The most targeted type of asset in the report, which covered more than 200 real-life response incidents, was the software-based point of sale system. Well-known vulnerabilities in these systems make them open even to novices, according to Trustwave. The primary means of exploiting a system was via a remote access application, followed by the use of trusted internet connections, and SQL injection attacks.
In 54% of incidents, stolen data was harvested in transit, mainly using RAM-based data parsers. Keystroke loggers, network sniffers, and via credentialed malware, in which custom-developed malware is used in combination with a physical token to gain access to a system. Incidents of ATM theft using credentialed malware were documented in Eastern Europe last year.
Previously, food and beverage companies were hit the hardest by data breaches, but in 2009, hospitality companies became the most breached sector, representing 38% of the breaches. "Insecure network connections, in conjunction with poor security controls, allowed unfettered network access between the multiple properties of several hospitality companies", said Trustwave. However, results may have been skewed by the fact that many breaches stemmed from a single event. "The majority of our hospitality cases are interrelated; a single site breach resulted in attackers propagating to additional properties."
Financial institutions suffered significantly more data loss from their security breaches than companies in other sectors, according to the report.
Trustwave suggested several measures that companies can take to minimize the risk of a successful attack. Maintaining an asset inventory and decommissioning old systems, monitoring third party relationships, segmenting internal systems, encrypting data, and securing wireless systems featured among them.