target organisations in their own country. We also see fraud spending in the same country as a key indicator to the involvement of organised crime.
• Authorities are working on collaborative efforts across jurisdictions to make it more difficult for criminals to hide across the borders of another country. When attacks are performed across a border, it makes the investigative effort significantly more complicated as there are multiple legal jurisdictions involved with differing laws and the cost of extradition can be prohibitive in many instances. One of the big advances Verizon Business has been able to make in investigative techniques is to use intelligence information from our network. The Verizon Business network encompasses almost one million route km, and therefore a lot of network traffic crosses our Internet backbone at some stage. In the past, staging point attacks (where the attacker hides behind an unrelated compromised system) have meant that hackers have been able to hide their IP address from being disclosed. Now with the netflow data from the Verizon Business network, we are able to quickly determine who has been communicating with the compromised machines (staging points) and locate the real culprit. In a recent case, Verizon Business was able to provide law enforcement with the real IP address, the attackers service provider and the attackers address (within 150m) through our geo-location database and we provide law enforcement with an aerial photo of the attacker apartment block thanks to Google Earth. We believe we are the only investigative organisation that can provide this extremely valuable intelligence to our customers and law enforcement.
What are the major surprises in these latest cyber crime findings? Why have these new trends emerged? Do these figures paint a true picture or are many data breaches still kept secret?
• There are no surprises but we see a significant shift over a 12-month period. There is a dramatic increase in sophistication and complexity in the attacks that we investigated. We are seeing more customised malware attacks that are not detectable by anti-virus.
• Almost 60 per cent of these malware attacks are not detectable by anti-virus because they are repacked, modified or custom-coded. Some examples include RAM scrappers, unallocated space scrapers and customised network sniffers.
• As well, there is big increase in hackers now hacking in their own backyard. These hackers are hacking in the same country they live in which therefore makes prosecution much easier. In the past, we used to see hackers crossing international boundaries which made arrests and prosecution difficult and complex and expensive.
Sign up for Computerworld eNewsletters.