Category: Statistics

The market is saturated with credit card data stolen from large payment processors and retailers. Criminals in Florida used magnetic strip encoding machines to put the info on fake credit cards they manufactured. One zealous “carder” bought $18,000 of gift cards from several Wal-Mart stores in one day.

Verizon’s report says the present target is PINs. In other words, thieves are stealing the data that allows criminals to create ATM cards and thus drain money directly from accounts. While Verizon cannot reveal the names of their customers the most dramatic use of stolen PINs ever was when data stolen from RBS WorldPay, an Atlanta based payment processor and card issuer. These PINs were used to forge ATM cards that were then used to withdraw $9 million from 130 ATMs in 49 cities around the world in a single day in November of 2008.

It may have been true, before the rise of the cyber crime economy of today, that insiders were responsible for most breaches but thanks to the continuing success of data thieves, that is no longer the case.

http://www.cioupdate.com/features/article.php/3819101/The-New-Face-of-Cybercrime-Revealed.htm

And while cases of threats and illegal access increased by 90 percent and 20 percent, respectively, between 2007 and 2008, Ben-Itzhak says that fraud decreased by 0.3 percent.

The most recent FBI Internet Crime Complaint Center statistics bares the closest equivalent to the Japanese figures.

http://www.thewhir.com/web-hosting-news/022709_Japan_Cybercrime_Grows_by_15.5_Percent

It studied the impact of data security breaches on Maine banks and credit unions.

More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report.

The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers. Communication to customers cost nearly $28,000, some banks and credit unions reported. Investigation expenses were as high as $21,000 for some banks.

Shostack said the rising costs associated with data breach could lead banks and merchants to find alternative payment methods. “What this means for business is that the process of data collection and analysis is starting to produce something better than ‘accepted practice,'” Shostack said.

The Ponemon Institute, which puts out an annual data breach cost report, found that the total average cost of a data breach grew to $197 per compromised record. Ponemon cautioned that the costs listed in the report are only those associated with financial institutions and don’t reflect the total costs incurred by Hannaford’s, victims, and other organizations.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1345455,00.html

More specifically, half of the IT managers said that outsourcing was a high or very high security risk to their organizations today and in the next one to two years; 44 percent also pointed to data breaches as a comparable risk today, while 40 percent expect them to be so in the next one to two years.

Security professionals, meanwhile, ranked data breaches and cybercrime higher: Sixty-six percent consider data breaches high or very high risks today, while 65 percent rank them as such for the next year to two years.

“We see a big disconnect between IT and security in their thoughts about data breaches and how risky that is to a business,” says Pat Clawson, CEO of Lumension.

While 92 percent of security professionals say their organizations had suffered a cyberattack, only 55 percent of IT staffers said the same, while 32 percent said they were uncertain. Interestingly, both IT and security departments don’t rate virtualization as high risk.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=W4TNO0P1S4NS2QSNDLRSKH0CJUNN2JVN?articleID=212300005

If the sellers were able to sell everything they were offering, the amount would reach more than $275 million. Factoring in the emptying of victims’ accounts and maxing out credit cards, the potential worth of credit card information and bank credentials for sale would be $7 billion, the report estimates.

The report also studied trends in software piracy, with researchers monitoring those sales between July and September of this year. The most pirated software was found to be desktop games, followed by utility applications and then multimedia software, such as photo editors, 3D animation, and HTML editors.

The U.S. was home to most of the underground economy servers (41 percent) followed by Romania (13 percent) and North America had the largest number of underground economy servers. Meanwhile, cybercriminals in Russia and Eastern Europe appear to be more organized than their counterparts in the North America who are “often made up of acquaintances who have met in online forums and/or IRC channels,” the report says.

http://news.cnet.com/8301-1009_3-10105963-83.html

The surveys were conducted of more than 2,000 employees and IT professionals in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil.

The study found that the majority of employees believe their companies’ IT security policies are unfair. Indeed, surveyed employees said the top reason for non-compliance is the belief that policies do not align with the reality of what they need to do their jobs, according to Cisco.

The study found that the majority of employees in eight of 10 countries felt their company’s policies were unfair. Only employees in Germany and the United States did not agree. IT believes employees defy policies for a variety of reasons, from failing to grasp the magnitude of security risks to apathy; employees say they break them because they do not align with the ability to do their jobs. The largest gaps — 31% — were in the United States, Brazil and Italy.

http://www.itworld.com/security/56874/cisco-study-it-security-policies-unfair