Corporate networks more of a target: Trustwave report

“Cyber criminals have been congregating and organizing for years, but 2015 showed a marked increase in the behavior we would normally associate with legitimate businesses,” said Trustwave CEO and president Robert J. McCullen.

The 2016 Trustwave Global Security Report which reveals the top cyber crime, data breach and security threat trends from 2015. The report reveals how criminals make use of malware-as-a-service, which data they target, the most common attack methods, how long it takes for businesses to detect and contain data breaches, what types of businesses criminals targeted, and where the majority of victims were located. It also reveals the most commonly used exploits, most prevalent malware families and more.

Key highlights from the 2016 Trustwave Global Security Report follow.

• Weak application security: 97 per cent of applications tested by Trustwave in 2015 had at least one vulnerability. Ten per cent of the vulnerabilities discovered were rated as critical or high risk. The median number of vulnerabilities discovered per application by the Trustwave Managed Security Testing service was 14.

• Where security incidents occur: 35 per cent of data breach investigations conducted by Trustwave occurred in North America, 21 per cent were in the Asia-Pacific Region, 12 per cent were in Europe, the Middle East and Africa, and 10 per cent were in Latin America and the Caribbean.

• Who criminals target: Retail was the most compromised industry, making up 23 per cent of Trustwave investigations, followed by hospitality at 14 per cent and food and beverage at 10 per cent.

• Shift in compromised environments: Compromises affecting corporate and internal networks increased to 40 per cent in 2015, up from 18 per cent in 2014. Thirty-eight per cent of investigations were of e-commerce breaches, compared to 42 per cent in 2014. Twenty-two percent were of point-of-sale (POS) breaches. POS compromises decreased eighteen percentage points from 2014 to 2015, making up 40 per cent of Trustwave investigations in 2014 and 33 per cent in 2013.

• Magento is a target: 85 per cent of compromised e-commerce systems used the Magento open-source platform. At least five critical Magento vulnerabilities were identified in 2015, and most of the affected systems were not fully updated with security patches.

• Data most targeted: In 60 per cent of investigations, attackers were after payment card data, split about evenly between card track (magnetic stripe) data (31 per cent of incidents), which came mainly from POS environments, and card-not-present (CNP) data (29 per cent), which mostly came from e-commerce transactions.

• Self-detection of breaches: The majority of victims, 59 per cent, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. Self-detection increased from 19 per cent in 2014 to 41 per cent in 2015. In 2015, for self-detected breaches, a median of 15 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 168 days elapsed from intrusion to containment.

• Malvertising goes mainstream: The Trustwave analysis of the RIG exploit kit, the most prominent exploit kit of 2014 and the third most prominent in 2015, shows that approximately 90 per cent of traffic to the kit originates from malicious advertisements. Even some of the largest ad networks have been misused by attackers to spread malware to unsuspecting users visiting popular websites.

• The Year of Angler: Angler, the most prevalent exploit kit of 2015, accounted for 40 per cent of exploit kit-related incidents we observed, more than twice as many as the next most prevalent kit, Nuclear. Angler was also the first exploit kit to integrate several newly disclosed exploits, including four zero-day exploits and seven “one-day” exploits, which target vulnerabilities for which patches have been released but have not yet been widely distributed.

• Shifting spam subjects: In 2014, pharmaceutical product spam made up almost three-fourths of the spam messages Trustwave analyzed. In 2015, that portion dropped dramatically, to 39 per cent, which was still enough to make it the largest share of any category. Spam related to online dating sites and adult products made a combined five-fold leap from 6 per cent in 2014 to 30 per cent in 2015. Five per cent of overall spam included a malicious attachment or link, a 1 point decrease from 2014.

Trustwave experts gathered real-world data from hundreds of breach investigations the company conducted in 2015 across 17 countries. This data was added to billions of security and compliance events logged each day across the global network of Trustwave Security Operations Centers, evaluation of email messages, analysis of web transactions, web application security scans and penetration tests, telemetry from security technologies and industry-leading security research.

Download a complimentary copy of the full 2016 Trustwave Global Security Report here.