Hackers are also diversifying their targets, capitalizing on the weak defenses of corporate systems.
Hackers are no longer just interested in credit card information, said Steven Cavey, director of corporate development at Ground Labs, which develops tools for organizations to flag spots in their networks where sensitive data may be stored insecurely. "Now it's about stealing as much personal information that they can get their hands on."
Cavey said he's heard of stolen personal information being used to obtain money from a variety of companies that offer quick, so-called payday loans over the Web. The fraudster's goal is to provide the loan company with as much information as possible to look legitimate and evade risk controls.
Trying to blackmail data-theft victims is another way to make cash. But it's unlikely that large companies such as Sony Pictures would pay a group of hackers not to release data. There's no guarantee that the hackers wouldn't come back with more demands later.
One scam that has resulted in payoffs involves encrypting an organization's data and demanding a ransom. Ransomware has been around for as long as a decade, but the fraud continues due to its success. Computers are infected with malware, which sets to work encrypting files on hard drives.
The only real defense against ransomware such as Cryptolocker is to ensure that data is backed up. Otherwise, it could cost around $500 per computer, payable in bitcoin, to get the decryption key from hackers. In some cases, hackers haven't bothered supplying the decryption key after they've been paid, adding to victims' frustration.
For the near future, Holden says he's seeing increasing interest in the travel industry, with scammers stealing air miles and other loyalty-oriented rewards.
The travel industry is "very loosely controlled," Holden said. Some fraudsters have already created fake travel agencies, he said. Victims who stumble across those agencies divulge lots of personal information, credit card numbers and loyalty card accounts.
Loyalty miles and points can be cashed out in a variety of ways. The points can be redeemed for items offered through the program, or can be transferred to gift cards, according to a screenshot from a vendor on an underground forum found by IntelCrawler.
Depending on the airline, reward accounts are updated between two to 30 days, the forum posting notes. This gives hackers ample time to redeem stolen points.
Sign up for Computerworld eNewsletters.