New Trustwave Report Uncovers Cybercrime Attack Targets, Victims, Motivations and Methods
2014 Trustwave Global Security Report Details Findings from Hundreds of 2013 Data Breach Investigations and Proprietary Threat Intelligence
Trustwave experts gathered the data from 691 breach investigations (a 54 percent increase from 2012) across 24 countries in addition to proprietary threat intelligence gleaned from the company’s five global Security Operations Centers, telemetry from security technologies and ongoing threat research. All of the data was collected and analyzed by Trustwave experts.
Data and Systems Targeted
· While payment card data continued to top the list of the types of data compromised, the report notes that 45 percent of data thefts in 2013 involved confidential, non-payment card data—a 33 percent increase from 2012. Non-payment card data includes other sensitive and confidential information such as financial credentials, internal communications, personally identifiable information and various types of customer records.
· E-commerce breaches were the most rampant making up 54 percent of assets targeted. Point-of-sale (POS) breaches accounted for 33 percent of our 2013 investigations and data centers made up 10 percent. Trustwave experts expect POS and e-commerce compromises to dominate into 2014 and beyond.
Victims of Compromise
· When ranking the top ten victim locations, the report reveals the United States overwhelmingly house the most victims at 59 percent, which was more than four times as many as the next closest victim location, the United Kingdom, at 14 percent. Australia was ranked third, at 11 percent followed by Hong Kong and India, both at two percent. Canada was ranked sixth at 1 percent, tied with New Zealand, Ireland, Belgium and Mauritius.
· Similar to 2012, retail once again was the top industry compromised making up 35 percent of the breaches Trustwave investigated in 2013. Food and beverage ranked second at 18 percent and hospitality ranked third at 11 percent.
· Criminals continued to use malware as one of the top methods for getting inside and extracting data. The top three malware-hosting countries in 2013 were the United States (42 percent), Russia (13 percent) and Germany (9 percent).
· Criminals relied most on Java applets as a malware delivery method—78 percent of exploits Trustwave detected took advantage of Java vulnerabilities.
· Eighty-five percent of the exploits detected in 2013 were of third party plug-ins, including Java, Adobe Flash and Acrobat Reader.
· Overall spam made up 70 percent of inbound mail, however malicious spam dropped five percent in 2013. Fifty-nine percent of malicious spam included malicious attachments and 41 percent included malicious links.
· Unbeknownst to them, employees and individual users often open the door to criminals by using easily-guessable passwords. Trustwave experts found weak passwords led to an initial intrusion in 31 percent of compromises.
· In December 2013, security researchers at Trustwave discovered a Pony botnet instance that compromised approximately two million accounts for popular websites.When analyzing those compromised credentials, Trustwave found that “123456” topped the list of the most commonly used password followed by “123456789,”
· 96 percent of applications scanned by Trustwave in 2013 harbored one or more serious security vulnerabilities. The finding demonstrates the need for more application security testing during the development, production and active phases.
Detecting a Compromise
· Trustwave experts found that self-detection continued to be low with 71 percent of compromised victims not detecting breaches themselves. However, the data also demonstrates how critical self-detection is improving the timeline to containment and therefore limiting the overall damage. For example, the median number of days it took organizations that self-detected a breach to contain the breach was one day whereas it took organizations 14 days to contain the breach when it was detected by a third party.
· The report also reveals the median number of days from initial intrusion to detection was 87 and the median number of days from detection to containment was seven. Upon discovery of a breach, 67 percent of victims were able to contain it within 10 days. From 2012 to 2013, there was a decrease in the amount of time an organization took to contain a breach. In half of the compromises investigated by Trustwave, the victim contained the breach within four months of the initial intrusion.
“Security is a process that involves foresight, manpower, advanced skillsets, threat intelligence and technologies. If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim,” said Robert J. McCullen, Chairman and Chief Executive Officer at Trustwave. “As we have seen in our investigations, breaches are going to happen. However, the more information businesses can arm themselves with regarding who are their potential attackers, what those criminals are after and how their team will identify, react and remediate a breach if it does occur, is key to protecting their data, users and overall business.”
Download a complimentary copy of the full 2014 Trustwave Global Security Report here (https://www2.trustwave.com/