Threat Management, Network Security

Cybercrime evolving into more of a genuine business, Trustwave report

There's good news and bad news in the world of cybersecurity, according to a report released on Tuesday.

The "2017 Trustwave Global Security Report" [registration required] examines trends over 2016 in the areas of cybercrime, data breaches and security. The era of acting defensively is over. It is time to approach cybersecurity proactively, the report stated.

The 88-page study, which compiled real-world data from hundreds of breach investigations the company conducted in 2016 across 21 countries, determined that while intrusion detection and breach containment times saw improvement, the prognosis was not so positive for other threats, particularly malvertisements, which became cheaper, and malicious spam, which rose in volume.

The median number of days from an intrusion to detection of a compromise saw a drop to 49 days in 2016 from 80.5 days in 2015, the study determined. And, once detected, targeted organizations contained breaches relatively quickly.

However, intrusion containment remained stagnant with negligible movement from last year's figures.

As far as the landscape on data breaches, North America led in data breaches, with nearly half (49%) of data breaches under study by Trustwave occurring in North America, while 21% were in Asia-Pacific, 20% in Europe, Middle East and Africa, and 10% in Latin America. The retail industry was the hardest sector hit, with 22% of incidents, followed closely by the food and beverage industry, at nearly 20%.

The study also detected a big rise in POS breaches, with attacks on corporate and internal networks rising from 22% in 2015 to 31% in 2016. Again, most attacks affected North American enterprises, with Trustwave positing that the figure was owing to the fact that EMV payment card adoption has lagged in this region behind the rest of the world.

And, not surprisingly, cyberthieves are after payment card data: More than half of the incidents investigated targeted payment card data – card track (aka magnetic stripe) data, at 33% of incidents, primarily came from POS environments. Card-not-present (CNP) data, at 30%, mostly came from e-commerce transactions. Financial credentials, including account names and passwords for banks and other financial institutions, accounted for 18% of incidents, followed by other targets.

Another key trend the researchers observed was a decrease in the price for malvertisements: In 2016, the estimated cost for cybercriminals to infect 1,000 vulnerable computers with malvertisements was only $5 -- less than $.01 per vulnerable machine. Malicious advertising remains the number one source of traffic to exploit kit landing pages.

"It appears companies are starting to take security more seriously with the median number of days from intrusion to detection decreasing from 80.5 days in 2015 to 49 days in 2016," Brian Hussey, VP of cyber threat detection and response at Trustwave's SpiderLabs, told SC Media on Tuesday. "While promising, it is just a start. The world is changing rapidly, and cybercriminals are adapting to it more quickly than legitimate organizations in some cases."

The most significant report findings, Hussey added, are related to the number of zero-day vulnerabilities exploited in the wild targeted at Adobe Flash Player, Microsoft Internet Explorer and Microsoft Silverlight. "Applications are also more vulnerable than ever with nearly 100% of all tested applications displaying at least one vulnerability." 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.