Attacks are getting fiercer and attackers more sophisticated and organized, according to the "2016 Trustwave Global Security Report," released this week.
The 90-page study examined top cybercrime and data breach activity from 2015 and detected some alarming security threat trends, particularly how miscreants employ malware-as-a-service, the most commonly used exploits, the data they go after and their top attack methods. It also examined the consequences, such as how companies respond.
With the potential for huge profits from cybercrime a seductive lure for more and more coders, there's no question, the study found, that the sector has evolved into a business. "The biggest cybercrime operations are essentially computer software and services companies, albeit illicit ones," the study said.
Easily purchased on underground markets, tool kits are readily available to exploit vulnerabilities. Where once these kits were sold as software packages, the malware vendors are keeping up with the times and turning to the cloud. And, their wares are being marketed and sold much as any legitimate commodity: with money back guarantees and malware-as-a-service amenities that include access to servers maintained with the latest exploits by the kit makers themselves.
And which sector was most highly targeted? Retail, the Trustwave study found, making up nearly a quarter of investigations carried out by the Chicago-based vendor. The hospitality industry followed at 14 percent and food and beverage at 10 percent.
The primary reason attackers are able to get into systems is weak application security, with 97 percent of applications tested by the company open to attack via at least one vulnerability, the researchers found. Ten percent of those were rated as critical or high risk.
The majority of compromises, 13 percent, were owing to insecure remote access software and policies, the study found, followed by SQL injection and general misconfiguration issues, at 12 percent each.
Not surprisingly, the treasure that attackers go after most often is data. In 60 percent of investigations, criminals targeted payment card data, split about evenly between card track (magnetic stripe) data (31 percent of incidents), which came mainly from POS environments, and card-not-present (CNP) data (29 percent), which mostly came from e-commerce transactions.
Calling it the Year of Angler, the Trustwave researchers found the Angler exploit kit to be dominant, accounting for 40 percent of incidents involving exploit kits, more than twice as many as the next most prevalent kit, Nuclear. And in a clear demonstration of the increasing sophistication of attackers, two techniques – Diffie-Hellman key exchange and domain shadowing – were incorporated into the most popular exploit kits in 2015 in an effort to disguise their traffic and presence from security researchers, the study found.
Just over a third of data breach investigations occurred in North America, 21 percent were in the Asia-Pacific region, 12 percent were in Europe, the Middle East and Africa, and 10 percent were in Latin America and the Caribbean.
But, it's not all about alarms. While the "2016 Trustwave Global Security Report" covers many different topics – from compromise statistics to malware trends to exploit kit tactics – Karl Sigler, threat intelligence manager at Trustwave, told SCMagazine.com on Wednesday that the biggest stories in the report are the bits of good news it contains.
"The percentage of spam being sent has dropped yet again from 59.7 percent in 2014 to 54.1 percent in 2015 and we're also seeing that organizations have gotten much better at detecting an attack," Sigler said. "Self-detection of compromises increased from 19 percent in 2014 to 41 percent in 2015."
To compile the report, Trustwave investigated breaches in 17 countries and evaluated tens of billions of email messages, tens of millions of web transactions, thousands of web application security scans and penetration tests, and more.
The study is available here.