Breaches aided by weak passwords, poor AV detection
Cyber criminals are still targeting customer data, but as larger organizations become more apt at locking down sensitive information, attackers are going after industries with franchise models, according to security firm Trustwave's annual global study.
That's what has made the food-and-beverage industry such an attractive target, with 44 percent of Trustwave's more than 300 data breach response investigations involving this market, according to the "2012 Global Security Report," released this week. That industry rated as the most targeted in 2010, as well.
Many food-and-beverage locations are owned by franchisees, but their networks all are similarly set up, which offers hackers a formulaic blueprint for fleecing a large number of victims, said Nicholas Percoco, who heads Trustwave's research arm, SpiderLabs.
"The attackers find their way in to one environment," he said. "They realize it's a brand-name that has hundreds or thousands of other locations. They spend a lot of time doing research in that one environment, build custom tools and then start compromising as many [franchises] as they can in succession. They've don't have to invest a lot of time once they've learned about one environment."
In many of the incidents that Trustwave investigated, the hackers "basically walked themselves right in" because their targets did not have strong passwords in place to protect their systems and services. For example, Trustwave found that the most frequent password used by global firms was "Password1" because it meets Microsoft Active Directory's complexity requirements.
"There will be remote access available on the internet," Percoco explained. "They'll then go and basically brute force attack those systems, and they are highly successful at that ...There's no alarms that went off, They just connected and logged in. Now they're in the environment, and you're not suspecting they're there and they're now implementing customized malware into these environments."
And if businesses were hoping that their anti-virus defenses would then kick in and detect the attack, they may want to think again. Trustwave ran the targeted malware samples they encountered against 25 of the most commonly used anti-virus and found that only 12 percent of flagged the code as malicious.
In total, 80 percent of the Trustwave probes involved incidents in which customer data was stolen, while about six percent of cases involved plundered trade secrets. Roughly 63 percent of the attacks sought to steal information in transit, while about 28 percent sought stored data.
Percoco said mega breaches seem to be a thing of the past, like when hackers stole 45.7 million credit card numbers from discount retail parent TJX. But intruders are still using similar methods to exfiltrate data.
"This would be analogous in the TJX case of someone going after all the individual stores, versus the corporate headquarters," he said.