Cybercriminals are shifting away from basic "smash and grab" attacks targeting stored data to more complex methods of data harvesting in transit, security research reveals.
As various application security standards and regulatory requirements such as the Payment Card Industry Data Security Standard (PCI DSS) continue to take hold, archived data is becoming less available to criminals, the report said.
Expiration dates on debit and credit cards also limit the period that payment card data is valid, so archived data is not as appealing as harvesting data in transit.
"The increased complexity of obtaining real-time data is outweighed by the increased confidence that the data captured will be usable, the report said.
According to research from Trustwave's SpiderLabs, the company's advanced security team, in 66% of investigations, attackers opted to harvest data in-transit, while stored data was only targeted 26.5% of the time.
In 7.5% of cases, attackers used multiple methods to harvest locally stored data, as well as capturing data in transit.
The researchers found that criminals are continuing to use custom or off-the-shelf malware to harvest data from target systems.
Data-harvesting malware occurred in 76% of investigations, which represents a 23% increase from 2009, according to the researchers.
There is a positive correlation between in-transit attacks and the use of malware because to capture data in transit, attackers must use malware, the report said.
That does not mean malware is limited to in-transit attacks as many of the malware samples were capable of accessing data stored on disk, the report said.
John Yeo, director of SpiderLabs EMEA, said it is imperative there is a responsible focus on security at both the organisation and individual level.
Criminals seek the path of least resistance and will take any opportunity to get hold of valuable information, he said.
"We've seen that new or poorly managed systems are low-hanging fruit when the security implications have not been fully considered," said Yeo.