Security: Malware, Hacking Remain Preferred Methods of Cyber-Criminals

In the past 12 months, the majority of cyber-attackers relied primarily on two attack methods—hacking and malware—to compromise networks and steal data in 2011, according to a report by the Verizon RISK team. Different types of malware are capable of stealing information, opening backdoors, and executing commands. While social engineering is becoming popular, straight-up hacking, where attackers are bypassing controls or exploiting flaws, still remains the predominant form of cyber-crime. In 2011, just about 99 percent of all compromised data records were stolen during an incident that involved either hacking or malware, according to the preliminary Verizon 2012 "Data Breach Investigations Report." These two attack techniques remain popular since they allow the adversary to launch the operation remotely and they make for an easy gateway. Criminals also used malware and hacking in tandem, such as installing malware that opens a backdoor on the infected machine, which is then used by the attacker to remotely execute code. Or perhaps the user is infected with a keylogger, which steals log-in credentials that criminals then use. The Verizon team pulled together the 10 most common examples of malware and hacking attacks in 2011 and urged businesses and other organizations to determine if their networks may have been compromised in the same way.