Meanwhile, financially motivated attackers go after online banking accounts using phishing and other credential theft methods, or they exploit vulnerabilities like SQL injection and remote file inclusion in retailers' websites in order to steal payment card information.
Breaches that result from Web application attacks are usually discovered by external parties, the report data shows. In the case of financially motivated Web application breaches it's usually the customers who notice the problem first; only 9 percent of victim organizations discovered such incidents internally. In the case of ideological attacks, the situation is even worse, with 99 percent of notifications coming from external parties who notice compromised hosts belonging to the victims being used in other attacks.
Cyber-espionage was the second-most-common cause of confirmed data breaches last year, accounting for 22 percent of all such incidents covered by the report. New information sources added to the report this year might have increased the number of cyber-espionage-related breaches in the data set. But organizations have also become more aware of this type of attack and there's undoubtedly more cyber-espionage activity happening, which is reflected in Verizon's own caseload, Pratley said.
The majority of cyber-espionage attacks — 87 percent — were attributed to state-affiliated actors, but organized crime played a role too, accounting for 11 percent of incidents. The most common attack vectors for this type of breach were malicious email attachments and Web-based drive-by downloads launched from compromised legitimate websites visited by the intended targets.
The largest number of cyber-espionage-related breaches were in the public, manufacturing, professional and technical sectors since the attackers responsible were primarily interested in stealing internal corporate data, trade secrets and classified information.
Eighty-five percent of breaches that resulted from cyber-espionage attacks were discovered by external parties, not the victim organizations, and in 62 percent of cases the breach discovery took place months after the compromise.
Point-of-sale (POS) intrusions were also a significant threat and resulted in 14 percent of all breaches. However, their number has actually declined compared to previous years, in particular 2010 and 2011.
While large, well-publicized payment card data breaches involving compromised POS systems were reported over the past five months at Target and other retailers, such incidents have affected small and medium-sized businesses for years.
POS attacks are driven by financial motives and most of them can be attributed to organized criminal groups operating out of Eastern Europe, Verizon said in the report. "Such groups are very efficient at what they do; they eat POSs like yours for breakfast, then wash 'em down with a shot of vodka."
Brute forcing remote access connections and using stolen credentials remained the primary vectors for POS intrusions in 2013 according to the report, but an interesting development last year was the resurgence of RAM-scraping malware.
Sign up for Computerworld eNewsletters.