“Law enforcement groups are just a lot more focused now on cybercrime than they were before,” says Nicholas J. Percoco, senior vice president of Trustwave SpiderLabs. “We know that they really started stepping up their efforts in 2010, seizing more criminal systems, making more arrests, finding more victims – and doing a lot more victim notification.”
Typically, agents invading botnet servers and other criminal computer networks discover stolen data – and they go tell the victim companies.
One might be forgiven for having missed that improvement, it was so overshadowed by bad news.
At least 58 highly publicized hacking attacks occurred in 2011, with victim organizations around the world ranging from law enforcement agencies, Fortune 500 companies, and governments, to defense agencies and military contractors, according to a Monitor tally of several studies.
Meanwhile, a global survey of 200 computer security professionals working in critical infrastructure industries warned that cyberexploits and cyberattacks on vital infrastructure are now widespread – and that the perpetrators range from cybercriminals engaged in theft or extortion to foreign governments preparing sophisticated attacks, the report says. The Stuxnet worm was last year's key example – a cyberweapon that targeted Iran's nuclear program and damaged it, and which experts say could be modified to damage other systems.
“Hacking has become a normal business practice for some countries, because there are no penalties and no consequences for bad behavior,” James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington told the Monitor in an e-mail interview last fall. “This is a golden age for espionage.”