Don't buy it
Can see the bias here. Phishing, DDoS and Insiders, as well as exploiting the mistake of providers placing emphasis more on third parties, which is a direct entry point for interference with data via humans by no means makes dumb hacker smarter.
SQL injection and XSS requires an element of insider knowledge unless it is utterly poorly written. The article gives no context on to how that intelligence is gathered.
This article is designed to increase the profile of the everyday hacker which are the information source for theregister.co.uk and the black hats are not sophisticated no matter what deals are done.
It seems quite obvious does it not?