Just as companies diversify to grow and succeed, so, too, are data thieves. New research from security firm Trustwave shows how personal information such as customer records increasingly are on crooks’ malware radar screens.
Payment card data continues to be the prime target for data compromises, but increasingly thieves are starting to go after other types of personal and valuable data to steal, according to a new report from security firm Trustwave.
Last year, the company saw a 33 percent increase in the theft of sensitive and confidential information, such as financial credentials, internal communications, personally identifiable information and various customer records. In all, 45 percent of thefts involved non-payment data, according to the “2014 Trustwave Global Security Report.”
“We saw attackers diversifying the types of data they target,” Trustwave said in its report. “It’s not just about payment card data anymore.”
Trustwave based the findings in the 123-page report on an analysis of 691 data-breach investigations conducted last year (a 54 percent increase from 2012), along with threat intelligence from its global security operations, telemetry from security technologies and research.
Without a strong defense mechanism set up almost universally, data thieves will continue to thrive, Trustwave contents.
“A global, thriving underground provides for quick monetization of stolen data – no matter where the victim or attacker resides,” the company said in the report. “As long as criminals can make money by stealing data and selling that sensitive information on the black market, we don’t expect data compromises to subside.”
In 2013, eCommerce accounted for 54 percent of assets targeted by hackers, and point-of-sale breaches accounted for 33 percent of Trustwave’s investigations.
Weak passwords contributed to 31 percent of compromises Trustwave investigated. More than half, 59 percent, of compromised victims resided in the U.S., 14 percent in the United Kingdom and 11 percent in Australia.
Retail was the top industry compromised, accounting for 35 percent of the attacks investigated. Food and beverage ranked second at 18 percent, hospitality ranked third at 11 percent, and finance ranked fourth at 9 percent.
The median number of days from initial intrusion to detection was 87. Some 71 percent of all compromised victims did not know they were compromised, though self-detection can shorten to one day from 14 days the timeline from detection to containment when detected by a third party, Trustwave noted in its report. The median number of days from detection to containment was seven.
“Victims that identify a breach on their own detect it sooner and reduce clean-up time by two weeks,” Trustwave said. “A plan will help make your organization aware of a compromise sooner, limit its repercussions and shorten its duration.”
Among the exploits detected, 85 percent involved third-party plug-ins, including Java applets, Adobe Flash and Adobe Acrobat/Reader. “78 percent of exploits we detected took advantage of Java vulnerabilities,” Trustwave said in its report.
At 49 percent, Blackhole topped the list of most prevalent exploit kits. “However, the arrest of its creator and a lack of updates to the kit spurred a 15 percent decline in Blackhole’s prevalence,” Trustwave said. “We expect the second-most prevalent kit, Magnitude at 31 percent, to fill the gap.”
Moreover, 96 percent of applications, and 100 percent of mobile applications, Trustwave scanned harbored one of more serious security vulnerabilities. Based on attack-source IP addresses, the top three hosting countries for malware last year were the U.S., at 42 percent; Russia, at 13 percent; and Germany, at 9 percent.
“This may be a result of foreign attackers adapting to businesses blocking connections from foreign IP addresses by compromising other assets within the target country and using them as “jump servers” to launch attacks against primary targets,” Trustwave said.
In the report, Trustwave suggested a few ways to counter breach attacks, including educating staff and employees on the best security practices, enforcing strong authentication policies and practices, assessing data protections across all assets, testing system resilience to attacks, and developing and rehearsing incident response plans.
“Secure all of your data, and don’t lull yourself into a false sense of security just because you think your payment card data is protected,” Trustwave advised. “Assess your entire set of assets – from endpoint to network to application to database. Any vulnerability in any asset could lead to the exposure of data.”
Many of the multi-site breaches centered on franchise business models. As such, the information technology used must be strong, Trustwave advised. “Franchisees are often required to deploy information technology defined by the franchisor for efficiency purposes and to simplify management of those environments,” the company noted. “While a well-designed technology template can help to improve security, a poor design can result in a vulnerability present across potentially thousands of locations. If an attacker discovers and takes advantage of a flaw at one franchise, they can replicate the exploit at other locations.”