Welcome!

News Feed Item

New Trustwave Report Uncovers Cybercrime Attack Targets, Victims, Motivations and Methods

2014 Trustwave Global Security Report Details Findings From Hundreds of 2013 Data Breach Investigations and Proprietary Threat Intelligence

CHICAGO, IL -- (Marketwired) -- 05/21/14 -- Trustwave today released the 2014 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2013. The report includes the type of information most targeted, industries most compromised, how criminals typically got inside, when victims identified an attack, notable malware trends and other critical components of breaches that matter to businesses. It also reveals how cybercrime is impacting different regions of the world and offers recommendations for businesses to help them fight cybercrime, protect their data and reduce security risks.

Trustwave experts gathered the data from 691 breach investigations (a 54 percent increase from 2012) across 24 countries in addition to proprietary threat intelligence gleaned from the company's five global Security Operations Centers, telemetry from security technologies and ongoing threat research. All of the data was collected and analyzed by Trustwave experts.

Data and Systems Targeted

  • While payment card data continued to top the list of the types of data compromised, the report notes that 45 percent of data thefts in 2013 involved confidential, non-payment card data -- a 33 percent increase from 2012. Non-payment card data includes other sensitive and confidential information such as financial credentials, internal communications, personally identifiable information and various types of customer records.
  • E-commerce breaches were the most rampant making up 54 percent of assets targeted. Point-of-sale (POS) breaches accounted for 33 percent of our 2013 investigations and data centers made up 10 percent. Trustwave experts expect POS and e-commerce compromises to dominate into 2014 and beyond.

Victims of Compromise

  • When ranking the top ten victim locations, the report reveals the United States overwhelmingly house the most victims at 59 percent, which was more than four times as many as the next closest victim location, the United Kingdom, at 14 percent. Australia was ranked third, at 11 percent followed by Hong Kong and India, both at two percent. Canada was ranked sixth at 1 percent, tied with New Zealand, Ireland, Belgium and Mauritius.
  • Similar to 2012, retail once again was the top industry compromised making up 35 percent of the breaches Trustwave investigated in 2013. Food and beverage ranked second at 18 percent and hospitality ranked third at 11 percent.

Intrusion Methods

Malware Everywhere

  • Criminals continued to use malware as one of the top methods for getting inside and extracting data. The top three malware-hosting countries in 2013 were the United States (42 percent), Russia (13 percent) and Germany (9 percent).
  • Criminals relied most on Java applets as a malware delivery method -- 78 percent of exploits Trustwave detected took advantage of Java vulnerabilities.
  • Eighty-five percent of the exploits detected in 2013 were of third party plug-ins, including Java, Adobe Flash and Acrobat Reader.
  • Overall spam made up 70 percent of inbound mail, however malicious spam dropped five percent in 2013. Fifty-nine percent of malicious spam included malicious attachments and 41 percent included malicious links.

User Accidents

  • Unbeknownst to them, employees and individual users often open the door to criminals by using easily-guessable passwords. Trustwave experts found weak passwords led to an initial intrusion in 31 percent of compromises.
  • In December 2013, security researchers at Trustwave discovered a Pony botnet instance that compromised approximately two million accounts for popular websites. When analyzing those compromised credentials, Trustwave found that "123456" topped the list of the most commonly used password followed by "123456789," "1234" and then "password." Nearly 25 percent of the usernames had passwords stored for multiple sites.

Application Vulnerabilities

  • 96 percent of applications scanned by Trustwave in 2013 harbored one or more serious security vulnerabilities. The finding demonstrates the need for more application security testing during the development, production and active phases.

Detecting a Compromise

  • Trustwave experts found that self-detection continued to be low with 71 percent of compromised victims not detecting breaches themselves. However, the data also demonstrates how critical self-detection is improving the timeline to containment and therefore limiting the overall damage. For example, the median number of days it took organizations that self-detected a breach to contain the breach was one day whereas it took organizations 14 days to contain the breach when it was detected by a third party.
  • The report also reveals the median number of days from initial intrusion to detection was 87 and the median number of days from detection to containment was seven. Upon discovery of a breach, 67 percent of victims were able to contain it within 10 days. From 2012 to 2013, there was a decrease in the amount of time an organization took to contain a breach. In half of the compromises investigated by Trustwave, the victim contained the breach within four months of the initial intrusion.

