The attack is a shift in the traditional targets of hackers, which has largely been focused on stealing personal data. Based on UWCISA's review of public news sources from , we recently analyzed data from cyber attacks based on a review of public new sources from 2010 to 2016 (unless otherwise stated) we found the following:
- Personal data stolen at higher rate than financial data: Of the breaches analyzed, about 33% of attacks related to stealing financial data. In contrast, approximately 53.5% pertained to stealing personal data.
- What does the data say? Hackers want to go phishing: When analyzing the different data elements (from 2010 to 2014), 35% of elements stolen could be potentially used by hackers to conduct further phishing and spear-phishing attacks. Of these, 13% relate to user credentials (username + password), while the balance fields includes things such as email, name, address, and social security numbers. This is not to say hackers don't want financial data - approximately 11% of the data elements related to things such as debit/credit cards and even intellectual property.
- Malware is attack vector of choice: Malware represented 21% of the attack vectors used, while SQL injection was the next favourite at 11% and phishing and spear -phishing was third at 6%.
- Industry trends: In terms of industry, software publishers (8%), hotels (5%) and AV equipment manufacturers (~4%) and limited service restaurants (3.5%) were the top of the list . However, this compares to an average attack of 1% by industry (when excluding attacks that were not attributed to an industry).