Symantec Global internet Security threat report
Despite the significant percentage of reported breaches, theft or loss accounted for only 4 percent of all identities exposed in 2009 (figure 5). this was a large decrease from 2008, when the number of identities exposed from theft or loss accounted for 66 percent of the total. this is a dramatic decrease in identities exposed; however, as was discussed in the previous version of this report, the three largest data breaches reported in 2008 resulted from lost or missing disks and exposed personal information relating to an estimated 41 million people. therefore, this decrease is primarily due to the lack of large-scale identity exposures by theft or loss as well as the large-scale increases to exposed identities due to insecure policy.
insecure policy was the second most common cause of data breaches across all sectors that could lead to identity theft in 2009, accounting for 26 percent of all incidents. A data breach is considered to be caused by insecure policy if it can be attributed to a failure to develop, implement, and/or comply with adequate security policy. this is an increase from 21 percent in 2008, when insecure policy also ranked second.
the increase in exposed identities was much more significant. insecure policy accounted for the second largest number of exposed identities in 2009, with 35 percent of the total. this is a significant increase from 2008, when insecure policy accounted for only 8 percent of exposed identities. this is primarily attributed to the breach of national Archives and records Administration data that was discussed above. that incident alone exposed 76 million identities, which is much greater than the combined exposures due to insecure policy that were reported in 2008, totaling only 6.5 million.74
the third most common cause of data breaches that could lead to identity theft in 2009 was hacking, which accounted for 15 percent of the total. A data breach is considered to be caused by hacking if data related to identity theft was exposed by attackers external to an organization gaining unauthorized access to computers or networks. Hacking also ranked third in 2008 for breaches that could facilitate identity theft, when it accounted for 17 percent of the total.
Hacking was the leading source for reported identities exposed in 2009, increasing substantially to 60 percent of the total, from 22 percent in 2008. For this discussion, Symantec considers hacking to be an intentional act with to the objective of stealing data that can be used for purposes of identity theft or other fraud. Attackers can take advantage of site-specific and Web-application vulnerabilities to gain access to networks and steal personal information. this is exemplified by the attack on the credit card payment processor, discussed above, that used malicious code to steal approximately 130 million credit card numbers. this breach is also the primary reason that hacking as a cause for reported identities exposed surged as much as it did in 2009.
Bots are programs that are covertly installed on a user’s computer to allow an attacker to remotely control the targeted computer through a communication channel, such as internet relay chat (irC), peer-to-peer (p2p), or Http. these channels allow the remote attacker to control a large number of compromised computers over a single, reliable channel in a botnet, which can then be used to launch coordinated attacks.