IBM LOGO

The number of cyber attacks against U.S. retailers dropped 50 percent in 2014, but the increasing sophistication and efficiency of the attacks kept the number of records stolen near record levels, according to findings released yesterday by IBM.

IBM’s research shows attackers obtained more than 61 million records in 2014. That represents a decrease from 73 million stolen records a year earlier, when the massive attack on Target took place. However, IBM says that if you exclude incidents involving more than 10 million stolen records — which also removes last year’s attack against The Home Depot — the number of compromised records actually increased 43 percent in 2014.

IBM said new techniques are allowing hackers to acquire massive amounts of confidential data with increased efficiency. This has allowed cyber criminals to impact a greater number of victims with each attack. In 2014, the primary mode of attack was unauthorized access via Secure Shell Brute Force. The majority of retail incidents, totaling nearly 6,000 in 2014, involved Command Injection or SQL Injection. Additional methods included BlackPOS, Dexter, vSkimmer, Alina and Citadel.

The two biggest shopping days of the year — Black Friday and Cyber Monday — produced fewer attacks in 2014 than in years past. Between Nov. 24 and Dec. 5, the number of daily cyber attacks was 3,043, approximately one third less than the 4,200 daily breaches during the same period in 2013. In addition, on Cyber Monday and Black Friday, cyber breaches dropped by 50 percent in 2014. Finally, over the same time period in 2013, close to 4 million records were compromised thanks in part to several large breaches, whereas in 2014 there were just over 72,000 records compromised.

“The threat from organized cyber crime rings remains the largest security challenge for retailers,” Kris Lovejoy of IBM Security Services said in a statement. “It is imperative that security leaders and CISOs in particular, use their growing influence to ensure they have the right people, processes and technology in place to take on these growing threats.”

The data for the number of records compromised and breaches disclosed was analyzed by IBM security experts and was made publically available by Privacy Rights Clearinghouse. The remaining data came from IBM’s Managed Security services team.

The 2014 Retail Research and Intelligence Report and the Holiday Trends: Black Friday/Cyber Monday Research and Intelligence Report were created by IBM’s Managed Security Services team of analysts, who monitor more than 20 billion security incidents every day. For more information, go to www.ibm.com/security.

[ image courtesy of IBM ]