Survey: Information Theft A Bigger Problem than Physical Theft

Anyone who has received “notification” of funky activity on their credit card, or an urgent e-mail plea from the widow of Mobutu Sese Seko won’t be surprised to learn that information theft is a big problem.

Anyone who has received “notification” of funky activity on their credit card, or an urgent e-mail plea from the widow of Mobutu Sese Seko won’t be surprised to learn that information theft is a big problem. But a new survey out from Kroll Consulting finds that its also the biggest problem facing corporations – surpassing even the theft of physical goods. 

In its recently released Global Fraud Report, Kroll said that its poll of 800 executives  revealed that information theft was the most-reported form of fraud, with 27.3% of those surveyed reporting an incident of information theft in the previous 12 months, compared to 18% who reported information theft over the previous 12 months in 2009. By comparison, reports of theft of physical assets were a shade lower, with 27.2% of respondents having reported that within the previous 12 months. 

Kroll commissioned the survey of 800 senior executives at global firms. It was carried out by the Economist Intelligence Unit in July and August, 2010. The survey covered executives in a wide range of verticals, including financial services, retail, professional services, technology, media and so on. Around 47% were C-level executives, and a majority of respondents worked at companies with annual revenues over $500m. Around 30% came from North America, a quarter came from Europe and the Asia-Pacific region, and 11% from Latin America, Africa and the Middle East. 

Information theft was especially targeted at information-centric verticals including financial services, technology, professional services, as well as media and telecommunications, the poll found. Forty two percent of the financial services companies surveyed by Kroll reported information theft, loss or attack in the last 12 months, compared with just 24% in 2009. The number was 40% for professional services firms, up from 27% last year. 

Poorly protected information technology assets was fingered as a contributing factor to the growth of information theft as a problem. 

“Poorly defended technology is increasingly easy to exploit for fraudsters with ever more advanced tools of their own, ranging from sophisticated hacking to a simple memory stick,” the report concluded. 

Phishing attacks were a leading source of concern, with 20 percent of those surveyed listing that, as well as “increased technology use” – the so-called ‘consumerization of IT’ as the two most common elements of fraud that led to information theft.

Fears among enterprises about information theft stand to increase investments in information technology this year -with 48% of those surveyed saying they will increase their investment in security and anti fraud technology.

More worrying, especially for developing nations, however, is what companies won’t do, namely: expand operations in countries where fears of corruption, information theft or intellectual property theft are high. According to Kroll’s survey of executives, fully  33% of respondents cited fears of information theft as dissuading them from doing business in china. Concerns about intellectual property theft dissuaded 23% from doing business there. 

Kroll’s Global Fraud Report can be found online (PDF) format at


  • Anonymous on

    Newly Discovered Evasion Method For Targeted Attacks Silently Bypasses Network, Application Security IDS/IPS, firewalls, Web application firewalls are among at-risk devices for technique that lets attackers sneak inside okt 18, 2010 | 09:16 AM By Kelly Jackson Higgins DarkReading CERT-Finland has reported a newly discovered technique that evades network and security devices -- namely IDS/IPS systems, but it could also work against network firewalls and Web application firewalls -- and lets attackers sneak in and conduct targeted attacks against an enterprise network. The threat, which was discovered by researchers at Stonesoft's Helsinki labs, is based on vulnerabilities inherent in several vendors' IDS/IPS products, according to CERT-Finland, which has alerted the affected IDS/IPS vendors. The names of the vendors and their products have not been released publicly. Jussi Eronen, head of vulnerability coordination at CERT-FI, which first issued an alert on the threat on Oct. 4, will update its vulnerability alert on the threat today. Stonesoft says the attack method takes advantage of how TCP/IP handles packets. "It takes advantage of the fact that the TCP protocol allows conservative creation of packets, but liberal receiving of packets," says Matt McKinley, director of U.S. product management at Stonesoft. "There are predictable, limited ways you can evade an IPS ... packets can only be created in a few ways. We came up with a way to create packets that don't conform to rules and confuse IPSes in ways that conventional methods cannot do." McKinley says it lets the attacker work his way inside the network without being noticed. "It's a way to knock at the door until something lets you in because there's no way to detect it. It continues to knock until something lets it in," he says. "When the packet then makes it to the host, the host is designed to look only at the things it's interested in and ignore all else ... it's end to end delivery [of a malicious payload]." McKinley says the attack could also work against other network security devices, including firewalls. It would likely be used to spread a network worm akin to the Stuxnet attack or some other targeted attack, he says. "It's a way to deliver [a worm] into a network and cause any kind of harm you want," McKinley says. How difficult would it be to pull off this attack? "That's the creepy part. The impact of this is fairly simple. We feel it's well within the means of motivated hackers to do it. This is not particularly complicated," McKinley says. ICSA Labs has verified the attack and is also sounding the alarm about the risk to enterprises. Jack Walsh, intrusion detection and prevention program manager at ICSA Labs, says it could take some time for network security vendors to add protection for this attack to their products, thus leaving enterprises at risk until those patches become available. IDS/IPSes, firewalls, next-generation firewalls, and Web application firewalls are most at risk of this evasion technique, he says. Walsh says the evasion technique itself basically gives attackers a foot in the door to do their dirty work, and it can affect more than just TCP/IP protocols. "It's only after the evasion is coupled with an attack that they exploit some vulnerability," Walsh says. "The weakness that the evasions take advantage of are in the protocols, but the affected protocols aren't limited to TCP/IP. Some evasions affect higher layer application protocols as well." And protocols aren't the only thing vulnerable to this evasion technique, he says. "The standards defining the protocols suggest a certain amount of permissiveness between sending and receiving systems to ease interoperability and communication. Our need for systems to be interoperable and our need for communication between systems to be as easy as possible allow these evasions to work," Walsh says. Once inside, attackers can compromise data and steal information from enterprises, he says. And it's even possible they have been using this method already, unbeknown to victim organizations. "Given that these evasions have always existed, criminals could be using them already. If they are in use, then there would be little evidence of it," Walsh says. Some vendors might need to rearchitect their products to fix this, while others might have to patch or build in protections, Walsh says. Meanwhile, CERT-Finland's Eronen wouldn't provide details of the products known to be affected thus far or their weaknesses that allow for the attack since coordination among the vendors is still under way. "If [targeted] networks have systems that are for some reason left unpatched -- legacy systems, no supported patches available, compliance does not allow for any system modification, just to name a few possible reasons -- and IDS/IPS systems are employed as virtual patches, then these systems are particularly vulnerable to attacks using evasion techniques," he says.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.