While Target’s massive data breach last year caused consumers to panic and drew attention to internet crime, a new study finds breaches of retailer payment systems are less common than other kinds of attacks.
More than twice as many of last year’s internet data breaches resulted from various small online acts, including people clicking on malicious web links and choosing easy-to-guess passwords, according to a worldwide report from Verizon.
The report, considered to be one of the top annual looks at internet-related crime, includes information from 50 organisations ranging from law enforcement to security companies.
Target’s breach, one of the largest in history, resulted in the thefts of 40 million credit and debit card numbers, along with the personal information of up to 70 million people.
Other companies including fellow retailers Neiman Marcus and Michaels Stores later announced breaches to their systems.
But while such large-scale attacks grab headlines, the number of breaches of payment systems has fallen in recent years.
In 2013, there were 198 recorded breaches of payment systems, representing 14 per cent of the year’s 1,367 confirmed data breaches.
By comparison, web applications data breaches accounted for 490, or 35 per cent, and cases of online espionage covered 306 attacks, or 22 per cent.
Verizon says its numbers are not comparable with those from previous reports because its research methods and the number of contributors to the report have changed.
Wade Baker, Verizon’s managing principal of research and intelligence, said researchers saw a big increase in attacks on smaller retailers a few years ago.
But now, he says, it appears that criminals are going after major retailers that handle millions of debit and credit card numbers and leaving the smaller companies alone, even though they are easier to target.
And regardless of the type of attack and the motivation behind it, cybercrime has gone from a game to a big business.
“It’s very industrialised and very sophisticated,” he says.
“You can buy software packages that are customised.
“It’s never been easier to turn data into money.
“Those changes are what drive every big-picture trend that we see.”
Other findings in the report:
– Web application attacks continue to be popular. Those attacks generally stem from the theft of an authorised person’s credentials by cracking an easy password or users clicking a dodgy link in an email. Criminals also sometimes exploit coding flaws in a system to gain entry.
– Of last year’s recorded cyber espionage attacks, 54 per cent targeted US victims and 87 per cent involved foreign governments. In almost half the cases, the people behind the attacks were from Eastern Asia and 21 per cent from Eastern Europe.