“Law enforcement groups are just a lot more focused now on cybercrime than they were before,” says Nicholas J. Percoco, senior vice president of Trustwave SpiderLabs. “We know that they really started stepping up their efforts in 2010, seizing more criminal systems, making more arrests, finding more victims – and doing a lot more victim notification.”
Typically, agents invading botnet servers and other criminal computer networks discover stolen data – and they go tell the victim companies.
One might be forgiven for having missed that improvement, it was so overshadowed by bad news.
At least 58 highly publicized hacking attacks occurred in 2011, with victim organizations around the world ranging from law enforcement agencies, Fortune 500 companies, and governments, to defense agencies and military contractors, according to a Monitor tally of several studies.
Meanwhile, a global survey of 200 computer security professionals working in critical infrastructure industries warned that cyberexploits and cyberattacks on vital infrastructure are now widespread – and that the perpetrators range from cybercriminals engaged in theft or extortion to foreign governments preparing sophisticated attacks, the report says. The Stuxnet worm was last year's key example – a cyberweapon that targeted Iran's nuclear program and damaged it, and which experts say could be modified to damage other systems.