"Security is a process that involves foresight, manpower, advanced skillsets, threat intelligence and technologies. If businesses are not fully equipped with all of these components, they are only increasing their chances of being the next data breach victim," said Robert J. McCullen, Chairman and Chief Executive Officer at Trustwave. "As we have seen in our investigations, breaches are going to happen. However, the more information businesses can arm themselves with regarding who are their potential attackers, what those criminals are after and how their team will identify, react and remediate a breach if it does occur, is key to protecting their data, users and overall business."

Action Plan
The 2014 Trustwave Global Security Report recommends businesses implement the following action plan:

1. Protect users from themselves: Educate employees on best security practices, including strong password creation and awareness of social engineering techniques like phishing. Invest in gateway security technologies as a fallback to automate protection from threats such as zero-day vulnerabilities, targeted malware and malicious email.
2. Annihilate weak passwords: Implement and enforce strong authentication policies. Thirty percent of the time, an attacker gains access because of a weak password. Strong passwords -- consisting of a minimum of seven characters and a combination of upper and lower case letters, symbols and numbers -- play a vital role in helping prevent a breach. Even better are passphrases that include eight to 10 words that make up a sentence that only the user knows. Businesses should also deploy two-factor authentication for employees who access the network. This forces users to verify their identity with information other than simply their username and password, like a unique code sent to a user's mobile phone.
3. Protect the rest: Secure all of your data, and don't lull yourself into a false sense of security just because you think your payment card data is protected. Assess your entire set of assets -- from endpoint to network to application to database. Any vulnerability in any asset could lead to the exposure of data. Combine ongoing testing and scanning of these assets to identify and fix flaws before an attacker can take advantage of them.
4. Model the Threat: Model the threat and test your systems' resilience to it with penetration testing. Pitting a security expert against your network hosts, applications and databases applies a real-world attacker's perspective to your systems (a threat model). A penetration test transcends merely identifying vulnerabilities by demonstrating how an attacker can take advantage of them and expose data.
5. Plan your response: Develop, institute and rehearse an incident response plan. Identify what sorts of events or indicators of compromise will trigger your incident response plan. A plan will help make your organization aware of a compromise sooner, limit its repercussions and shorten its duration.

Download a complimentary copy of the full 2014 Trustwave Global Security Report here.

About Trustwave
Trustwave helps businesses fight cybercrime, protect data and reduce security risks. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs while safely embracing business imperatives including big data, BYOD and social media. More than two million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.

Follow Trustwave on Twitter at www.twitter.com/Trustwave, on Facebook at www.facebook.com/Trustwave, and on LinkedIn at www.linkedin.com/company/trustwave. All trademarks used herein remain the property of their respective owners. Their use does not indicate or imply a relationship between Trustwave and the owners of such trademarks.

Media Contact:
Abby Ross
Trustwave
(312)-873-7648
[email protected]

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Digital transformation has increased the pace of business creating a productivity divide between the technology haves and have nots. Managing financial information on spreadsheets and piecing together insight from numerous disconnected systems is no longer an option. Rapid market changes and aggressive competition are motivating business leaders to reevaluate legacy technology investments in search of modern technologies to achieve greater agility, reduced costs and organizational efficiencies. ...
In this presentation, you will learn first hand what works and what doesn't while architecting and deploying OpenStack. Some of the topics will include:- best practices for creating repeatable deployments of OpenStack- multi-site considerations- how to customize OpenStack to integrate with your existing systems and security best practices.
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
It is ironic, but perhaps not unexpected, that many organizations who want the benefits of using an Agile approach to deliver software use a waterfall approach to adopting Agile practices: they form plans, they set milestones, and they measure progress by how many teams they have engaged. Old habits die hard, but like most waterfall software projects, most waterfall-style Agile adoption efforts fail to produce the results desired. The problem is that to get the results they want, they have to ch...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
For far too long technology teams have lived in siloes. Not only physical siloes, but cultural siloes pushed by competing objectives. This includes informational siloes where business users require one set of data and tech teams require different data. DevOps intends to bridge these gaps to make tech driven operations more aligned and efficient.
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
HyperConvergence came to market with the objective of being simple, flexible and to help drive down operating expenses. It reduced the footprint by bundling the compute/storage/network into one box. This brought a new set of challenges as the HyperConverged vendors are very focused on their own proprietary building blocks. If you want to scale in a certain way, let's say you identified a need for more storage and want to add a device that is not sold by the HyperConverged vendor, forget about it...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.