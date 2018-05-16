|
|[April 05, 2018]
|
New Trustwave Report Depicts Evolving Cybersecurity Threat Landscape
Trustwave today released the 2018
Trustwave Global Security Report which reveals the top security
threats, breaches by industry, and cybercrime trends from 2017. The
report is derived from the analysis of billions of logged security and
compromise events worldwide, hundreds of hands-on data-beach
investigations and internal research. Findings depict improvement in
areas such as intrusion to detection however, also showed increased
sophistication in malware obfuscation, social engineering tactics, and
advanced persistent threats. In addition, this year's report marks a
historic ten-year milestone since inception and takes a special look at
how the threat landscape has prospered and evolved over the last decade.
Key highlights from the 2018
Trustwave Global Security Report include:
-
North America and retail lead in data breaches - Although
slightly down from the previous year, North America still leads in
data breaches investigated by Trustwave at 43% followed by the Asia
Pacific region at 30%, Europe, Middle East and Africa (EMEA) at 23%
and Latin America at 4%. The retail sector suffered the most breach
incidences at 16.7% followed by the finance and insurance industry at
13.1% and hospitality at 11.9%.
-
Compromise and environment type matters - Half of the
incidents investigated involved corporate and internal networks (up
from 43% in 2016) followed by e-commerce environments at 30%.
Incidents impacting point-of-sale (POS) systems decreased by more than
a third to 20% of the total. This is reflective of increased attack
sophistication and targeting of larger service providers and franchise
head offices and less on smaller high-volume targets in previous years.
-
Social engineering tops methods of compromise - In corporate
network environments, phishing and social engineering at 55% was the
leading method of compromise followed by malicious insiders at 13% and
remote access at 9%. This indicates the human factor remains the
greatest hurdle for corporate cybersecurity teams. "CEO fraud", a
social engineering scam encouraging executives to authorize fraudulent
money transactions continues to increase.
-
All web applications found to be vulnerable - One
hundred percent of web applications tested displayed at least one
vulnerability with 11 as the median number detected per application.
85.9% of web application vulnerabilities involved session management
allowing an attacker to eavesdrop on a user session to commandeer
sensitive information.
-
Web attacks becoming more targeted - Targeted web
attacks are becoming prevalent and much more sophisticated. Many
breach incidents show signs of careful preplanning by cybercriminals
probing for weak packages and tools to exploit. Cross-site scripting
(XSS) was involved in 40% of attack attempts, followed by SQL
Injection (SQLi) at 24%, Path Traversal at 7%, Local File Inclusion
(LFI) at 4%, and Distributed Denial of Service (DDoS) at 3%.
-
Malware using persistence techniques - Although 30% of malware
examined used obfuscation toavoid detection and bypass first line
defenses, 90% used persistence techniques to reload after reboot.
-
Service providers are now in the crosshairs - Of great
concern is a marked increase at 9.5% in compromises targeting
businesses that provides IT services including web-hosting providers,
POS integrators and help-desk providers. A compromise of just one
provider opens the gates to a multitude of new targets. In
2016, service provider compromises did not register in the statistics.
-
Large disparity when breaches are detected internally versus
externally - The median time between intrusion and detection for
externally detected compromises was 83 days in 2017, a stark increase
from 65 days in 2016. Median time between intrusion and detection for
compromises discovered internally however, dropped to zero days in
2017 from 16 days in 2016, meaning businesses discovered the majority
of breaches the same day they happened.
-
Payment card data is still king - Down from the previous
year, payment card data at 40% still reigns supreme in terms of data
types targeted in a breach. The figure is split between magnetic
stripe data at 22% and card-not-present (CNP) at 18%. Surprisingly,
incidents targeting hard cash is on the rise at 11% mostly due to
fraudulent ATM transaction breaches enabled by compromise of account
management systems at financial institutions.
-
Necurs keeps malware-laced spam high - Several major Necurs
botnet campaigns for propagating ransomware (including WannaCry),
banking trojans and other damaging payloads kept spam containing
malware high at 26%, down from 34.6% in 2016. Interestingly, more than
90% of spam-borne malware are delivered inside archive file such as
.zip, .7z and RAR, typically labeled as invoices or other types of
business files.
-
Database and network security, a year of critical patching -
The number of vulnerabilities patched in five of the most common
database products was 119, down from 170 in 2016. Fifty three percent
of computers with SMBv1 enabled were vulnerable to MS17-010
"ETERNALBLUE" exploits used to disseminate the WannaCry and NotPetya
ransomware attacks.
The 2018 Trustwave Global Security Report, the tenth addition of the
report, also offers a ten-year retrospective of cybersecurity trends.
Key highlights include:
-
Vulnerabilities have seen a sharp surge - After
remaining relatively level from 2008 to 2011, a marked increase in
vulnerability disclosures began in 2012 with a dramatic spike in 2017.
This is in part due to the doubling of internet users over the course
of a decade. The technically savvy, including both security
researchers and criminals, are now actively looking for
vulnerabilities with the latter selling corresponding exploits on the
dark web to make hefty profits. More vulnerabilities equate to greater
potential for exploitations.
-
Exploit kits, from boom to bust - Starting in 2006 with
Web Attacker, exploit kits for providing a means for non-technical
attackers to infect computers, saw a dramatic rise eventually evolving
into a software-as-a-service (SaaS (News - Alert)) model in 2010 with prices ranging
from $50 to $10,000 per month and flourished between 2013 and 2015. In
2016 to present, after several arrests and the disappearance of the
top three kits, the exploit kit market sits dormant. Look for
resurgence as serious players eventually surface to drive new demand
in a once lucrative market.
-
Spam on the decline - Accounting for more than 87.2% of
all incoming mail monitored by Trustwave, 2009 ranks as the worst year
for spam. After 2009, spam activity has decreased each year and
currently sits at less than 40% of all incoming email. Today, a small
number of criminal gangs using botnets to distribute malware control
most spam.
"Our 2017 threat intelligence and investigations along with a
retrospective view of the last ten years has unequivocally exposed
cybercriminals and their attacks are becoming more methodical and
organized," stated Steve Kelley, Chief Marketing Officer at Trustwave.
"As long as cybercrime remains profitable, we will continue to see
threat actors quickly evolving and adapting methods to penetrate
networks and steal data. Security is as much a 'people' issue as it is a
technology issue. To stay on par with determined adversaries,
organizations must have access to security experts who can think and
operate like an attacker while making best use of the technologies
deployed."
Trustwave experts gathered and analyzed real-world data from hundreds of
breach investigations the company conducted in 2017 across 21 countries.
This data was added to billions of security and compliance events logged
each day across the global network of Trustwave
Advanced Security Operations Centers, along with data from tens of
millions of network vulnerability scans, thousands of web application
security scans, tens of millions of web transactions, tens of billions
of email messages, millions of malicious websites, penetration tests,
telemetry from security technologies distributed across the globe and
industry-leading security research.
To download a complimentary copy of the 2018 Trustwave Global Security
Report, visit: https://www2.trustwave.com/GlobalSecurityReport.html.
