When it comes to retail, the 2013 Trustwave Global Security Report also found that classic point-of-sale attacks have been surpassed by their virtual counterpart: e-commerce attacks emerged as a growing trend during 2012, becoming the number one targeted asset and accounting for 48% of all investigations. Further, the report found that the two most noteworthy methods of intrusion – SQL injection and remote access – made up 73% of the infiltration methods used.
“Businesses should take a step back and re-evaluate their security posture,” said Robert McCullen, chairman, CEO and president of Trustwave. “All developers, particularly in the e-commerce industry, should implement a full lifecycle security plan that includes thoroughly educating themselves and their employees, equipping themselves with the best tools to protect against attacks and making sure they are using the most reliable resources for zero-day detection.”
Unfortunately, the report found there is still a long way to go when it comes to implementing best security practices. Employees themselves often leave the door open to attacks. Whether due to lack of education or policy enforcement, employees pick weak passwords, click on phishing links and share company information on social and public platforms.
For instance, out of three million user passwords analyzed, 50% of business users are still employing easily guessed passwords – the most common being, remarkably, “Password1.”
Most victim organizations still rely on third parties, customers, law enforcement or a regulatory body to notify them a breach has occurred – a worldwide security problem, Trustwave pointed out. In particular, businesses seem to be rapidly adopting an outsourced, third-party information technology operations model. A majority (63%) of investigations revealed a third party responsible for system support, development or maintenance, introduced security deficiencies easily exploited by hackers.
The results are alarming, however: about 64% of organizations attacked took more than 90 days to detect an intrusion, with the average time for detection being 210 days – 35 days longer than in 2011. Five percent took more than three years to identify the criminal activity.
Trustwave analyzed 450 global data breach investigations, more than 2,500 penetration tests, nine million web application attacks, two million network and vulnerability scans, five million malicious websites, and 20 billion e-mails, as well as extensive research and analysis of zero-day security threats to identify key trends in the threat landscape.
Attacks were discovered in 29 different countries, and the largest percentage (34.4%) originated in Romania.
Out of the 450 cases investigated in 2012, about 40 variations of malware were found. Trustwave attributed the 40 unique types of malware to six criminal groups. Three criminal teams caused the majority of credit card breaches. Russia and the US were the largest contributors when it comes to malware attacks, making up 39.4% and 19.7% of hosted malware, respectively.
Mobile malware in particular is on the rise, increasing 400% in 2012. Malware found on Android devices grew from 50,000 to more than 200,000 samples.
Spam volume shrank in 2012 but still represents 75.2% of a typical organization’s inbound email, with roughly 10% of the mails being malicious.
“Cybercriminals will never stop trying to compromise systems to obtain valuable information such as customer and private user data, corporate trade secrets and payment card information,” added McCullen. “This year’s Global Security Report pulls back the curtain revealing how breaches happen and how potential victims around the world can protect themselves so that they stay one step ahead and eliminate potential security threats. After reading this report, businesses and government agencies will be one step closer to building a comprehensive security strategy to reduce risk, protect data and safeguard their reputation.”