Payment card data continues to make up the bulk of information compromised though non-payment card data was the centerpiece of 45 percent of the data thefts last year, according to the "2014 Trustwave Global Security Report."
The report's findings, based on information gathered and analyzed by the security company's experts about 691 breach investigations in 24 countries, revealed a 33 percent increase in the theft of financial credentials, PII, customer records, internal communications and other sensitive information not affiliated with payment cards. Theft of financial account credentials alone increased 22 percent.
Saying that payment card data is still in demand, “that doesn't mean other types of data are not lucrative,” Karl Sigler, Threat Intelligence Manager at Trustwave, told SCMagazine.com in Wednesday email correspondence. He noted that criminals who cast a wide net with malware “often don't get to choose their payoff” and capture user credentials, confidential documents and other “data useful for identity theft" and other cyber crimes.
"Most data has some value attached and it's just a matter for criminals to parse it out and find a buyer,” he said.
In 54 percent of the cases e-commerce was targeted and point-of-sale breaches comprised 33 percent of Trustwave's investigations. As in last year's report, the retail industry was the top target of attackers, accounting for 35 percent of attacks, followed by food and beverage at 18 percent.
The U.S. was home to the most victims (59 percent) with the U.K. ranked a distant second at 14 percent. But it seems the U.S. gave as good as it got — hosting 42 percent of the malware investigated by Trustwave, well ahead to second-ranked Russia at 13 percent and Germany at nine percent.
The bulk of malicious spam included malicious attachments (59 percent) while 41 percent included malicious links. Java applets continued to be the delivery method of choice, used in 78 percent of the exploits. The Blackhole exploit kit topped the list as the malware of choice for yet another year at 49 percent, though its prevalence was down from 60 percent in 2012, in large part due to the arrest of its creator, who goes by the name of “Paunch.”
Attackers' ploys were made easier by weak user passwords, which help them gain entrée in 31 percent of the 2013 incidents that Trustwave analyzed.