Skip to main content

Web apps targeted by hackers amid 2013 cyber-espionage rise

Point-of-sale intrusions, cyber-espionage and attacks on web applications were the biggest threats to IT security in 2013, a Verizon report has revealed.

The majority of the attacks were financially motivated, while cyber-espionage, carried out by rogue hacking groups, is on the rise.

Read more: State sponsored hackers targeting journalists

Verizon's report covered 1,367 breaches, as well as 63,437 incidents, that put a company's assets at risk. Victims from 95 countries were included, comprised law enforcement agencies, CERT teams, security companies and others.

Finance suffered the most in terms of confirmed breaches with 465, followed by the public sector (175), retail (148) and accommodation (137).

The use of stolen credentials ranks highest among the methods used by hackers in 2013, with 422 confirmed breaches. Behind that malware-based data mining, the use of RAM scrapers and backdoor software made up the rest.

35 per cent of all breaches which resulted in data disclosure were web application attacks, fuelled by either ideological or financial motives.

Ideological hackers, like the Syrian Electronic Army, tend to compromise the entire platform of an application, rather than dig for sensitive data. Conversely, financial hackers targeted bank accounts using phishing software.

Read more: Hackers use fake MH370 rescue story to spread malware

The data, says Verizon, indicates that hackers are becoming better and faster at compromising their targets. On the other hand, firms are beginning to discover breaches themselves, rather than having them pointed out by third-party companies.

"A lot of attackers simply look for vulnerable victims on the Internet and deploy automated attacks," said Paul Pratley, an investigations manager with the RISK Team at Verizon. "It can be a really long time [before] an organisation discovers [a breach] - that's something we'd really like to see change."